From 72a243766f7b847e26b770d1b7f4903b11174e94 Mon Sep 17 00:00:00 2001
From: Sivan Grunberg <sivan@vitakka.co>
Date: Tue, 27 Jan 2026 17:03:36 +0200
Subject: [PATCH 1/5] docs: add session handoff for 2026-01-26

Session focused on:
- Released v0.4.8 with Gemini 3 Flash Preview
- Created demo recording plan (docs/DEMO_RECORDING_PLAN.md)
- Environment cleanup (freed 7.5GB)
- Verified pristine demo environment

Next: Execute demo recording from plan
---
 SESSION_HANDOFF_2026-01-26.md | 137 ++++++++++++++++++++++++++++++++++
 1 file changed, 137 insertions(+)
 create mode 100644 SESSION_HANDOFF_2026-01-26.md

diff --git a/SESSION_HANDOFF_2026-01-26.md b/SESSION_HANDOFF_2026-01-26.md
new file mode 100644
index 0000000..d7181f1
--- /dev/null
+++ b/SESSION_HANDOFF_2026-01-26.md
@@ -0,0 +1,137 @@
+# Session Handoff - 2026-01-26
+
+## What Was Accomplished
+
+### 1. Demo Recording Preparation
+- **Released v0.4.8 to PyPI**
+  - Updated GCP default model: `gemini-2.5-flash` → `gemini-3-flash-preview`
+  - Published to https://pypi.org/project/bedsheet/0.4.8/
+  - Git tag: v0.4.8
+  - Commits: 7324dd0, 721bb6d
+
+### 2. Documentation Updates
+- Added GCP deployment deep dive link to README.md
+- Added GCP deployment deep dive to CLAUDE.md docs table
+- Created comprehensive demo recording plan: `docs/DEMO_RECORDING_PLAN.md`
+
+### 3. Environment Cleanup (Major!)
+- Removed old editable bedsheet install (v0.4.2rc7)
+- Cleared uv cache: **freed 7.5GB**
+- Removed orphaned packages: anthropic, typer
+- Total space freed: **~7.51GB**
+
+### 4. Demo Environment Verified
+- ✅ `uvx bedsheet version` → installs v0.4.8 from PyPI
+- ✅ No local installations to conflict
+- ✅ Clean, production-ready state
+
+## Current Project State
+
+### Version
+- **PyPI**: v0.4.8 (latest)
+- **Git**: main branch at 721bb6d
+- **Tests**: 265 passing
+
+### Files Modified This Session
+1. `bedsheet/cli/main.py` - GCP model default
+2. `README.md` - Added GCP deep dive link
+3. `CLAUDE.md` - Added GCP deep dive to docs table
+4. `pyproject.toml` - Version bump to 0.4.8
+5. `CHANGELOG.md` - v0.4.8 entry
+6. `docs/DEMO_RECORDING_PLAN.md` - New comprehensive demo script
+
+### Critical Files for Next Session
+- `docs/DEMO_RECORDING_PLAN.md` - Complete 3-4 minute demo script
+- `examples/investment-advisor/` - Demo agent code
+- `examples/investment-advisor/bedsheet.yaml` - Multi-target config
+
+## Next Steps (For Recording Demo)
+
+### Pre-Recording Checklist
+```bash
+# Environment setup
+export ANTHROPIC_API_KEY=sk-ant-...
+gcloud auth login
+gcloud auth application-default login
+aws configure  # or aws-vault
+
+# Note your GCP project ID for bedsheet.yaml
+```
+
+### Demo Flow (from docs/DEMO_RECORDING_PLAN.md)
+1. **Scene 1 (30s)**: `uvx bedsheet init investment-demo --target local`
+2. **Scene 2 (30s)**: Copy agents.py, edit bedsheet.yaml for multi-target
+3. **Scene 3 (45s)**: Local deployment with debug UI
+4. **Scene 4 (45s)**: GCP deployment with ADK UI
+5. **Scene 5 (60s)**: AWS deployment with debug UI + console
+
+### Dry Run Before Recording
+Test each scene end-to-end to catch issues:
+```bash
+# Test init
+uvx bedsheet init test-demo --target local
+cd test-demo
+
+# Test local generation
+bedsheet generate --target local
+cd deploy/local && make build && make run
+
+# Test GCP generation (update project ID first!)
+bedsheet generate --target gcp
+
+# Test AWS generation
+bedsheet generate --target aws
+```
+
+## Known Issues / Gotchas
+
+### GCP
+- Must set real project ID in bedsheet.yaml (line 16)
+- Requires `gcloud auth application-default login`
+- Model will be `gemini-3-flash-preview` (new default)
+
+### AWS
+- Requires CDK bootstrap: `cdk bootstrap aws://ACCOUNT/REGION`
+- Model will be `anthropic.claude-sonnet-4-5-v2:0`
+- Native multi-agent collaboration (no delegate Lambda)
+
+### Local
+- Docker must be running
+- Debug UI at http://localhost:8000
+- Real data from Yahoo Finance + DuckDuckGo
+
+## Important Context
+
+### Why v0.4.8 Was Released
+Demo needs to show `uvx bedsheet` installing from PyPI with the correct Gemini model. Without the release, it would install v0.4.7 with the old `gemini-2.5-flash` model.
+
+### Why Environment Cleanup Mattered
+Had old v0.4.2rc7 editable install that would conflict with `uvx bedsheet`. Cleanup ensures demo shows real user experience.
+
+### Demo Recording Tool
+User plans to use **Poindeo** for screen recording.
+
+## Files to Reference
+- `docs/DEMO_RECORDING_PLAN.md` - Complete demo script
+- `docs/gcp-deployment-deep-dive.html` - GCP troubleshooting guide
+- `PROJECT_STATUS.md` - Full project history
+- `CLAUDE.md` - Development context
+
+## Commands for Quick Setup
+
+```bash
+# Verify clean state
+python -c "import bedsheet" 2>&1  # Should error
+uvx bedsheet version  # Should show 0.4.8
+
+# Start demo preparation
+cd /tmp  # or wherever you want to record
+uvx bedsheet init investment-demo --target local
+```
+
+## Session Duration
+~2 hours of work
+
+## Model Used
+- Claude Sonnet 4.5 (primary)
+- Claude Haiku 4.5 (brief model switch test)

From 7c4c255ae4593b909ce9f6d52630816d13442092 Mon Sep 17 00:00:00 2001
From: Sivan Grunberg <sivan@vitakka.co>
Date: Mon, 9 Feb 2026 21:36:40 +0200
Subject: [PATCH 2/5] feat: add Sixth Sense distributed agent communication
 module

Add PubNub-based distributed communication so agents can operate
across processes, machines, and cloud providers as true peers.

- Signal dataclass with 7 kinds (request, response, alert, heartbeat,
  claim, release, event) and compact JSON serialization (<32KB)
- SenseTransport protocol (like LLMClient/Memory) with PubNub impl
- SenseMixin adds join_network, broadcast, request/response, claim
  protocol, and on_signal handler decorator to any Agent
- SenseNetwork convenience API for managing multiple agents
- MockSenseTransport with hub pattern for testing
- 5 new event types for network observability
- Cloud monitor demo with 5 agents in separate subprocesses
- Progressive tutorial documentation matching existing doc style
- 31 new tests (296 total, zero regressions)
---
 bedsheet/__init__.py                          |   3 +-
 bedsheet/events.py                            |  51 ++
 bedsheet/sense/__init__.py                    |  17 +
 bedsheet/sense/mixin.py                       | 306 +++++++++++
 bedsheet/sense/network.py                     |  90 ++++
 bedsheet/sense/protocol.py                    |  54 ++
 bedsheet/sense/pubnub_transport.py            | 161 ++++++
 bedsheet/sense/serialization.py               |  60 +++
 bedsheet/sense/signals.py                     |  33 ++
 bedsheet/testing.py                           | 104 ++++
 docs/sixth-sense-guide.html                   | 486 +++++++++++++++++
 examples/cloud-monitor/README.md              |  46 ++
 examples/cloud-monitor/agents/__init__.py     |   0
 examples/cloud-monitor/agents/cpu_watcher.py  |  88 ++++
 .../agents/incident_commander.py              | 158 ++++++
 examples/cloud-monitor/agents/log_analyzer.py | 105 ++++
 .../cloud-monitor/agents/memory_watcher.py    |  84 +++
 .../cloud-monitor/agents/security_scanner.py  |  87 +++
 examples/cloud-monitor/pyproject.toml         |  12 +
 examples/cloud-monitor/run.py                 |  93 ++++
 pyproject.toml                                |   3 +
 tests/test_sense.py                           | 496 ++++++++++++++++++
 22 files changed, 2536 insertions(+), 1 deletion(-)
 create mode 100644 bedsheet/sense/__init__.py
 create mode 100644 bedsheet/sense/mixin.py
 create mode 100644 bedsheet/sense/network.py
 create mode 100644 bedsheet/sense/protocol.py
 create mode 100644 bedsheet/sense/pubnub_transport.py
 create mode 100644 bedsheet/sense/serialization.py
 create mode 100644 bedsheet/sense/signals.py
 create mode 100644 docs/sixth-sense-guide.html
 create mode 100644 examples/cloud-monitor/README.md
 create mode 100644 examples/cloud-monitor/agents/__init__.py
 create mode 100644 examples/cloud-monitor/agents/cpu_watcher.py
 create mode 100644 examples/cloud-monitor/agents/incident_commander.py
 create mode 100644 examples/cloud-monitor/agents/log_analyzer.py
 create mode 100644 examples/cloud-monitor/agents/memory_watcher.py
 create mode 100644 examples/cloud-monitor/agents/security_scanner.py
 create mode 100644 examples/cloud-monitor/pyproject.toml
 create mode 100644 examples/cloud-monitor/run.py
 create mode 100644 tests/test_sense.py

diff --git a/bedsheet/__init__.py b/bedsheet/__init__.py
index 7ef974a..df39a97 100644
--- a/bedsheet/__init__.py
+++ b/bedsheet/__init__.py
@@ -2,5 +2,6 @@
 from bedsheet.agent import Agent
 from bedsheet.action_group import ActionGroup
 from bedsheet.supervisor import Supervisor
+from bedsheet.sense import SenseMixin, SenseNetwork
 
-__all__ = ["Agent", "ActionGroup", "Supervisor"]
+__all__ = ["Agent", "ActionGroup", "Supervisor", "SenseMixin", "SenseNetwork"]
diff --git a/bedsheet/events.py b/bedsheet/events.py
index 423c55a..2e61fe2 100644
--- a/bedsheet/events.py
+++ b/bedsheet/events.py
@@ -89,6 +89,52 @@ class CollaboratorCompleteEvent:
     type: Literal["collaborator_complete"] = field(default="collaborator_complete", init=False)
 
 
+@dataclass
+class SignalReceivedEvent:
+    """A signal arrived from the sense network."""
+    sender: str
+    kind: str
+    channel: str
+    payload: dict[str, Any]
+    type: Literal["signal_received"] = field(default="signal_received", init=False)
+
+
+@dataclass
+class AgentConnectedEvent:
+    """A remote agent came online on the sense network."""
+    agent_id: str
+    agent_name: str
+    namespace: str
+    type: Literal["agent_connected"] = field(default="agent_connected", init=False)
+
+
+@dataclass
+class AgentDisconnectedEvent:
+    """A remote agent went offline on the sense network."""
+    agent_id: str
+    agent_name: str
+    namespace: str
+    type: Literal["agent_disconnected"] = field(default="agent_disconnected", init=False)
+
+
+@dataclass
+class RemoteDelegationEvent:
+    """A task was sent to a remote agent via the sense network."""
+    agent_name: str
+    task: str
+    correlation_id: str
+    type: Literal["remote_delegation"] = field(default="remote_delegation", init=False)
+
+
+@dataclass
+class RemoteResultEvent:
+    """A result was received from a remote agent via the sense network."""
+    agent_name: str
+    result: str
+    correlation_id: str
+    type: Literal["remote_result"] = field(default="remote_result", init=False)
+
+
 Event = Union[
     ThinkingEvent,
     TextTokenEvent,
@@ -101,4 +147,9 @@ class CollaboratorCompleteEvent:
     CollaboratorStartEvent,
     CollaboratorEvent,
     CollaboratorCompleteEvent,
+    SignalReceivedEvent,
+    AgentConnectedEvent,
+    AgentDisconnectedEvent,
+    RemoteDelegationEvent,
+    RemoteResultEvent,
 ]
diff --git a/bedsheet/sense/__init__.py b/bedsheet/sense/__init__.py
new file mode 100644
index 0000000..b6fac8b
--- /dev/null
+++ b/bedsheet/sense/__init__.py
@@ -0,0 +1,17 @@
+"""Sense - distributed agent communication for Bedsheet."""
+from bedsheet.sense.signals import Signal, SignalKind
+from bedsheet.sense.protocol import SenseTransport, AgentPresence
+from bedsheet.sense.serialization import serialize, deserialize
+from bedsheet.sense.mixin import SenseMixin
+from bedsheet.sense.network import SenseNetwork
+
+__all__ = [
+    "Signal",
+    "SignalKind",
+    "SenseTransport",
+    "AgentPresence",
+    "SenseMixin",
+    "SenseNetwork",
+    "serialize",
+    "deserialize",
+]
diff --git a/bedsheet/sense/mixin.py b/bedsheet/sense/mixin.py
new file mode 100644
index 0000000..7136411
--- /dev/null
+++ b/bedsheet/sense/mixin.py
@@ -0,0 +1,306 @@
+"""SenseMixin - gives any Agent distributed sensing capabilities."""
+import asyncio
+import logging
+from typing import Any, Callable, Awaitable
+from uuid import uuid4
+
+from bedsheet.events import (
+    CompletionEvent,
+    RemoteDelegationEvent,
+    RemoteResultEvent,
+    SignalReceivedEvent,
+)
+from bedsheet.sense.protocol import SenseTransport
+from bedsheet.sense.signals import Signal, SignalKind
+
+logger = logging.getLogger(__name__)
+
+# Type for signal handler callbacks
+SignalHandler = Callable[[Signal], Awaitable[None]]
+
+
+class SenseMixin:
+    """Mixin that adds distributed sensing to any Agent.
+
+    Usage:
+        class MyAgent(SenseMixin, Agent):
+            pass
+
+        agent = MyAgent(name="watcher", instruction="...", model_client=client)
+        await agent.join_network(transport, "cloud-ops", ["alerts", "tasks"])
+    """
+
+    def __init__(self, *args: Any, **kwargs: Any) -> None:
+        super().__init__(*args, **kwargs)
+        self._transport: SenseTransport | None = None
+        self._namespace: str = ""
+        self._signal_handlers: dict[SignalKind, list[SignalHandler]] = {}
+        self._signal_task: asyncio.Task[None] | None = None
+        self._pending_requests: dict[str, asyncio.Future[Signal]] = {}
+        self._claimed_incidents: set[str] = set()
+        self._heartbeat_task: asyncio.Task[None] | None = None
+
+    async def join_network(
+        self,
+        transport: SenseTransport,
+        namespace: str,
+        channels: list[str] | None = None,
+    ) -> None:
+        """Connect to the sense network and start listening."""
+        self._transport = transport
+        self._namespace = namespace
+
+        # Use agent's name as the network identity
+        await transport.connect(self.name, namespace)  # type: ignore[attr-defined]
+
+        # Subscribe to channels
+        if channels:
+            for ch in channels:
+                await transport.subscribe(ch)
+
+        # Subscribe to agent's direct channel
+        await transport.subscribe(self.name)  # type: ignore[attr-defined]
+
+        # Start signal processing loop
+        self._signal_task = asyncio.create_task(self._signal_loop())
+
+        # Start heartbeat
+        self._heartbeat_task = asyncio.create_task(self._heartbeat_loop())
+
+        logger.info("Agent '%s' joined network '%s'", self.name, namespace)  # type: ignore[attr-defined]
+
+    async def leave_network(self) -> None:
+        """Disconnect from the sense network."""
+        if self._heartbeat_task:
+            self._heartbeat_task.cancel()
+            self._heartbeat_task = None
+
+        if self._signal_task:
+            self._signal_task.cancel()
+            self._signal_task = None
+
+        if self._transport:
+            await self._transport.disconnect()
+            self._transport = None
+
+        logger.info("Agent '%s' left network", self.name)  # type: ignore[attr-defined]
+
+    async def broadcast(self, channel: str, signal: Signal) -> None:
+        """Send a signal to a channel."""
+        if not self._transport:
+            raise RuntimeError("Not connected to a network. Call join_network() first.")
+        await self._transport.broadcast(channel, signal)
+
+    async def send_to(self, agent_name: str, signal: Signal) -> None:
+        """Send a signal directly to another agent's channel."""
+        await self.broadcast(agent_name, signal)
+
+    async def request(
+        self,
+        agent_name: str,
+        task: str,
+        timeout: float = 30.0,
+    ) -> str:
+        """Send a request to a remote agent and wait for the response.
+
+        Returns the response payload as a string.
+        Raises TimeoutError if no response within timeout.
+        """
+        correlation_id = uuid4().hex[:12]
+
+        # Create a future to wait for the response
+        loop = asyncio.get_running_loop()
+        future: asyncio.Future[Signal] = loop.create_future()
+        self._pending_requests[correlation_id] = future
+
+        # Send the request signal
+        signal = Signal(
+            kind="request",
+            sender=self.name,  # type: ignore[attr-defined]
+            payload={"task": task},
+            correlation_id=correlation_id,
+            target=agent_name,
+        )
+        await self.send_to(agent_name, signal)
+
+        try:
+            response_signal = await asyncio.wait_for(future, timeout=timeout)
+            return response_signal.payload.get("result", "")
+        except asyncio.TimeoutError:
+            raise TimeoutError(
+                f"No response from '{agent_name}' within {timeout}s"
+            )
+        finally:
+            self._pending_requests.pop(correlation_id, None)
+
+    async def claim_incident(self, incident_id: str, channel: str = "tasks") -> bool:
+        """Attempt to claim an incident. Returns True if claim is won.
+
+        Uses a simple timestamp-based conflict resolution: earliest claim wins.
+        Waits 500ms for competing claims before declaring victory.
+        """
+        signal = Signal(
+            kind="claim",
+            sender=self.name,  # type: ignore[attr-defined]
+            payload={"incident_id": incident_id},
+            correlation_id=incident_id,
+        )
+        await self.broadcast(channel, signal)
+
+        # Wait for competing claims
+        await asyncio.sleep(0.5)
+
+        # If no one else claimed (our claim is in _claimed_incidents), we won
+        if incident_id in self._claimed_incidents:
+            return True
+
+        # We lost the claim
+        return False
+
+    async def release_incident(self, incident_id: str, channel: str = "tasks") -> None:
+        """Release a previously claimed incident."""
+        self._claimed_incidents.discard(incident_id)
+        signal = Signal(
+            kind="release",
+            sender=self.name,  # type: ignore[attr-defined]
+            payload={"incident_id": incident_id},
+        )
+        await self.broadcast(channel, signal)
+
+    def on_signal(self, kind: SignalKind) -> Callable[[SignalHandler], SignalHandler]:
+        """Decorator to register a handler for a specific signal kind."""
+        def decorator(fn: SignalHandler) -> SignalHandler:
+            if kind not in self._signal_handlers:
+                self._signal_handlers[kind] = []
+            self._signal_handlers[kind].append(fn)
+            return fn
+        return decorator
+
+    async def _signal_loop(self) -> None:
+        """Background task that processes incoming signals."""
+        if not self._transport:
+            return
+        try:
+            async for signal in self._transport.signals():
+                # Skip our own signals
+                if signal.sender == self.name:  # type: ignore[attr-defined]
+                    continue
+
+                # If targeted at another agent, skip
+                if signal.target and signal.target != self.name:  # type: ignore[attr-defined]
+                    continue
+
+                logger.debug(
+                    "Agent '%s' received %s from '%s'",
+                    self.name,  # type: ignore[attr-defined]
+                    signal.kind,
+                    signal.sender,
+                )
+
+                # Handle responses to our pending requests
+                if signal.kind == "response" and signal.correlation_id in self._pending_requests:
+                    future = self._pending_requests[signal.correlation_id]
+                    if not future.done():
+                        future.set_result(signal)
+                    continue
+
+                # Handle incoming requests by invoking the agent
+                if signal.kind == "request":
+                    asyncio.create_task(self._handle_request(signal))
+                    continue
+
+                # Handle claim conflict resolution
+                if signal.kind == "claim":
+                    self._handle_claim(signal)
+                    continue
+
+                # Handle release
+                if signal.kind == "release":
+                    incident_id = signal.payload.get("incident_id")
+                    if incident_id:
+                        self._claimed_incidents.discard(incident_id)
+                    continue
+
+                # Run registered handlers
+                handlers = self._signal_handlers.get(signal.kind, [])
+                for handler in handlers:
+                    try:
+                        await handler(signal)
+                    except Exception:
+                        logger.exception("Signal handler error for %s", signal.kind)
+
+        except asyncio.CancelledError:
+            pass
+        except Exception:
+            logger.exception("Signal loop error")
+
+    async def _handle_request(self, signal: Signal) -> None:
+        """Handle an incoming request by invoking the agent and sending back the response."""
+        task = signal.payload.get("task", "")
+        session_id = f"sense-{signal.correlation_id}"
+
+        # Collect the completion from invoke()
+        result = ""
+        try:
+            async for event in self.invoke(session_id, task):  # type: ignore[attr-defined]
+                if isinstance(event, CompletionEvent):
+                    result = event.response
+        except Exception as e:
+            result = f"Error: {e}"
+
+        # Send response back
+        response_signal = Signal(
+            kind="response",
+            sender=self.name,  # type: ignore[attr-defined]
+            payload={"result": result},
+            correlation_id=signal.correlation_id,
+            target=signal.sender,
+        )
+        await self.send_to(signal.sender, response_signal)
+
+    def _handle_claim(self, signal: Signal) -> None:
+        """Handle a competing claim signal. Earliest timestamp wins."""
+        incident_id = signal.payload.get("incident_id")
+        if not incident_id:
+            return
+
+        if incident_id in self._claimed_incidents:
+            # We already claimed this - check if their claim is earlier
+            # (they win if their timestamp is lower)
+            # Since we can't easily compare without storing our claim signal,
+            # use a simple rule: lower sender name wins ties
+            if signal.sender < self.name:  # type: ignore[attr-defined]
+                self._claimed_incidents.discard(incident_id)
+        else:
+            # We haven't claimed this, so note that someone else has
+            pass
+
+    async def _heartbeat_loop(self) -> None:
+        """Periodically broadcast heartbeat signals."""
+        try:
+            while True:
+                if self._transport:
+                    # Gather capabilities from action groups
+                    capabilities = []
+                    if hasattr(self, '_action_groups'):
+                        for group in self._action_groups:  # type: ignore[attr-defined]
+                            for action in group.get_actions():
+                                capabilities.append(action.name)
+
+                    signal = Signal(
+                        kind="heartbeat",
+                        sender=self.name,  # type: ignore[attr-defined]
+                        payload={
+                            "capabilities": capabilities,
+                            "status": "ready",
+                        },
+                    )
+                    # Broadcast to the namespace's general channel
+                    try:
+                        await self.broadcast("heartbeat", signal)
+                    except Exception:
+                        logger.debug("Heartbeat broadcast failed")
+
+                await asyncio.sleep(30)
+        except asyncio.CancelledError:
+            pass
diff --git a/bedsheet/sense/network.py b/bedsheet/sense/network.py
new file mode 100644
index 0000000..5d96d7f
--- /dev/null
+++ b/bedsheet/sense/network.py
@@ -0,0 +1,90 @@
+"""SenseNetwork - high-level API for managing a network of sense-aware agents."""
+import logging
+from typing import Any, Callable
+
+from bedsheet.sense.mixin import SenseMixin
+from bedsheet.sense.protocol import SenseTransport
+
+logger = logging.getLogger(__name__)
+
+
+class SenseNetwork:
+    """Convenience wrapper for managing multiple agents on a sense network.
+
+    Each agent gets its own transport instance. Provide either:
+    - A transport_factory callable that creates a new transport per agent, or
+    - A transport instance that has a create_peer() method (like MockSenseTransport).
+
+    Usage:
+        # With MockSenseTransport (testing)
+        network = SenseNetwork(namespace="cloud-ops", transport=MockSenseTransport())
+
+        # With PubNubTransport (production)
+        network = SenseNetwork(
+            namespace="cloud-ops",
+            transport_factory=lambda: PubNubTransport(sub_key, pub_key),
+        )
+
+        await network.add(cpu_agent, channels=["alerts", "tasks"])
+        await network.add(commander, channels=["alerts", "tasks"])
+        await network.stop()
+    """
+
+    def __init__(
+        self,
+        namespace: str,
+        transport: SenseTransport | None = None,
+        transport_factory: Callable[[], SenseTransport] | None = None,
+    ) -> None:
+        self.namespace = namespace
+        self._base_transport = transport
+        self._transport_factory = transport_factory
+        self._agents: list[SenseMixin] = []
+
+        if transport is None and transport_factory is None:
+            raise ValueError("Provide either transport or transport_factory")
+
+    def _make_transport(self) -> SenseTransport:
+        """Create a transport for a new agent."""
+        if self._transport_factory:
+            return self._transport_factory()
+        # If the transport supports create_peer(), use it
+        if hasattr(self._base_transport, "create_peer"):
+            return self._base_transport.create_peer()  # type: ignore[union-attr]
+        # Fallback: reuse the same transport (works for single-agent or separate processes)
+        return self._base_transport  # type: ignore[return-value]
+
+    async def add(
+        self,
+        agent: Any,
+        channels: list[str] | None = None,
+    ) -> None:
+        """Add an agent to the network and connect it.
+
+        The agent must be a SenseMixin (or subclass thereof).
+        """
+        if not isinstance(agent, SenseMixin):
+            raise TypeError(
+                f"Agent '{getattr(agent, 'name', agent)}' must inherit from SenseMixin. "
+                "Use: class MyAgent(SenseMixin, Agent)"
+            )
+
+        transport = self._make_transport()
+        await agent.join_network(transport, self.namespace, channels)
+        self._agents.append(agent)
+        logger.info("Added '%s' to network '%s'", agent.name, self.namespace)  # type: ignore[attr-defined]
+
+    async def stop(self) -> None:
+        """Disconnect all agents from the network."""
+        for agent in self._agents:
+            try:
+                await agent.leave_network()
+            except Exception:
+                logger.exception("Error disconnecting '%s'", agent.name)  # type: ignore[attr-defined]
+        self._agents.clear()
+        logger.info("Network '%s' stopped", self.namespace)
+
+    @property
+    def agents(self) -> list[SenseMixin]:
+        """Get all agents currently on the network."""
+        return list(self._agents)
diff --git a/bedsheet/sense/protocol.py b/bedsheet/sense/protocol.py
new file mode 100644
index 0000000..00c7084
--- /dev/null
+++ b/bedsheet/sense/protocol.py
@@ -0,0 +1,54 @@
+"""SenseTransport protocol for distributed agent communication."""
+from dataclasses import dataclass, field
+from typing import Any, AsyncIterator, Protocol, runtime_checkable
+
+from bedsheet.sense.signals import Signal
+
+
+@dataclass
+class AgentPresence:
+    """Represents a remote agent's presence on the network."""
+
+    agent_id: str
+    agent_name: str
+    namespace: str
+    capabilities: list[str] = field(default_factory=list)
+    status: str = "online"
+    metadata: dict[str, Any] = field(default_factory=dict)
+
+
+@runtime_checkable
+class SenseTransport(Protocol):
+    """Protocol for sense network transports.
+
+    Follows the same structural subtyping pattern as LLMClient and Memory.
+    Any class implementing these methods satisfies the protocol.
+    """
+
+    async def connect(self, agent_id: str, namespace: str) -> None:
+        """Connect to the network with a given agent identity."""
+        ...
+
+    async def disconnect(self) -> None:
+        """Disconnect from the network."""
+        ...
+
+    async def broadcast(self, channel: str, signal: Signal) -> None:
+        """Publish a signal to a channel."""
+        ...
+
+    async def subscribe(self, channel: str) -> None:
+        """Subscribe to a channel to receive signals."""
+        ...
+
+    async def unsubscribe(self, channel: str) -> None:
+        """Unsubscribe from a channel."""
+        ...
+
+    def signals(self) -> AsyncIterator[Signal]:
+        """Async iterator of incoming signals from subscribed channels."""
+        ...
+
+    async def get_online_agents(self, channel: str) -> list[AgentPresence]:
+        """Get agents currently present on a channel."""
+        ...
diff --git a/bedsheet/sense/pubnub_transport.py b/bedsheet/sense/pubnub_transport.py
new file mode 100644
index 0000000..629e70d
--- /dev/null
+++ b/bedsheet/sense/pubnub_transport.py
@@ -0,0 +1,161 @@
+"""PubNub implementation of SenseTransport.
+
+Bridges PubNub's threaded callbacks into asyncio via an asyncio.Queue.
+Requires: pip install pubnub>=7.0.0  (or: pip install bedsheet[sense])
+"""
+import asyncio
+import logging
+from typing import Any, AsyncIterator
+
+from bedsheet.sense.protocol import AgentPresence, SenseTransport
+from bedsheet.sense.serialization import deserialize, serialize
+from bedsheet.sense.signals import Signal
+
+try:
+    from pubnub.callbacks import SubscribeCallback
+    from pubnub.enums import PNReconnectionPolicy, PNStatusCategory
+    from pubnub.models.consumer.common import PNStatus
+    from pubnub.models.consumer.pubsub import PNMessageResult, PNPresenceEventResult
+    from pubnub.pnconfiguration import PNConfiguration
+    from pubnub.pubnub_asyncio import PubNubAsyncio
+except ImportError as e:
+    raise ImportError(
+        "PubNub transport requires the 'pubnub' package. "
+        "Install it with: pip install bedsheet[sense]"
+    ) from e
+
+logger = logging.getLogger(__name__)
+
+
+class _SignalListener(SubscribeCallback):
+    """PubNub callback that routes messages into an asyncio.Queue."""
+
+    def __init__(self, queue: asyncio.Queue[Signal], loop: asyncio.AbstractEventLoop) -> None:
+        super().__init__()
+        self._queue = queue
+        self._loop = loop
+
+    def status(self, pubnub: Any, status: PNStatus) -> None:
+        if status.category == PNStatusCategory.PNConnectedCategory:
+            logger.info("PubNub connected")
+        elif status.category == PNStatusCategory.PNReconnectedCategory:
+            logger.info("PubNub reconnected")
+        elif status.category == PNStatusCategory.PNDisconnectedCategory:
+            logger.warning("PubNub disconnected")
+
+    def message(self, pubnub: Any, message: PNMessageResult) -> None:
+        try:
+            signal = deserialize(message.message, source_channel=message.channel)
+            self._loop.call_soon_threadsafe(self._queue.put_nowait, signal)
+        except Exception:
+            logger.exception("Failed to deserialize PubNub message")
+
+    def presence(self, pubnub: Any, presence: PNPresenceEventResult) -> None:
+        if presence.event in ("join", "leave", "timeout"):
+            logger.debug(
+                "Presence %s: %s on %s", presence.event, presence.uuid, presence.channel
+            )
+
+
+class PubNubTransport:
+    """SenseTransport backed by PubNub.
+
+    Usage:
+        transport = PubNubTransport(
+            subscribe_key="sub-c-...",
+            publish_key="pub-c-...",
+        )
+        await transport.connect("agent-1", "cloud-ops")
+    """
+
+    def __init__(
+        self,
+        subscribe_key: str,
+        publish_key: str,
+        secret_key: str | None = None,
+    ) -> None:
+        self._subscribe_key = subscribe_key
+        self._publish_key = publish_key
+        self._secret_key = secret_key
+        self._pubnub: PubNubAsyncio | None = None
+        self._queue: asyncio.Queue[Signal] = asyncio.Queue()
+        self._agent_id: str = ""
+        self._namespace: str = ""
+        self._subscribed_channels: set[str] = set()
+
+    def _full_channel(self, channel: str) -> str:
+        """Expand short channel name to full namespaced channel."""
+        if channel.startswith("bedsheet."):
+            return channel
+        return f"bedsheet.{self._namespace}.{channel}"
+
+    async def connect(self, agent_id: str, namespace: str) -> None:
+        self._agent_id = agent_id
+        self._namespace = namespace
+
+        config = PNConfiguration()
+        config.subscribe_key = self._subscribe_key
+        config.publish_key = self._publish_key
+        if self._secret_key:
+            config.secret_key = self._secret_key
+        config.uuid = agent_id
+        config.reconnect_policy = PNReconnectionPolicy.EXPONENTIAL
+
+        self._pubnub = PubNubAsyncio(config)
+        loop = asyncio.get_running_loop()
+        listener = _SignalListener(self._queue, loop)
+        self._pubnub.add_listener(listener)
+
+    async def disconnect(self) -> None:
+        if self._pubnub:
+            if self._subscribed_channels:
+                self._pubnub.unsubscribe().channels(
+                    list(self._subscribed_channels)
+                ).execute()
+            self._pubnub.stop()
+            self._pubnub = None
+            self._subscribed_channels.clear()
+
+    async def broadcast(self, channel: str, signal: Signal) -> None:
+        if not self._pubnub:
+            raise RuntimeError("Not connected. Call connect() first.")
+        full_ch = self._full_channel(channel)
+        data = serialize(signal)
+        await self._pubnub.publish().channel(full_ch).message(data).future()
+
+    async def subscribe(self, channel: str) -> None:
+        if not self._pubnub:
+            raise RuntimeError("Not connected. Call connect() first.")
+        full_ch = self._full_channel(channel)
+        self._pubnub.subscribe().channels([full_ch]).with_presence().execute()
+        self._subscribed_channels.add(full_ch)
+
+    async def unsubscribe(self, channel: str) -> None:
+        if not self._pubnub:
+            return
+        full_ch = self._full_channel(channel)
+        self._pubnub.unsubscribe().channels([full_ch]).execute()
+        self._subscribed_channels.discard(full_ch)
+
+    async def signals(self) -> AsyncIterator[Signal]:
+        while True:
+            signal = await self._queue.get()
+            yield signal
+
+    async def get_online_agents(self, channel: str) -> list[AgentPresence]:
+        if not self._pubnub:
+            raise RuntimeError("Not connected. Call connect() first.")
+        full_ch = self._full_channel(channel)
+        result = await self._pubnub.here_now().channels([full_ch]).include_uuids(True).future()
+
+        agents: list[AgentPresence] = []
+        for ch_data in result.result.channels:
+            for occupant in ch_data.occupants:
+                agents.append(
+                    AgentPresence(
+                        agent_id=occupant.uuid,
+                        agent_name=occupant.uuid,
+                        namespace=self._namespace,
+                    )
+                )
+        return agents
diff --git a/bedsheet/sense/serialization.py b/bedsheet/sense/serialization.py
new file mode 100644
index 0000000..e44246f
--- /dev/null
+++ b/bedsheet/sense/serialization.py
@@ -0,0 +1,60 @@
+"""Compact JSON serialization for signals.
+
+PubNub has a 32KB message limit. We use short keys to minimize payload size
+and truncate if necessary.
+"""
+import json
+from typing import Any
+
+from bedsheet.sense.signals import Signal
+
+
+# Short keys for compact serialization
+_KEY_MAP = {
+    "kind": "k",
+    "sender": "s",
+    "payload": "p",
+    "correlation_id": "c",
+    "target": "t",
+    "timestamp": "ts",
+}
+
+_REVERSE_KEY_MAP = {v: k for k, v in _KEY_MAP.items()}
+
+MAX_MESSAGE_BYTES = 30_000  # Leave headroom under PubNub's 32KB limit
+
+
+def serialize(signal: Signal) -> dict[str, Any]:
+    """Serialize a Signal to a compact dict for transmission."""
+    data: dict[str, Any] = {
+        "k": signal.kind,
+        "s": signal.sender,
+        "ts": signal.timestamp,
+    }
+
+    if signal.payload:
+        data["p"] = signal.payload
+    if signal.correlation_id:
+        data["c"] = signal.correlation_id
+    if signal.target:
+        data["t"] = signal.target
+
+    # Check size and truncate payload if needed
+    encoded = json.dumps(data)
+    if len(encoded.encode("utf-8")) > MAX_MESSAGE_BYTES:
+        data["p"] = {"_truncated": True, "summary": str(signal.payload)[:500]}
+
+    return data
+
+
+def deserialize(data: dict[str, Any], source_channel: str | None = None) -> Signal:
+    """Deserialize a compact dict back into a Signal."""
+    return Signal(
+        kind=data["k"],
+        sender=data["s"],
+        payload=data.get("p", {}),
+        correlation_id=data.get("c", ""),
+        target=data.get("t"),
+        timestamp=data.get("ts", 0.0),
+        source_channel=source_channel,
+    )
diff --git a/bedsheet/sense/signals.py b/bedsheet/sense/signals.py
new file mode 100644
index 0000000..1b42a57
--- /dev/null
+++ b/bedsheet/sense/signals.py
@@ -0,0 +1,33 @@
+"""Signal types for inter-agent communication."""
+from dataclasses import dataclass, field
+from typing import Any, Literal
+from time import time
+from uuid import uuid4
+
+
+SignalKind = Literal[
+    "request",
+    "response",
+    "alert",
+    "heartbeat",
+    "claim",
+    "release",
+    "event",
+]
+
+
+@dataclass
+class Signal:
+    """A unit of inter-agent communication.
+
+    Signals are the messages exchanged between agents over the sense network.
+    Each signal has a kind, a sender, and an optional payload.
+    """
+
+    kind: SignalKind
+    sender: str
+    payload: dict[str, Any] = field(default_factory=dict)
+    correlation_id: str = field(default_factory=lambda: uuid4().hex[:12])
+    target: str | None = None
+    timestamp: float = field(default_factory=time)
+    source_channel: str | None = None
diff --git a/bedsheet/testing.py b/bedsheet/testing.py
index cbbe277..aa9c1e6 100644
--- a/bedsheet/testing.py
+++ b/bedsheet/testing.py
@@ -1,10 +1,13 @@
 """Testing utilities for Bedsheet Agents."""
+import asyncio
 from collections.abc import AsyncIterator
 from dataclasses import dataclass, field
 from typing import Any
 
 from bedsheet.llm.base import LLMResponse, OutputSchema, ToolCall, ToolDefinition
 from bedsheet.memory.base import Message
+from bedsheet.sense.protocol import AgentPresence
+from bedsheet.sense.signals import Signal
 
 
 @dataclass
@@ -71,3 +74,104 @@ async def chat_stream(
             stop_reason="end_turn",
             parsed_output=response.parsed_output,
         )
+
+
+class _MockSenseHub:
+    """Shared in-memory signal routing hub.
+
+    Multiple MockSenseTransport instances connect to the same hub.
+    The hub manages queues and subscriptions for all agents.
+    """
+
+    def __init__(self) -> None:
+        self.queues: dict[str, asyncio.Queue[Signal]] = {}
+        self.subscriptions: dict[str, set[str]] = {}  # channel -> set of agent_ids
+
+    async def broadcast(self, channel: str, signal: Signal) -> None:
+        subscribers = self.subscriptions.get(channel, set())
+        for agent_id in subscribers:
+            queue = self.queues.get(agent_id)
+            if queue:
+                await queue.put(signal)
+
+
+class MockSenseTransport:
+    """In-memory SenseTransport for testing.
+
+    Each agent gets its own MockSenseTransport instance that shares
+    a common _MockSenseHub for signal routing.
+
+    Usage:
+        hub = _MockSenseHub()
+        transport1 = MockSenseTransport(hub)
+        transport2 = MockSenseTransport(hub)
+        # Or use the convenience constructor:
+        transport = MockSenseTransport()  # creates its own hub
+    """
+
+    def __init__(self, hub: _MockSenseHub | None = None) -> None:
+        self._hub = hub or _MockSenseHub()
+        self._agent_id: str = ""
+        self._namespace: str = ""
+        self._connected: bool = False
+
+    @property
+    def hub(self) -> _MockSenseHub:
+        """Access the shared hub (useful for creating sibling transports)."""
+        return self._hub
+
+    def create_peer(self) -> "MockSenseTransport":
+        """Create another transport sharing the same hub."""
+        return MockSenseTransport(self._hub)
+
+    async def connect(self, agent_id: str, namespace: str) -> None:
+        self._agent_id = agent_id
+        self._namespace = namespace
+        self._hub.queues[agent_id] = asyncio.Queue()
+        self._connected = True
+
+    async def disconnect(self) -> None:
+        for channel, subscribers in self._hub.subscriptions.items():
+            subscribers.discard(self._agent_id)
+        self._hub.queues.pop(self._agent_id, None)
+        self._connected = False
+
+    async def broadcast(self, channel: str, signal: Signal) -> None:
+        full_ch = self._full_channel(channel)
+        await self._hub.broadcast(full_ch, signal)
+
+    async def subscribe(self, channel: str) -> None:
+        full_ch = self._full_channel(channel)
+        if full_ch not in self._hub.subscriptions:
+            self._hub.subscriptions[full_ch] = set()
+        self._hub.subscriptions[full_ch].add(self._agent_id)
+
+    async def unsubscribe(self, channel: str) -> None:
+        full_ch = self._full_channel(channel)
+        if full_ch in self._hub.subscriptions:
+            self._hub.subscriptions[full_ch].discard(self._agent_id)
+
+    async def signals(self) -> AsyncIterator[Signal]:
+        queue = self._hub.queues.get(self._agent_id)
+        if not queue:
+            return
+        while True:
+            signal = await queue.get()
+            yield signal
+
+    async def get_online_agents(self, channel: str) -> list[AgentPresence]:
+        full_ch = self._full_channel(channel)
+        subscribers = self._hub.subscriptions.get(full_ch, set())
+        return [
+            AgentPresence(
+                agent_id=aid,
+                agent_name=aid,
+                namespace=self._namespace,
+            )
+            for aid in subscribers
+        ]
+
+    def _full_channel(self, channel: str) -> str:
+        if channel.startswith("bedsheet."):
+            return channel
+        return f"bedsheet.{self._namespace}.{channel}"
diff --git a/docs/sixth-sense-guide.html b/docs/sixth-sense-guide.html
new file mode 100644
index 0000000..8cabd40
--- /dev/null
+++ b/docs/sixth-sense-guide.html
@@ -0,0 +1,486 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Bedsheet Agents - The Sixth Sense Guide</title>
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/github.min.css">
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/python.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/bash.min.js"></script>
+    <style>
+        :root {
+            --bg-primary: #ffffff;
+            --bg-secondary: #f6f8fa;
+            --bg-tertiary: #eef1f4;
+            --text-primary: #1f2328;
+            --text-secondary: #57606a;
+            --text-muted: #6e7781;
+            --accent-blue: #0969da;
+            --accent-green: #1a7f37;
+            --accent-purple: #8250df;
+            --accent-orange: #bf8700;
+            --accent-red: #cf222e;
+            --border-color: #d0d7de;
+            --code-bg: #f6f8fa;
+            --sidebar-width: 260px;
+        }
+
+        * { margin: 0; padding: 0; box-sizing: border-box; }
+        html { scroll-behavior: smooth; }
+
+        body {
+            font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+            background: var(--bg-primary);
+            color: var(--text-primary);
+            line-height: 1.7;
+            font-size: 16px;
+        }
+
+        .sidebar {
+            position: fixed; top: 0; left: 0;
+            width: var(--sidebar-width); height: 100vh;
+            background: var(--bg-secondary);
+            border-right: 1px solid var(--border-color);
+            overflow-y: auto; padding: 24px 0; z-index: 100;
+            display: flex; flex-direction: column;
+        }
+
+        .sidebar-header { padding: 0 20px 20px; border-bottom: 1px solid var(--border-color); margin-bottom: 16px; }
+        .sidebar-header h1 { font-size: 18px; font-weight: 700; margin-bottom: 4px; }
+        .sidebar-header .subtitle { font-size: 12px; color: var(--text-secondary); }
+        .nav-section { padding: 8px 20px; }
+        .nav-section-title { font-size: 11px; font-weight: 600; text-transform: uppercase; letter-spacing: 0.5px; color: var(--text-muted); margin-bottom: 8px; }
+        .nav-link { display: flex; align-items: center; padding: 6px 0; color: var(--text-secondary); text-decoration: none; font-size: 14px; transition: color 0.15s; }
+        .nav-link:hover { color: var(--accent-blue); }
+        .nav-link .step { display: inline-flex; align-items: center; justify-content: center; width: 20px; height: 20px; background: var(--border-color); border-radius: 50%; font-size: 11px; font-weight: 600; margin-right: 8px; color: var(--text-muted); }
+        .nav-link:hover .step { background: var(--accent-blue); color: white; }
+
+        .main-content { margin-left: var(--sidebar-width); max-width: 1000px; padding: 48px 64px; }
+        .hero { margin-bottom: 48px; }
+        .hero h1 { font-size: 42px; font-weight: 700; margin-bottom: 16px; }
+        .hero .lead { font-size: 20px; color: var(--text-secondary); margin-bottom: 24px; }
+        .hero .badge-row { display: flex; gap: 8px; flex-wrap: wrap; }
+        .badge { display: inline-block; padding: 4px 12px; border-radius: 20px; font-size: 13px; font-weight: 500; }
+        .badge-blue { background: #dbeafe; color: #1e40af; }
+        .badge-green { background: #dcfce7; color: #166534; }
+        .badge-purple { background: #f3e8ff; color: #6b21a8; }
+        .badge-orange { background: #fef3c7; color: #92400e; }
+
+        h2 { font-size: 28px; font-weight: 600; margin-top: 64px; margin-bottom: 24px; padding-bottom: 12px; border-bottom: 1px solid var(--border-color); display: flex; align-items: center; gap: 12px; }
+        h2 .step-number { display: inline-flex; align-items: center; justify-content: center; width: 36px; height: 36px; background: var(--accent-blue); color: white; border-radius: 50%; font-size: 18px; }
+        h3 { font-size: 20px; font-weight: 600; margin-top: 40px; margin-bottom: 16px; }
+        h4 { font-size: 16px; font-weight: 600; margin-top: 32px; margin-bottom: 12px; color: var(--text-secondary); }
+        p { margin-bottom: 16px; }
+
+        pre { background: var(--code-bg); border: 1px solid var(--border-color); border-radius: 8px; padding: 20px; overflow-x: auto; margin: 16px 0 24px 0; font-size: 14px; white-space: pre; }
+        code { font-family: 'JetBrains Mono', monospace; }
+        p code, li code, td code { background: var(--code-bg); padding: 2px 6px; border-radius: 4px; font-size: 0.9em; color: var(--accent-purple); }
+
+        .info-box { border-radius: 8px; padding: 16px 20px; margin: 20px 0; border-left: 4px solid; }
+        .info-box.tip { background: #f0fdf4; border-color: var(--accent-green); }
+        .info-box.note { background: #eff6ff; border-color: var(--accent-blue); }
+        .info-box.warning { background: #fefce8; border-color: var(--accent-orange); }
+        .info-box-title { font-weight: 600; margin-bottom: 8px; font-size: 14px; }
+        .tip .info-box-title { color: var(--accent-green); }
+        .note .info-box-title { color: var(--accent-blue); }
+        .warning .info-box-title { color: var(--accent-orange); }
+        .info-box p:last-child { margin-bottom: 0; }
+
+        .output { background: #1f2937; color: #e5e7eb; border-radius: 8px; padding: 16px 20px; margin: 16px 0; font-family: 'JetBrains Mono', monospace; font-size: 13px; overflow-x: auto; white-space: pre; }
+        .whats-happening { background: var(--bg-secondary); border-radius: 8px; padding: 20px; margin: 20px 0; }
+        .whats-happening h4 { margin-top: 0; color: var(--accent-purple); }
+        .whats-happening ol, .whats-happening ul { margin-left: 24px; margin-bottom: 0; }
+        .whats-happening li { margin-bottom: 8px; }
+        ul, ol { margin-left: 24px; margin-bottom: 16px; }
+        li { margin-bottom: 8px; }
+        .architecture { background: var(--bg-secondary); border-radius: 8px; padding: 20px; margin: 20px 0; font-family: 'JetBrains Mono', monospace; font-size: 13px; overflow-x: auto; white-space: pre; }
+        .feature-grid { display: grid; grid-template-columns: repeat(2, 1fr); gap: 16px; margin: 24px 0; }
+        .feature-card { background: var(--bg-secondary); border-radius: 8px; padding: 20px; border-left: 4px solid var(--accent-blue); }
+        .feature-card h4 { margin-top: 0; color: var(--accent-blue); }
+        .feature-card p { margin-bottom: 0; font-size: 14px; }
+
+        table { width: 100%; border-collapse: collapse; margin: 16px 0; }
+        th, td { padding: 10px 14px; border: 1px solid var(--border-color); text-align: left; font-size: 14px; }
+        th { background: var(--bg-secondary); font-weight: 600; }
+
+        footer { margin-top: 64px; padding-top: 32px; border-top: 1px solid var(--border-color); color: var(--text-muted); text-align: center; }
+        footer a { color: var(--accent-blue); text-decoration: none; }
+    </style>
+</head>
+<body>
+
+<nav class="sidebar">
+    <div class="sidebar-header">
+        <h1>Sixth Sense</h1>
+        <div class="subtitle">Distributed Agent Communication</div>
+    </div>
+    <div class="nav-section">
+        <div class="nav-section-title">Guide</div>
+        <a href="#overview" class="nav-link"><span class="step">1</span> Overview</a>
+        <a href="#setup" class="nav-link"><span class="step">2</span> Setup</a>
+        <a href="#first-sense-agent" class="nav-link"><span class="step">3</span> First Sense Agent</a>
+        <a href="#signals" class="nav-link"><span class="step">4</span> Signals</a>
+        <a href="#request-response" class="nav-link"><span class="step">5</span> Request/Response</a>
+        <a href="#claim-protocol" class="nav-link"><span class="step">6</span> Claim Protocol</a>
+        <a href="#sense-network" class="nav-link"><span class="step">7</span> SenseNetwork API</a>
+        <a href="#demo" class="nav-link"><span class="step">8</span> Cloud Monitor Demo</a>
+        <a href="#testing" class="nav-link"><span class="step">9</span> Testing</a>
+        <a href="#reference" class="nav-link"><span class="step">10</span> Reference</a>
+    </div>
+</nav>
+
+<main class="main-content">
+    <div class="hero">
+        <h1>The Sixth Sense</h1>
+        <p class="lead">Distributed communication for Bedsheet agents. Run agents across processes, machines, and cloud providers &mdash; they find each other and collaborate over PubNub.</p>
+        <div class="badge-row">
+            <span class="badge badge-blue">PubNub-backed</span>
+            <span class="badge badge-green">Zero infrastructure</span>
+            <span class="badge badge-purple">Real-time</span>
+            <span class="badge badge-orange">Works behind firewalls</span>
+        </div>
+    </div>
+
+    <!-- Step 1: Overview -->
+    <h2 id="overview"><span class="step-number">1</span> Overview</h2>
+
+    <p>Bedsheet's Supervisor pattern works great when all agents run in a single Python process. But what if your agents need to run on different machines, behind different firewalls, or even on different cloud providers?</p>
+
+    <p>The Sixth Sense module adds <strong>distributed communication</strong> to any Bedsheet agent via PubNub's real-time messaging platform. Agents become network-aware peers that can broadcast alerts, send requests to each other, and coordinate incident responses &mdash; all without running HTTP servers or managing service discovery.</p>
+
+    <div class="feature-grid">
+        <div class="feature-card">
+            <h4>Pure Clients</h4>
+            <p>Agents are PubNub clients, not servers. No ports to open, no URLs to register. Works behind NATs and firewalls.</p>
+        </div>
+        <div class="feature-card">
+            <h4>Signal-Based</h4>
+            <p>Seven signal kinds (request, response, alert, heartbeat, claim, release, event) cover all coordination patterns.</p>
+        </div>
+        <div class="feature-card">
+            <h4>Swappable Transport</h4>
+            <p><code>SenseTransport</code> protocol means PubNub is one implementation. Swap in MQTT, Redis Streams, or your own.</p>
+        </div>
+        <div class="feature-card">
+            <h4>Leaderless Coordination</h4>
+            <p>Claim-based protocol lets multiple commanders compete for incident ownership. No central coordinator needed.</p>
+        </div>
+    </div>
+
+    <div class="architecture">bedsheet/sense/
+├── __init__.py           # Exports
+├── protocol.py           # SenseTransport protocol
+├── signals.py            # Signal dataclass + kinds
+├── serialization.py      # Compact JSON (&lt;32KB)
+├── network.py            # SenseNetwork wrapper
+├── mixin.py              # SenseMixin for agents
+└── pubnub_transport.py   # PubNub implementation</div>
+
+    <!-- Step 2: Setup -->
+    <h2 id="setup"><span class="step-number">2</span> Setup</h2>
+
+    <h3>Install</h3>
+    <pre><code class="language-bash">pip install bedsheet[sense]</code></pre>
+
+    <p>This adds the <code>pubnub</code> package as a dependency.</p>
+
+    <h3>Get PubNub Keys</h3>
+    <ol>
+        <li>Sign up at <a href="https://www.pubnub.com">pubnub.com</a> (free tier: 200 MAU, unlimited channels)</li>
+        <li>Create an app in the PubNub dashboard</li>
+        <li>Copy your Subscribe Key and Publish Key</li>
+    </ol>
+
+    <pre><code class="language-bash">export PUBNUB_SUBSCRIBE_KEY=sub-c-your-key-here
+export PUBNUB_PUBLISH_KEY=pub-c-your-key-here</code></pre>
+
+    <div class="info-box tip">
+        <div class="info-box-title">Tip</div>
+        <p>Enable <strong>Presence</strong> in your PubNub keyset settings to use <code>get_online_agents()</code>.</p>
+    </div>
+
+    <!-- Step 3: First Sense Agent -->
+    <h2 id="first-sense-agent"><span class="step-number">3</span> Your First Sense Agent</h2>
+
+    <p>Any Bedsheet Agent becomes network-aware by adding the <code>SenseMixin</code>:</p>
+
+    <pre><code class="language-python">from bedsheet import Agent, ActionGroup, SenseMixin
+from bedsheet.llm.anthropic import AnthropicClient
+from bedsheet.sense.pubnub_transport import PubNubTransport
+
+# 1. Create a sense-aware agent class
+class MyAgent(SenseMixin, Agent):
+    pass
+
+# 2. Build the agent as usual
+agent = MyAgent(
+    name="my-agent",
+    instruction="You are a helpful agent.",
+    model_client=AnthropicClient(),
+)
+
+# 3. Connect to the network
+transport = PubNubTransport(
+    subscribe_key="sub-c-...",
+    publish_key="pub-c-...",
+)
+await agent.join_network(transport, "my-namespace", ["alerts", "tasks"])
+
+# 4. The agent can now send and receive signals!
+# ... do work ...
+
+# 5. Disconnect when done
+await agent.leave_network()</code></pre>
+
+    <div class="whats-happening">
+        <h4>What's happening?</h4>
+        <ol>
+            <li><code>SenseMixin</code> adds network methods to the Agent without changing the core ReAct loop</li>
+            <li><code>join_network()</code> connects to PubNub, subscribes to channels, and starts a background signal processing loop</li>
+            <li>The agent automatically subscribes to its own direct channel (named after the agent)</li>
+            <li>A heartbeat broadcasts the agent's capabilities every 30 seconds</li>
+        </ol>
+    </div>
+
+    <!-- Step 4: Signals -->
+    <h2 id="signals"><span class="step-number">4</span> Signals</h2>
+
+    <p>A <code>Signal</code> is the unit of inter-agent communication. Every signal has a kind, a sender, and an optional payload:</p>
+
+    <pre><code class="language-python">from bedsheet.sense import Signal
+
+# Broadcast an alert
+alert = Signal(
+    kind="alert",
+    sender="cpu-watcher",
+    payload={"severity": "high", "cpu": 95.2},
+)
+await agent.broadcast("alerts", alert)</code></pre>
+
+    <h3>Signal Kinds</h3>
+    <table>
+        <tr><th>Kind</th><th>Purpose</th><th>Pattern</th></tr>
+        <tr><td><code>request</code></td><td>Ask an agent to do work</td><td>Peer-to-peer, expects <code>response</code></td></tr>
+        <tr><td><code>response</code></td><td>Return results</td><td>Peer-to-peer, has <code>correlation_id</code></td></tr>
+        <tr><td><code>alert</code></td><td>Broadcast an observation</td><td>One-to-many</td></tr>
+        <tr><td><code>heartbeat</code></td><td>Liveness + capabilities</td><td>One-to-many (periodic)</td></tr>
+        <tr><td><code>claim</code></td><td>Claim an incident</td><td>One-to-many (conflict resolution)</td></tr>
+        <tr><td><code>release</code></td><td>Release a claimed incident</td><td>One-to-many</td></tr>
+        <tr><td><code>event</code></td><td>Serialized bedsheet Event</td><td>One-to-many (observability)</td></tr>
+    </table>
+
+    <h3>Channel Naming</h3>
+    <p>Channels follow the convention <code>bedsheet.&lt;namespace&gt;.&lt;purpose&gt;</code>:</p>
+    <pre><code class="language-python">bedsheet.cloud-ops.alerts       # Alert broadcasts
+bedsheet.cloud-ops.tasks        # Task coordination / claims
+bedsheet.cloud-ops.cpu-watcher  # Direct channel to cpu-watcher agent</code></pre>
+
+    <h3>Custom Signal Handlers</h3>
+    <pre><code class="language-python">@agent.on_signal("alert")
+async def handle_alert(signal: Signal):
+    severity = signal.payload.get("severity")
+    print(f"Alert from {signal.sender}: {severity}")</code></pre>
+
+    <!-- Step 5: Request/Response -->
+    <h2 id="request-response"><span class="step-number">5</span> Request / Response</h2>
+
+    <p>The <code>request()</code> method sends a task to a remote agent and waits for the response. Under the hood, the receiving agent runs <code>invoke()</code> with the task and sends back the completion:</p>
+
+    <pre><code class="language-python"># Commander asks cpu-watcher to check usage
+result = await commander.request(
+    "cpu-watcher",
+    "What is the current CPU usage?",
+    timeout=30.0,
+)
+print(result)  # "Overall: 45.2%, Per-core: [32.1, 58.3, ...]"</code></pre>
+
+    <div class="whats-happening">
+        <h4>What's happening?</h4>
+        <ol>
+            <li>Commander creates a <code>request</code> signal with a unique <code>correlation_id</code></li>
+            <li>Signal is published to the cpu-watcher's direct channel</li>
+            <li>cpu-watcher's signal loop receives the request</li>
+            <li>cpu-watcher calls <code>self.invoke()</code> with the task text</li>
+            <li>The LLM uses cpu-watcher's tools to gather data</li>
+            <li>The <code>CompletionEvent</code> response is sent back as a <code>response</code> signal</li>
+            <li>Commander's future resolves with the result</li>
+        </ol>
+    </div>
+
+    <div class="info-box warning">
+        <div class="info-box-title">Timeout</div>
+        <p>If the remote agent doesn't respond within the timeout, a <code>TimeoutError</code> is raised. The default timeout is 30 seconds.</p>
+    </div>
+
+    <!-- Step 6: Claim Protocol -->
+    <h2 id="claim-protocol"><span class="step-number">6</span> Claim Protocol</h2>
+
+    <p>When multiple commander agents are online, they need to coordinate who handles an incident. The claim protocol provides leaderless conflict resolution:</p>
+
+    <pre><code class="language-python"># When an alert arrives
+won = await agent.claim_incident("incident-001", "tasks")
+if won:
+    # We are responsible for this incident
+    await investigate_and_report()
+else:
+    # Another agent claimed it first
+    pass</code></pre>
+
+    <div class="whats-happening">
+        <h4>How Claims Work</h4>
+        <ol>
+            <li>Agent publishes a <code>claim</code> signal with the incident ID and timestamp</li>
+            <li>Waits 500ms for competing claims from other agents</li>
+            <li>If competing claims arrive, the earliest timestamp wins</li>
+            <li>Loser backs off; winner coordinates the response</li>
+            <li>When done, winner publishes <code>release</code> to free the incident</li>
+        </ol>
+    </div>
+
+    <!-- Step 7: SenseNetwork -->
+    <h2 id="sense-network"><span class="step-number">7</span> SenseNetwork API</h2>
+
+    <p>For managing multiple agents in the same process (useful for testing and simpler deployments), use <code>SenseNetwork</code>:</p>
+
+    <pre><code class="language-python">from bedsheet.sense import SenseNetwork
+from bedsheet.testing import MockSenseTransport
+
+# For testing (in-memory)
+network = SenseNetwork(
+    namespace="cloud-ops",
+    transport=MockSenseTransport(),
+)
+
+# For production (PubNub)
+network = SenseNetwork(
+    namespace="cloud-ops",
+    transport_factory=lambda: PubNubTransport(sub_key, pub_key),
+)
+
+# Add agents
+await network.add(cpu_agent, channels=["alerts", "tasks"])
+await network.add(commander, channels=["alerts", "tasks"])
+
+# Later...
+await network.stop()</code></pre>
+
+    <!-- Step 8: Demo -->
+    <h2 id="demo"><span class="step-number">8</span> Cloud Monitor Demo</h2>
+
+    <p>The <code>examples/cloud-monitor/</code> directory contains a complete demo with 5 agents running as separate processes:</p>
+
+    <table>
+        <tr><th>Agent</th><th>Role</th><th>Data Source</th></tr>
+        <tr><td><code>cpu-watcher</code></td><td>Monitor CPU, alert on spikes</td><td><code>psutil</code></td></tr>
+        <tr><td><code>memory-watcher</code></td><td>Monitor RAM and swap</td><td><code>psutil</code></td></tr>
+        <tr><td><code>log-analyzer</code></td><td>Search and analyze logs</td><td>Simulated log buffer</td></tr>
+        <tr><td><code>security-scanner</code></td><td>Scan ports, check logins</td><td><code>socket</code></td></tr>
+        <tr><td><code>incident-commander</code></td><td>Coordinate alert responses</td><td>Sense network</td></tr>
+    </table>
+
+    <h3>Running the Demo</h3>
+    <pre><code class="language-bash">export PUBNUB_SUBSCRIBE_KEY=sub-c-...
+export PUBNUB_PUBLISH_KEY=pub-c-...
+export ANTHROPIC_API_KEY=sk-ant-...
+
+pip install bedsheet[sense] psutil
+
+cd examples/cloud-monitor
+python run.py</code></pre>
+
+    <div class="output">============================================================
+  Cloud Monitor - Bedsheet Sense Demo
+  Launching 5 distributed agents...
+============================================================
+  Starting cpu-watcher...
+[cpu-watcher] Online and monitoring...
+  Starting memory-watcher...
+[memory-watcher] Online and monitoring...
+  Starting log-analyzer...
+[log-analyzer] Online and ready...
+  Starting security-scanner...
+[security-scanner] Online and ready...
+  Starting incident-commander...
+[incident-commander] Online and coordinating...
+============================================================
+  All agents online! Press Ctrl+C to stop.
+============================================================</div>
+
+    <p>When CPU exceeds 80%, the cpu-watcher broadcasts an alert. The incident-commander claims it, queries the other agents for context, and synthesizes an incident report.</p>
+
+    <!-- Step 9: Testing -->
+    <h2 id="testing"><span class="step-number">9</span> Testing</h2>
+
+    <p>Use <code>MockSenseTransport</code> for unit tests &mdash; it routes signals in-memory without PubNub:</p>
+
+    <pre><code class="language-python">from bedsheet.testing import MockSenseTransport
+
+# Create a shared hub for multiple agents
+transport = MockSenseTransport()
+
+# Each agent gets its own peer transport
+t1 = transport          # First agent
+t2 = transport.create_peer()  # Second agent (shares the hub)
+
+# Agents connected to the same hub can exchange signals
+await agent1.join_network(t1, "test", ["alerts"])
+await agent2.join_network(t2, "test", ["alerts"])
+
+result = await agent1.request("agent2", "do something")
+assert result == "done"</code></pre>
+
+    <div class="info-box note">
+        <div class="info-box-title">Note</div>
+        <p><code>MockSenseTransport</code> follows the same pattern as <code>MockLLMClient</code> &mdash; a test double that satisfies the protocol without external dependencies.</p>
+    </div>
+
+    <!-- Step 10: Reference -->
+    <h2 id="reference"><span class="step-number">10</span> Reference</h2>
+
+    <h3>Signal Fields</h3>
+    <table>
+        <tr><th>Field</th><th>Type</th><th>Description</th></tr>
+        <tr><td><code>kind</code></td><td><code>SignalKind</code></td><td>One of: request, response, alert, heartbeat, claim, release, event</td></tr>
+        <tr><td><code>sender</code></td><td><code>str</code></td><td>Name of the sending agent</td></tr>
+        <tr><td><code>payload</code></td><td><code>dict</code></td><td>Arbitrary data (default: empty dict)</td></tr>
+        <tr><td><code>correlation_id</code></td><td><code>str</code></td><td>Links requests to responses (auto-generated)</td></tr>
+        <tr><td><code>target</code></td><td><code>str | None</code></td><td>Intended recipient (None = broadcast)</td></tr>
+        <tr><td><code>timestamp</code></td><td><code>float</code></td><td>Unix timestamp (auto-set)</td></tr>
+        <tr><td><code>source_channel</code></td><td><code>str | None</code></td><td>Channel the signal arrived on (set by transport)</td></tr>
+    </table>
+
+    <h3>SenseMixin Methods</h3>
+    <table>
+        <tr><th>Method</th><th>Description</th></tr>
+        <tr><td><code>join_network(transport, namespace, channels)</code></td><td>Connect and start listening</td></tr>
+        <tr><td><code>leave_network()</code></td><td>Disconnect and stop background tasks</td></tr>
+        <tr><td><code>broadcast(channel, signal)</code></td><td>Send signal to a channel</td></tr>
+        <tr><td><code>send_to(agent_name, signal)</code></td><td>Send signal to an agent's direct channel</td></tr>
+        <tr><td><code>request(agent_name, task, timeout)</code></td><td>Send task and await response</td></tr>
+        <tr><td><code>claim_incident(incident_id, channel)</code></td><td>Attempt to claim an incident</td></tr>
+        <tr><td><code>release_incident(incident_id, channel)</code></td><td>Release a claimed incident</td></tr>
+        <tr><td><code>on_signal(kind)</code></td><td>Decorator for custom signal handlers</td></tr>
+    </table>
+
+    <h3>New Event Types</h3>
+    <table>
+        <tr><th>Event</th><th>When Emitted</th></tr>
+        <tr><td><code>SignalReceivedEvent</code></td><td>Signal arrived from network</td></tr>
+        <tr><td><code>AgentConnectedEvent</code></td><td>Remote agent came online</td></tr>
+        <tr><td><code>AgentDisconnectedEvent</code></td><td>Remote agent went offline</td></tr>
+        <tr><td><code>RemoteDelegationEvent</code></td><td>Task sent to remote agent</td></tr>
+        <tr><td><code>RemoteResultEvent</code></td><td>Result received from remote agent</td></tr>
+    </table>
+
+    <footer>
+        <p>Bedsheet Agents &mdash; <a href="https://github.com/sivang/bedsheet">GitHub</a></p>
+    </footer>
+</main>
+
+<script>hljs.highlightAll();</script>
+</body>
+</html>
diff --git a/examples/cloud-monitor/README.md b/examples/cloud-monitor/README.md
new file mode 100644
index 0000000..2c9b887
--- /dev/null
+++ b/examples/cloud-monitor/README.md
@@ -0,0 +1,46 @@
+# Cloud Monitor - Bedsheet Sense Demo
+
+Demonstrates distributed agent communication using Bedsheet's Sense module and PubNub.
+
+Five agents run as **separate processes**, each with its own PubNub connection, communicating via signals over the network.
+
+## Agents
+
+| Agent | Role | Tools |
+|-------|------|-------|
+| `cpu-watcher` | Monitors CPU usage, alerts on spikes | `get_cpu_usage`, `get_process_top` |
+| `memory-watcher` | Monitors RAM and swap | `get_memory_usage`, `get_swap_usage` |
+| `log-analyzer` | Searches and analyzes logs | `tail_log`, `search_log`, `get_error_rate` |
+| `security-scanner` | Scans ports and login attempts | `check_open_ports`, `check_failed_logins` |
+| `incident-commander` | Coordinates responses to alerts | `request_remote_agent`, `broadcast_alert`, `list_online_agents` |
+
+## Setup
+
+1. Get free PubNub keys at https://www.pubnub.com (200 MAU free tier)
+
+2. Set environment variables:
+```bash
+export PUBNUB_SUBSCRIBE_KEY=sub-c-...
+export PUBNUB_PUBLISH_KEY=pub-c-...
+export ANTHROPIC_API_KEY=sk-ant-...
+```
+
+3. Install dependencies:
+```bash
+pip install bedsheet[sense] psutil
+```
+
+4. Run:
+```bash
+python run.py
+```
+
+## How It Works
+
+1. All agents connect to PubNub and subscribe to `alerts` and `tasks` channels
+2. Worker agents (cpu-watcher, memory-watcher) monitor system metrics in a loop
+3. When a metric crosses a threshold, the watcher broadcasts an `alert` signal
+4. The incident-commander receives the alert, claims the incident, then:
+   - Queries relevant agents via `request` signals
+   - Each agent invokes its LLM + tools to gather data
+   - Commander synthesizes findings into an incident report
diff --git a/examples/cloud-monitor/agents/__init__.py b/examples/cloud-monitor/agents/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/examples/cloud-monitor/agents/cpu_watcher.py b/examples/cloud-monitor/agents/cpu_watcher.py
new file mode 100644
index 0000000..4b6d2e0
--- /dev/null
+++ b/examples/cloud-monitor/agents/cpu_watcher.py
@@ -0,0 +1,88 @@
+"""CPU Watcher agent - monitors CPU usage and alerts on spikes."""
+import asyncio
+import os
+import sys
+
+import psutil
+
+from bedsheet import Agent, ActionGroup, SenseMixin
+from bedsheet.llm.anthropic import AnthropicClient
+from bedsheet.sense import Signal
+from bedsheet.sense.pubnub_transport import PubNubTransport
+
+
+class CPUWatcher(SenseMixin, Agent):
+    pass
+
+
+cpu_tools = ActionGroup("cpu_tools", "CPU monitoring tools")
+
+
+@cpu_tools.action("get_cpu_usage", "Get current CPU usage percentage across all cores")
+async def get_cpu_usage() -> str:
+    percent = psutil.cpu_percent(interval=1)
+    per_cpu = psutil.cpu_percent(interval=0, percpu=True)
+    return f"Overall: {percent}%, Per-core: {per_cpu}"
+
+
+@cpu_tools.action("get_process_top", "Get top 5 processes by CPU usage")
+async def get_process_top() -> str:
+    procs = []
+    for p in psutil.process_iter(["pid", "name", "cpu_percent"]):
+        try:
+            info = p.info
+            procs.append(info)
+        except (psutil.NoSuchProcess, psutil.AccessDenied):
+            pass
+    procs.sort(key=lambda x: x.get("cpu_percent", 0) or 0, reverse=True)
+    top = procs[:5]
+    lines = [f"  PID {p['pid']}: {p['name']} ({p.get('cpu_percent', 0):.1f}%)" for p in top]
+    return "Top processes by CPU:\n" + "\n".join(lines)
+
+
+async def main():
+    transport = PubNubTransport(
+        subscribe_key=os.environ["PUBNUB_SUBSCRIBE_KEY"],
+        publish_key=os.environ["PUBNUB_PUBLISH_KEY"],
+    )
+
+    agent = CPUWatcher(
+        name="cpu-watcher",
+        instruction=(
+            "You are a CPU monitoring agent. When asked about CPU status, "
+            "use your tools to check current CPU usage and top processes. "
+            "Report findings clearly and concisely."
+        ),
+        model_client=AnthropicClient(),
+    )
+    agent.add_action_group(cpu_tools)
+
+    await agent.join_network(transport, "cloud-ops", ["alerts", "tasks"])
+    print("[cpu-watcher] Online and monitoring...")
+
+    # Monitor loop: check CPU every 10 seconds, alert if > 80%
+    try:
+        while True:
+            cpu_pct = psutil.cpu_percent(interval=1)
+            if cpu_pct > 80:
+                alert = Signal(
+                    kind="alert",
+                    sender="cpu-watcher",
+                    payload={
+                        "severity": "high",
+                        "metric": "cpu",
+                        "value": cpu_pct,
+                        "message": f"CPU usage spike: {cpu_pct}%",
+                    },
+                )
+                await agent.broadcast("alerts", alert)
+                print(f"[cpu-watcher] ALERT: CPU at {cpu_pct}%")
+            await asyncio.sleep(10)
+    except KeyboardInterrupt:
+        pass
+    finally:
+        await agent.leave_network()
+
+
+if __name__ == "__main__":
+    asyncio.run(main())
diff --git a/examples/cloud-monitor/agents/incident_commander.py b/examples/cloud-monitor/agents/incident_commander.py
new file mode 100644
index 0000000..9ac7f29
--- /dev/null
+++ b/examples/cloud-monitor/agents/incident_commander.py
@@ -0,0 +1,158 @@
+"""Incident Commander agent - coordinates responses to alerts via the sense network."""
+import asyncio
+import os
+import sys
+
+from bedsheet import Agent, ActionGroup, SenseMixin
+from bedsheet.llm.anthropic import AnthropicClient
+from bedsheet.sense import Signal
+from bedsheet.sense.pubnub_transport import PubNubTransport
+
+
+class IncidentCommander(SenseMixin, Agent):
+    pass
+
+
+# The commander's tools operate over the network, not locally
+commander_tools = ActionGroup("commander_tools", "Network coordination tools")
+
+# Module-level reference to the agent (set in main())
+_commander: IncidentCommander | None = None
+
+
+@commander_tools.action(
+    "request_remote_agent",
+    "Send a task to a remote agent and wait for its response",
+    parameters={
+        "type": "object",
+        "properties": {
+            "agent_name": {"type": "string", "description": "Name of the remote agent"},
+            "task": {"type": "string", "description": "Task description for the agent"},
+        },
+        "required": ["agent_name", "task"],
+    },
+)
+async def request_remote_agent(agent_name: str, task: str) -> str:
+    if _commander is None:
+        return "Error: Commander not initialized"
+    try:
+        result = await _commander.request(agent_name, task, timeout=30.0)
+        return result
+    except TimeoutError:
+        return f"Timeout: {agent_name} did not respond within 30s"
+    except Exception as e:
+        return f"Error requesting {agent_name}: {e}"
+
+
+@commander_tools.action(
+    "broadcast_alert",
+    "Broadcast an alert to all agents on the network",
+    parameters={
+        "type": "object",
+        "properties": {
+            "severity": {"type": "string", "description": "Alert severity: low, medium, high, critical"},
+            "message": {"type": "string", "description": "Alert message"},
+        },
+        "required": ["severity", "message"],
+    },
+)
+async def broadcast_alert(severity: str, message: str) -> str:
+    if _commander is None:
+        return "Error: Commander not initialized"
+    signal = Signal(
+        kind="alert",
+        sender="incident-commander",
+        payload={"severity": severity, "message": message, "source": "commander"},
+    )
+    await _commander.broadcast("alerts", signal)
+    return f"Alert broadcast: [{severity}] {message}"
+
+
+@commander_tools.action(
+    "list_online_agents",
+    "List all agents currently online on the tasks channel",
+)
+async def list_online_agents() -> str:
+    if _commander is None:
+        return "Error: Commander not initialized"
+    agents = await _commander._transport.get_online_agents("tasks")
+    if not agents:
+        return "No agents online"
+    names = [a.agent_name for a in agents]
+    return f"Online agents: {', '.join(names)}"
+
+
+async def main():
+    global _commander
+
+    transport = PubNubTransport(
+        subscribe_key=os.environ["PUBNUB_SUBSCRIBE_KEY"],
+        publish_key=os.environ["PUBNUB_PUBLISH_KEY"],
+    )
+
+    agent = IncidentCommander(
+        name="incident-commander",
+        instruction=(
+            "You are the Incident Commander for a cloud operations team. "
+            "You coordinate responses to system alerts by delegating to specialist agents.\n\n"
+            "Available agents:\n"
+            "- cpu-watcher: Monitors CPU usage and processes\n"
+            "- memory-watcher: Monitors RAM and swap\n"
+            "- log-analyzer: Searches and analyzes logs\n"
+            "- security-scanner: Scans ports and login attempts\n\n"
+            "When you receive an alert, investigate it by querying relevant agents, "
+            "then synthesize a clear incident report with findings and recommendations."
+        ),
+        model_client=AnthropicClient(),
+    )
+    agent.add_action_group(commander_tools)
+    _commander = agent
+
+    await agent.join_network(transport, "cloud-ops", ["alerts", "tasks"])
+    print("[incident-commander] Online and coordinating...")
+
+    # Listen for alerts and trigger investigation
+    @agent.on_signal("alert")
+    async def handle_alert(signal: Signal):
+        if signal.payload.get("source") == "commander":
+            return  # Don't react to our own alerts
+
+        severity = signal.payload.get("severity", "unknown")
+        message = signal.payload.get("message", "No details")
+        metric = signal.payload.get("metric", "unknown")
+        print(f"\n[incident-commander] Received alert: [{severity}] {message}")
+
+        # Claim the incident
+        incident_id = f"inc-{signal.correlation_id}"
+        agent._claimed_incidents.add(incident_id)
+        won = await agent.claim_incident(incident_id, "tasks")
+
+        if won:
+            print(f"[incident-commander] Claimed incident {incident_id}, investigating...")
+            # Trigger investigation through the LLM
+            session_id = f"incident-{incident_id}"
+            prompt = (
+                f"ALERT received: [{severity}] {message} (metric: {metric})\n"
+                "Investigate this alert by querying the relevant agents, "
+                "then provide an incident report."
+            )
+            async for event in agent.invoke(session_id, prompt):
+                from bedsheet.events import CompletionEvent, ToolCallEvent
+                if isinstance(event, ToolCallEvent):
+                    print(f"  -> Calling {event.tool_name}...")
+                elif isinstance(event, CompletionEvent):
+                    print(f"\n[INCIDENT REPORT]\n{event.response}\n")
+        else:
+            print(f"[incident-commander] Lost claim for {incident_id}")
+
+    try:
+        while True:
+            await asyncio.sleep(1)
+    except KeyboardInterrupt:
+        pass
+    finally:
+        await agent.leave_network()
+
+
+if __name__ == "__main__":
+    asyncio.run(main())
diff --git a/examples/cloud-monitor/agents/log_analyzer.py b/examples/cloud-monitor/agents/log_analyzer.py
new file mode 100644
index 0000000..379a89e
--- /dev/null
+++ b/examples/cloud-monitor/agents/log_analyzer.py
@@ -0,0 +1,105 @@
+"""Log Analyzer agent - analyzes system logs for errors and patterns."""
+import asyncio
+import io
+import os
+import re
+import sys
+from collections import Counter
+
+from bedsheet import Agent, ActionGroup, SenseMixin
+from bedsheet.llm.anthropic import AnthropicClient
+from bedsheet.sense.pubnub_transport import PubNubTransport
+
+
+class LogAnalyzer(SenseMixin, Agent):
+    pass
+
+
+log_tools = ActionGroup("log_tools", "Log analysis tools")
+
+# Simulated log buffer for demo purposes
+_LOG_BUFFER = io.StringIO(
+    "2024-01-15 10:00:01 INFO Server started\n"
+    "2024-01-15 10:00:05 INFO Request received: GET /api/health\n"
+    "2024-01-15 10:00:10 WARN High latency on /api/users: 2500ms\n"
+    "2024-01-15 10:00:15 ERROR Connection timeout to database\n"
+    "2024-01-15 10:00:20 ERROR Failed to process request: timeout\n"
+    "2024-01-15 10:00:25 INFO Request received: GET /api/health\n"
+    "2024-01-15 10:00:30 WARN Memory pressure detected\n"
+    "2024-01-15 10:00:35 ERROR Connection refused: redis://localhost:6379\n"
+    "2024-01-15 10:00:40 INFO Auto-scaling triggered\n"
+    "2024-01-15 10:00:45 INFO Request received: POST /api/data\n"
+)
+
+
+@log_tools.action("tail_log", "Get the last N lines from the log")
+async def tail_log(lines: int = 10) -> str:
+    _LOG_BUFFER.seek(0)
+    all_lines = _LOG_BUFFER.readlines()
+    return "".join(all_lines[-lines:])
+
+
+@log_tools.action("search_log", "Search logs for a pattern (regex supported)")
+async def search_log(pattern: str) -> str:
+    _LOG_BUFFER.seek(0)
+    matches = [
+        line.strip()
+        for line in _LOG_BUFFER
+        if re.search(pattern, line, re.IGNORECASE)
+    ]
+    if not matches:
+        return f"No matches for '{pattern}'"
+    return f"Found {len(matches)} matches:\n" + "\n".join(matches[:20])
+
+
+@log_tools.action("get_error_rate", "Calculate the error rate from recent logs")
+async def get_error_rate() -> str:
+    _LOG_BUFFER.seek(0)
+    levels = Counter()
+    for line in _LOG_BUFFER:
+        for level in ("INFO", "WARN", "ERROR"):
+            if f" {level} " in line:
+                levels[level] += 1
+                break
+    total = sum(levels.values())
+    if total == 0:
+        return "No log entries found"
+    error_rate = (levels.get("ERROR", 0) / total) * 100
+    return (
+        f"Log summary: {total} entries, "
+        f"INFO: {levels['INFO']}, WARN: {levels['WARN']}, ERROR: {levels['ERROR']}, "
+        f"Error rate: {error_rate:.1f}%"
+    )
+
+
+async def main():
+    transport = PubNubTransport(
+        subscribe_key=os.environ["PUBNUB_SUBSCRIBE_KEY"],
+        publish_key=os.environ["PUBNUB_PUBLISH_KEY"],
+    )
+
+    agent = LogAnalyzer(
+        name="log-analyzer",
+        instruction=(
+            "You are a log analysis agent. When asked about logs, use your tools "
+            "to search, tail, and analyze log entries. Report error rates, patterns, "
+            "and notable events clearly."
+        ),
+        model_client=AnthropicClient(),
+    )
+    agent.add_action_group(log_tools)
+
+    await agent.join_network(transport, "cloud-ops", ["alerts", "tasks"])
+    print("[log-analyzer] Online and ready...")
+
+    try:
+        while True:
+            await asyncio.sleep(60)
+    except KeyboardInterrupt:
+        pass
+    finally:
+        await agent.leave_network()
+
+
+if __name__ == "__main__":
+    asyncio.run(main())
diff --git a/examples/cloud-monitor/agents/memory_watcher.py b/examples/cloud-monitor/agents/memory_watcher.py
new file mode 100644
index 0000000..619997f
--- /dev/null
+++ b/examples/cloud-monitor/agents/memory_watcher.py
@@ -0,0 +1,84 @@
+"""Memory Watcher agent - monitors RAM and swap usage."""
+import asyncio
+import os
+import sys
+
+import psutil
+
+from bedsheet import Agent, ActionGroup, SenseMixin
+from bedsheet.llm.anthropic import AnthropicClient
+from bedsheet.sense import Signal
+from bedsheet.sense.pubnub_transport import PubNubTransport
+
+
+class MemoryWatcher(SenseMixin, Agent):
+    pass
+
+
+mem_tools = ActionGroup("memory_tools", "Memory monitoring tools")
+
+
+@mem_tools.action("get_memory_usage", "Get current RAM usage")
+async def get_memory_usage() -> str:
+    mem = psutil.virtual_memory()
+    return (
+        f"Total: {mem.total / (1024**3):.1f}GB, "
+        f"Used: {mem.used / (1024**3):.1f}GB ({mem.percent}%), "
+        f"Available: {mem.available / (1024**3):.1f}GB"
+    )
+
+
+@mem_tools.action("get_swap_usage", "Get current swap usage")
+async def get_swap_usage() -> str:
+    swap = psutil.swap_memory()
+    return (
+        f"Total: {swap.total / (1024**3):.1f}GB, "
+        f"Used: {swap.used / (1024**3):.1f}GB ({swap.percent}%), "
+        f"Free: {swap.free / (1024**3):.1f}GB"
+    )
+
+
+async def main():
+    transport = PubNubTransport(
+        subscribe_key=os.environ["PUBNUB_SUBSCRIBE_KEY"],
+        publish_key=os.environ["PUBNUB_PUBLISH_KEY"],
+    )
+
+    agent = MemoryWatcher(
+        name="memory-watcher",
+        instruction=(
+            "You are a memory monitoring agent. When asked about memory status, "
+            "use your tools to check RAM and swap usage. Report findings clearly."
+        ),
+        model_client=AnthropicClient(),
+    )
+    agent.add_action_group(mem_tools)
+
+    await agent.join_network(transport, "cloud-ops", ["alerts", "tasks"])
+    print("[memory-watcher] Online and monitoring...")
+
+    try:
+        while True:
+            mem = psutil.virtual_memory()
+            if mem.percent > 85:
+                alert = Signal(
+                    kind="alert",
+                    sender="memory-watcher",
+                    payload={
+                        "severity": "high",
+                        "metric": "memory",
+                        "value": mem.percent,
+                        "message": f"Memory usage high: {mem.percent}%",
+                    },
+                )
+                await agent.broadcast("alerts", alert)
+                print(f"[memory-watcher] ALERT: Memory at {mem.percent}%")
+            await asyncio.sleep(10)
+    except KeyboardInterrupt:
+        pass
+    finally:
+        await agent.leave_network()
+
+
+if __name__ == "__main__":
+    asyncio.run(main())
diff --git a/examples/cloud-monitor/agents/security_scanner.py b/examples/cloud-monitor/agents/security_scanner.py
new file mode 100644
index 0000000..78f70c5
--- /dev/null
+++ b/examples/cloud-monitor/agents/security_scanner.py
@@ -0,0 +1,87 @@
+"""Security Scanner agent - checks open ports and login attempts."""
+import asyncio
+import os
+import socket
+import sys
+
+from bedsheet import Agent, ActionGroup, SenseMixin
+from bedsheet.llm.anthropic import AnthropicClient
+from bedsheet.sense.pubnub_transport import PubNubTransport
+
+
+class SecurityScanner(SenseMixin, Agent):
+    pass
+
+
+security_tools = ActionGroup("security_tools", "Security scanning tools")
+
+
+@security_tools.action("check_open_ports", "Scan common ports on localhost")
+async def check_open_ports() -> str:
+    common_ports = {
+        22: "SSH", 80: "HTTP", 443: "HTTPS", 3306: "MySQL",
+        5432: "PostgreSQL", 6379: "Redis", 8080: "HTTP-Alt",
+        8443: "HTTPS-Alt", 27017: "MongoDB",
+    }
+    results = []
+    for port, service in common_ports.items():
+        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        sock.settimeout(0.5)
+        try:
+            result = sock.connect_ex(("127.0.0.1", port))
+            status = "OPEN" if result == 0 else "closed"
+            if result == 0:
+                results.append(f"  Port {port} ({service}): {status}")
+        except Exception:
+            pass
+        finally:
+            sock.close()
+
+    if not results:
+        return "No common ports open on localhost"
+    return "Open ports:\n" + "\n".join(results)
+
+
+@security_tools.action("check_failed_logins", "Check for recent failed login attempts (simulated)")
+async def check_failed_logins() -> str:
+    # Simulated data for demo purposes
+    return (
+        "Recent failed login attempts (last 24h):\n"
+        "  SSH: 3 attempts from 192.168.1.50 (blocked)\n"
+        "  SSH: 1 attempt from 10.0.0.15\n"
+        "  Web: 5 attempts from 203.0.113.42 (rate limited)\n"
+        "  Total: 9 failed attempts, 1 IP blocked"
+    )
+
+
+async def main():
+    transport = PubNubTransport(
+        subscribe_key=os.environ["PUBNUB_SUBSCRIBE_KEY"],
+        publish_key=os.environ["PUBNUB_PUBLISH_KEY"],
+    )
+
+    agent = SecurityScanner(
+        name="security-scanner",
+        instruction=(
+            "You are a security scanning agent. When asked about security, "
+            "use your tools to check open ports and failed login attempts. "
+            "Report findings with severity assessment."
+        ),
+        model_client=AnthropicClient(),
+    )
+    agent.add_action_group(security_tools)
+
+    await agent.join_network(transport, "cloud-ops", ["alerts", "tasks"])
+    print("[security-scanner] Online and ready...")
+
+    try:
+        while True:
+            await asyncio.sleep(60)
+    except KeyboardInterrupt:
+        pass
+    finally:
+        await agent.leave_network()
+
+
+if __name__ == "__main__":
+    asyncio.run(main())
diff --git a/examples/cloud-monitor/pyproject.toml b/examples/cloud-monitor/pyproject.toml
new file mode 100644
index 0000000..2c4d3a8
--- /dev/null
+++ b/examples/cloud-monitor/pyproject.toml
@@ -0,0 +1,12 @@
+[project]
+name = "cloud-monitor"
+version = "0.1.0"
+description = "Cloud monitoring demo using Bedsheet Sense for distributed agent communication"
+requires-python = ">=3.11"
+dependencies = [
+    "bedsheet[sense]",
+    "psutil>=5.9.0",
+]
+
+[project.scripts]
+cloud-monitor = "run:main"
diff --git a/examples/cloud-monitor/run.py b/examples/cloud-monitor/run.py
new file mode 100644
index 0000000..95a17db
--- /dev/null
+++ b/examples/cloud-monitor/run.py
@@ -0,0 +1,93 @@
+"""Cloud Monitor - launches all agents as separate processes.
+
+Each agent runs in its own process with its own PubNub connection,
+demonstrating true distributed agent communication.
+
+Required environment variables:
+    PUBNUB_SUBSCRIBE_KEY - PubNub subscribe key
+    PUBNUB_PUBLISH_KEY   - PubNub publish key
+    ANTHROPIC_API_KEY    - Anthropic API key for Claude
+
+Usage:
+    python run.py
+"""
+import os
+import signal
+import subprocess
+import sys
+import time
+
+AGENTS = [
+    "agents/cpu_watcher.py",
+    "agents/memory_watcher.py",
+    "agents/log_analyzer.py",
+    "agents/security_scanner.py",
+    "agents/incident_commander.py",
+]
+
+REQUIRED_ENV = ["PUBNUB_SUBSCRIBE_KEY", "PUBNUB_PUBLISH_KEY", "ANTHROPIC_API_KEY"]
+
+
+def main():
+    # Check environment
+    missing = [v for v in REQUIRED_ENV if not os.environ.get(v)]
+    if missing:
+        print("Missing required environment variables:")
+        for v in missing:
+            print(f"  {v}")
+        print("\nSet them and try again:")
+        print("  export PUBNUB_SUBSCRIBE_KEY=sub-c-...")
+        print("  export PUBNUB_PUBLISH_KEY=pub-c-...")
+        print("  export ANTHROPIC_API_KEY=sk-ant-...")
+        sys.exit(1)
+
+    script_dir = os.path.dirname(os.path.abspath(__file__))
+    processes: list[subprocess.Popen] = []
+
+    print("=" * 60)
+    print("  Cloud Monitor - Bedsheet Sense Demo")
+    print("  Launching 5 distributed agents...")
+    print("=" * 60)
+
+    try:
+        for agent_script in AGENTS:
+            full_path = os.path.join(script_dir, agent_script)
+            agent_name = os.path.basename(agent_script).replace(".py", "").replace("_", "-")
+            print(f"  Starting {agent_name}...")
+
+            proc = subprocess.Popen(
+                [sys.executable, full_path],
+                env=os.environ.copy(),
+                stdout=sys.stdout,
+                stderr=sys.stderr,
+            )
+            processes.append(proc)
+            time.sleep(1)  # Stagger startup for clean PubNub connects
+
+        print("=" * 60)
+        print("  All agents online! Press Ctrl+C to stop.")
+        print("=" * 60)
+
+        # Wait for any process to exit or for keyboard interrupt
+        while all(p.poll() is None for p in processes):
+            time.sleep(1)
+
+    except KeyboardInterrupt:
+        print("\nShutting down agents...")
+    finally:
+        for proc in processes:
+            if proc.poll() is None:
+                proc.send_signal(signal.SIGINT)
+
+        # Give agents time for graceful shutdown
+        time.sleep(2)
+
+        for proc in processes:
+            if proc.poll() is None:
+                proc.terminate()
+
+        print("All agents stopped.")
+
+
+if __name__ == "__main__":
+    main()
diff --git a/pyproject.toml b/pyproject.toml
index e4f0bd0..81fc3b0 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -66,6 +66,9 @@ aws = [
     "pydantic>=2.0.0",
     # aws-cdk-lib will be added for AWS target
 ]
+sense = [
+    "pubnub>=7.0.0",
+]
 demo = [
     "yfinance>=0.2.40",
     "ddgs>=6.0.0",
diff --git a/tests/test_sense.py b/tests/test_sense.py
new file mode 100644
index 0000000..569b302
--- /dev/null
+++ b/tests/test_sense.py
@@ -0,0 +1,496 @@
+"""Tests for the Sense distributed communication module."""
+import asyncio
+import pytest
+from time import time
+
+from bedsheet import Agent, ActionGroup, SenseMixin, SenseNetwork
+from bedsheet.events import (
+    CompletionEvent,
+    SignalReceivedEvent,
+    AgentConnectedEvent,
+    AgentDisconnectedEvent,
+    RemoteDelegationEvent,
+    RemoteResultEvent,
+)
+from bedsheet.sense.signals import Signal
+from bedsheet.sense.serialization import serialize, deserialize, MAX_MESSAGE_BYTES
+from bedsheet.sense.protocol import AgentPresence, SenseTransport
+from bedsheet.testing import MockLLMClient, MockResponse, MockSenseTransport, _MockSenseHub
+
+
+# ---------- Signal dataclass tests ----------
+
+class TestSignal:
+    def test_signal_creation(self):
+        signal = Signal(kind="alert", sender="agent-1")
+        assert signal.kind == "alert"
+        assert signal.sender == "agent-1"
+        assert signal.payload == {}
+        assert signal.target is None
+        assert signal.timestamp > 0
+        assert len(signal.correlation_id) == 12
+
+    def test_signal_with_payload(self):
+        signal = Signal(
+            kind="request",
+            sender="commander",
+            payload={"task": "check cpu"},
+            target="cpu-watcher",
+        )
+        assert signal.payload == {"task": "check cpu"}
+        assert signal.target == "cpu-watcher"
+
+    def test_signal_kinds(self):
+        for kind in ("request", "response", "alert", "heartbeat", "claim", "release", "event"):
+            signal = Signal(kind=kind, sender="test")
+            assert signal.kind == kind
+
+
+# ---------- Serialization tests ----------
+
+class TestSerialization:
+    def test_serialize_minimal(self):
+        signal = Signal(kind="alert", sender="agent-1")
+        data = serialize(signal)
+        assert data["k"] == "alert"
+        assert data["s"] == "agent-1"
+        assert "ts" in data
+        # No payload -> no "p" key
+        assert "p" not in data
+
+    def test_serialize_with_payload(self):
+        signal = Signal(
+            kind="request",
+            sender="commander",
+            payload={"task": "check cpu", "priority": "high"},
+            target="cpu-watcher",
+        )
+        data = serialize(signal)
+        assert data["p"] == {"task": "check cpu", "priority": "high"}
+        assert data["t"] == "cpu-watcher"
+        assert data["c"] == signal.correlation_id
+
+    def test_roundtrip(self):
+        original = Signal(
+            kind="response",
+            sender="cpu-watcher",
+            payload={"result": "CPU at 45%"},
+            correlation_id="abc123",
+            target="commander",
+        )
+        data = serialize(original)
+        restored = deserialize(data, source_channel="bedsheet.ops.tasks")
+
+        assert restored.kind == original.kind
+        assert restored.sender == original.sender
+        assert restored.payload == original.payload
+        assert restored.correlation_id == original.correlation_id
+        assert restored.target == original.target
+        assert restored.source_channel == "bedsheet.ops.tasks"
+
+    def test_truncation_on_large_payload(self):
+        # Create a payload that exceeds the limit
+        large_payload = {"data": "x" * (MAX_MESSAGE_BYTES + 1000)}
+        signal = Signal(kind="event", sender="test", payload=large_payload)
+        data = serialize(signal)
+
+        # Payload should be truncated
+        assert data["p"]["_truncated"] is True
+        assert "summary" in data["p"]
+
+    def test_deserialize_minimal(self):
+        data = {"k": "heartbeat", "s": "agent-2", "ts": 1234567890.0}
+        signal = deserialize(data)
+        assert signal.kind == "heartbeat"
+        assert signal.sender == "agent-2"
+        assert signal.payload == {}
+        assert signal.correlation_id == ""
+
+
+# ---------- Protocol tests ----------
+
+class TestProtocol:
+    def test_mock_transport_satisfies_protocol(self):
+        """MockSenseTransport should satisfy the SenseTransport protocol."""
+        transport = MockSenseTransport()
+        # Check that the protocol methods exist
+        assert hasattr(transport, "connect")
+        assert hasattr(transport, "disconnect")
+        assert hasattr(transport, "broadcast")
+        assert hasattr(transport, "subscribe")
+        assert hasattr(transport, "unsubscribe")
+        assert hasattr(transport, "signals")
+        assert hasattr(transport, "get_online_agents")
+
+    def test_agent_presence_creation(self):
+        presence = AgentPresence(
+            agent_id="agent-1",
+            agent_name="CPU Watcher",
+            namespace="cloud-ops",
+            capabilities=["get_cpu_usage", "get_process_top"],
+        )
+        assert presence.agent_id == "agent-1"
+        assert presence.capabilities == ["get_cpu_usage", "get_process_top"]
+        assert presence.status == "online"
+
+
+# ---------- MockSenseTransport tests ----------
+
+class TestMockSenseTransport:
+    async def test_connect_disconnect(self):
+        transport = MockSenseTransport()
+        await transport.connect("agent-1", "test-ns")
+        assert transport._connected
+        await transport.disconnect()
+        assert not transport._connected
+
+    async def test_subscribe_and_broadcast(self):
+        hub = _MockSenseHub()
+        transport1 = MockSenseTransport(hub)
+        transport2 = MockSenseTransport(hub)
+
+        # Agent 1 subscribes
+        await transport1.connect("agent-1", "test-ns")
+        await transport1.subscribe("alerts")
+
+        # Agent 2 subscribes
+        await transport2.connect("agent-2", "test-ns")
+        await transport2.subscribe("alerts")
+
+        # Agent 2 broadcasts
+        signal = Signal(kind="alert", sender="agent-2", payload={"msg": "cpu high"})
+        await transport2.broadcast("alerts", signal)
+
+        # Agent 1 should receive it
+        queue = hub.queues["agent-1"]
+        received = await asyncio.wait_for(queue.get(), timeout=1.0)
+        assert received.kind == "alert"
+        assert received.payload == {"msg": "cpu high"}
+
+    async def test_get_online_agents(self):
+        transport = MockSenseTransport()
+        await transport.connect("agent-1", "test-ns")
+        await transport.subscribe("alerts")
+
+        agents = await transport.get_online_agents("alerts")
+        assert len(agents) == 1
+        assert agents[0].agent_id == "agent-1"
+
+    async def test_create_peer(self):
+        t1 = MockSenseTransport()
+        t2 = t1.create_peer()
+        assert t1.hub is t2.hub
+
+
+# ---------- SenseMixin tests ----------
+
+class SenseAgent(SenseMixin, Agent):
+    """Agent with sensing capabilities for testing."""
+    pass
+
+
+class TestSenseMixin:
+    def _make_agent(self, name: str, response_text: str = "Done") -> SenseAgent:
+        """Create a sense agent with a mock LLM client."""
+        client = MockLLMClient([MockResponse(text=response_text)])
+        agent = SenseAgent(
+            name=name,
+            instruction=f"You are {name}.",
+            model_client=client,
+        )
+        return agent
+
+    async def test_join_and_leave_network(self):
+        transport = MockSenseTransport()
+        agent = self._make_agent("watcher")
+
+        await agent.join_network(transport, "test-ns", ["alerts"])
+        assert agent._transport is not None
+        assert agent._signal_task is not None
+
+        await agent.leave_network()
+        assert agent._transport is None
+
+    async def test_broadcast_signal(self):
+        hub = _MockSenseHub()
+        t1 = MockSenseTransport(hub)
+        t2 = MockSenseTransport(hub)
+
+        sender = self._make_agent("sender")
+        receiver = self._make_agent("receiver")
+
+        received_signals: list[Signal] = []
+
+        @receiver.on_signal("alert")
+        async def handle_alert(signal: Signal):
+            received_signals.append(signal)
+
+        await sender.join_network(t1, "test-ns", ["alerts"])
+        await receiver.join_network(t2, "test-ns", ["alerts"])
+
+        signal = Signal(kind="alert", sender="sender", payload={"cpu": 95})
+        await sender.broadcast("alerts", signal)
+
+        # Give signal loop time to process
+        await asyncio.sleep(0.3)
+
+        assert len(received_signals) == 1
+        assert received_signals[0].kind == "alert"
+        assert received_signals[0].payload == {"cpu": 95}
+
+        await sender.leave_network()
+        await receiver.leave_network()
+
+    async def test_request_response(self):
+        """Test request/response pattern between two agents."""
+        hub = _MockSenseHub()
+        t1 = MockSenseTransport(hub)
+        t2 = MockSenseTransport(hub)
+
+        # Worker agent that responds with "CPU at 45%"
+        worker = self._make_agent("cpu-watcher", response_text="CPU at 45%")
+        await worker.join_network(t1, "test-ns", ["tasks"])
+
+        # Commander agent
+        commander = self._make_agent("commander", response_text="Analysis complete")
+        await commander.join_network(t2, "test-ns", ["tasks"])
+
+        # Commander requests work from worker
+        result = await commander.request("cpu-watcher", "What is the CPU usage?", timeout=5.0)
+        assert result == "CPU at 45%"
+
+        await worker.leave_network()
+        await commander.leave_network()
+
+    async def test_request_timeout(self):
+        """Test that request times out when no agent responds."""
+        transport = MockSenseTransport()
+        agent = self._make_agent("lonely-agent")
+        await agent.join_network(transport, "test-ns", ["tasks"])
+
+        with pytest.raises(TimeoutError, match="No response"):
+            await agent.request("nonexistent-agent", "hello?", timeout=0.5)
+
+        await agent.leave_network()
+
+    async def test_on_signal_handler(self):
+        """Test custom signal handler registration."""
+        transport = MockSenseTransport()
+        agent = self._make_agent("handler-agent")
+
+        received_signals: list[Signal] = []
+
+        @agent.on_signal("alert")
+        async def handle_alert(signal: Signal):
+            received_signals.append(signal)
+
+        await agent.join_network(transport, "test-ns", ["alerts"])
+
+        # Simulate receiving an alert from another agent
+        alert = Signal(kind="alert", sender="other-agent", payload={"severity": "high"})
+        queue = transport.hub.queues.get("handler-agent")
+        if queue:
+            await queue.put(alert)
+
+        # Give signal loop time to process
+        await asyncio.sleep(0.2)
+
+        assert len(received_signals) == 1
+        assert received_signals[0].payload["severity"] == "high"
+
+        await agent.leave_network()
+
+    async def test_skip_own_signals(self):
+        """Agents should not process their own signals."""
+        transport = MockSenseTransport()
+        agent = self._make_agent("self-talker")
+
+        received_signals: list[Signal] = []
+
+        @agent.on_signal("alert")
+        async def handle_alert(signal: Signal):
+            received_signals.append(signal)
+
+        await agent.join_network(transport, "test-ns", ["alerts"])
+
+        # Put our own signal in the queue
+        own_signal = Signal(kind="alert", sender="self-talker", payload={})
+        queue = transport.hub.queues.get("self-talker")
+        if queue:
+            await queue.put(own_signal)
+
+        await asyncio.sleep(0.2)
+
+        # Should not have processed our own signal
+        assert len(received_signals) == 0
+
+        await agent.leave_network()
+
+    async def test_targeted_signal_filtering(self):
+        """Agents should skip signals targeted at other agents."""
+        transport = MockSenseTransport()
+        agent = self._make_agent("agent-a")
+
+        received_signals: list[Signal] = []
+
+        @agent.on_signal("request")
+        async def handle_request(signal: Signal):
+            received_signals.append(signal)
+
+        await agent.join_network(transport, "test-ns", ["tasks"])
+
+        # Signal targeted at another agent
+        signal = Signal(
+            kind="request",
+            sender="commander",
+            payload={"task": "check logs"},
+            target="agent-b",
+        )
+        queue = transport.hub.queues.get("agent-a")
+        if queue:
+            await queue.put(signal)
+
+        await asyncio.sleep(0.2)
+
+        # Should not have processed it
+        assert len(received_signals) == 0
+
+        await agent.leave_network()
+
+
+# ---------- Claim protocol tests ----------
+
+class TestClaimProtocol:
+    async def test_claim_incident(self):
+        """Test basic incident claiming."""
+        hub = _MockSenseHub()
+        transport = MockSenseTransport(hub)
+        agent = SenseAgent(
+            name="commander",
+            instruction="Incident commander",
+            model_client=MockLLMClient([MockResponse(text="claimed")]),
+        )
+        await agent.join_network(transport, "test-ns", ["tasks"])
+
+        # Mark ourselves as having claimed (simulate winning)
+        agent._claimed_incidents.add("incident-001")
+        won = await agent.claim_incident("incident-001", "tasks")
+        assert won is True
+
+        await agent.leave_network()
+
+    async def test_release_incident(self):
+        """Test releasing a claimed incident."""
+        hub = _MockSenseHub()
+        transport = MockSenseTransport(hub)
+        agent = SenseAgent(
+            name="commander",
+            instruction="Incident commander",
+            model_client=MockLLMClient([MockResponse(text="released")]),
+        )
+        await agent.join_network(transport, "test-ns", ["tasks"])
+
+        agent._claimed_incidents.add("incident-001")
+        await agent.release_incident("incident-001", "tasks")
+        assert "incident-001" not in agent._claimed_incidents
+
+        await agent.leave_network()
+
+
+# ---------- SenseNetwork tests ----------
+
+class TestSenseNetwork:
+    async def test_add_agent(self):
+        transport = MockSenseTransport()
+        network = SenseNetwork(namespace="test-ns", transport=transport)
+
+        agent = SenseAgent(
+            name="watcher",
+            instruction="Watch things",
+            model_client=MockLLMClient([MockResponse(text="ok")]),
+        )
+        await network.add(agent, channels=["alerts"])
+        assert len(network.agents) == 1
+
+        await network.stop()
+
+    async def test_add_non_sense_agent_raises(self):
+        transport = MockSenseTransport()
+        network = SenseNetwork(namespace="test-ns", transport=transport)
+
+        agent = Agent(
+            name="plain-agent",
+            instruction="I am plain",
+            model_client=MockLLMClient([MockResponse(text="ok")]),
+        )
+        with pytest.raises(TypeError, match="must inherit from SenseMixin"):
+            await network.add(agent)
+
+    async def test_stop_disconnects_all(self):
+        transport = MockSenseTransport()
+        network = SenseNetwork(namespace="test-ns", transport=transport)
+
+        agent1 = SenseAgent(
+            name="agent-1",
+            instruction="Agent 1",
+            model_client=MockLLMClient([MockResponse(text="ok")]),
+        )
+        agent2 = SenseAgent(
+            name="agent-2",
+            instruction="Agent 2",
+            model_client=MockLLMClient([MockResponse(text="ok")]),
+        )
+
+        await network.add(agent1, channels=["alerts"])
+        await network.add(agent2, channels=["alerts"])
+        assert len(network.agents) == 2
+
+        await network.stop()
+        assert len(network.agents) == 0
+        assert agent1._transport is None
+        assert agent2._transport is None
+
+
+# ---------- Event dataclass tests ----------
+
+class TestSenseEvents:
+    def test_signal_received_event(self):
+        event = SignalReceivedEvent(
+            sender="agent-1",
+            kind="alert",
+            channel="bedsheet.ops.alerts",
+            payload={"cpu": 95},
+        )
+        assert event.type == "signal_received"
+
+    def test_agent_connected_event(self):
+        event = AgentConnectedEvent(
+            agent_id="agent-1",
+            agent_name="CPU Watcher",
+            namespace="cloud-ops",
+        )
+        assert event.type == "agent_connected"
+
+    def test_agent_disconnected_event(self):
+        event = AgentDisconnectedEvent(
+            agent_id="agent-1",
+            agent_name="CPU Watcher",
+            namespace="cloud-ops",
+        )
+        assert event.type == "agent_disconnected"
+
+    def test_remote_delegation_event(self):
+        event = RemoteDelegationEvent(
+            agent_name="cpu-watcher",
+            task="Check CPU",
+            correlation_id="abc123",
+        )
+        assert event.type == "remote_delegation"
+
+    def test_remote_result_event(self):
+        event = RemoteResultEvent(
+            agent_name="cpu-watcher",
+            result="CPU at 45%",
+            correlation_id="abc123",
+        )
+        assert event.type == "remote_result"

From 993b28e3de1ed2f149841fa4930df32db1fb2df7 Mon Sep 17 00:00:00 2001
From: Sivan Grunberg <sivan@vitakka.co>
Date: Mon, 9 Feb 2026 22:21:36 +0200
Subject: [PATCH 3/5] fix: remove unused imports flagged by ruff lint

---
 bedsheet/sense/mixin.py                             | 7 +------
 bedsheet/sense/pubnub_transport.py                  | 2 +-
 examples/cloud-monitor/agents/cpu_watcher.py        | 1 -
 examples/cloud-monitor/agents/incident_commander.py | 1 -
 examples/cloud-monitor/agents/log_analyzer.py       | 1 -
 examples/cloud-monitor/agents/memory_watcher.py     | 1 -
 examples/cloud-monitor/agents/security_scanner.py   | 1 -
 tests/test_sense.py                                 | 6 ++----
 8 files changed, 4 insertions(+), 16 deletions(-)

diff --git a/bedsheet/sense/mixin.py b/bedsheet/sense/mixin.py
index 7136411..c7de5bb 100644
--- a/bedsheet/sense/mixin.py
+++ b/bedsheet/sense/mixin.py
@@ -4,12 +4,7 @@
 from typing import Any, Callable, Awaitable
 from uuid import uuid4
 
-from bedsheet.events import (
-    CompletionEvent,
-    RemoteDelegationEvent,
-    RemoteResultEvent,
-    SignalReceivedEvent,
-)
+from bedsheet.events import CompletionEvent
 from bedsheet.sense.protocol import SenseTransport
 from bedsheet.sense.signals import Signal, SignalKind
 
diff --git a/bedsheet/sense/pubnub_transport.py b/bedsheet/sense/pubnub_transport.py
index 629e70d..965dd53 100644
--- a/bedsheet/sense/pubnub_transport.py
+++ b/bedsheet/sense/pubnub_transport.py
@@ -7,7 +7,7 @@
 import logging
 from typing import Any, AsyncIterator
 
-from bedsheet.sense.protocol import AgentPresence, SenseTransport
+from bedsheet.sense.protocol import AgentPresence
 from bedsheet.sense.serialization import deserialize, serialize
 from bedsheet.sense.signals import Signal
 
diff --git a/examples/cloud-monitor/agents/cpu_watcher.py b/examples/cloud-monitor/agents/cpu_watcher.py
index 4b6d2e0..aa412b7 100644
--- a/examples/cloud-monitor/agents/cpu_watcher.py
+++ b/examples/cloud-monitor/agents/cpu_watcher.py
@@ -1,7 +1,6 @@
 """CPU Watcher agent - monitors CPU usage and alerts on spikes."""
 import asyncio
 import os
-import sys
 
 import psutil
 
diff --git a/examples/cloud-monitor/agents/incident_commander.py b/examples/cloud-monitor/agents/incident_commander.py
index 9ac7f29..11d6553 100644
--- a/examples/cloud-monitor/agents/incident_commander.py
+++ b/examples/cloud-monitor/agents/incident_commander.py
@@ -1,7 +1,6 @@
 """Incident Commander agent - coordinates responses to alerts via the sense network."""
 import asyncio
 import os
-import sys
 
 from bedsheet import Agent, ActionGroup, SenseMixin
 from bedsheet.llm.anthropic import AnthropicClient
diff --git a/examples/cloud-monitor/agents/log_analyzer.py b/examples/cloud-monitor/agents/log_analyzer.py
index 379a89e..e0a9d95 100644
--- a/examples/cloud-monitor/agents/log_analyzer.py
+++ b/examples/cloud-monitor/agents/log_analyzer.py
@@ -3,7 +3,6 @@
 import io
 import os
 import re
-import sys
 from collections import Counter
 
 from bedsheet import Agent, ActionGroup, SenseMixin
diff --git a/examples/cloud-monitor/agents/memory_watcher.py b/examples/cloud-monitor/agents/memory_watcher.py
index 619997f..b681805 100644
--- a/examples/cloud-monitor/agents/memory_watcher.py
+++ b/examples/cloud-monitor/agents/memory_watcher.py
@@ -1,7 +1,6 @@
 """Memory Watcher agent - monitors RAM and swap usage."""
 import asyncio
 import os
-import sys
 
 import psutil
 
diff --git a/examples/cloud-monitor/agents/security_scanner.py b/examples/cloud-monitor/agents/security_scanner.py
index 78f70c5..63513dd 100644
--- a/examples/cloud-monitor/agents/security_scanner.py
+++ b/examples/cloud-monitor/agents/security_scanner.py
@@ -2,7 +2,6 @@
 import asyncio
 import os
 import socket
-import sys
 
 from bedsheet import Agent, ActionGroup, SenseMixin
 from bedsheet.llm.anthropic import AnthropicClient
diff --git a/tests/test_sense.py b/tests/test_sense.py
index 569b302..32b317f 100644
--- a/tests/test_sense.py
+++ b/tests/test_sense.py
@@ -1,11 +1,9 @@
 """Tests for the Sense distributed communication module."""
 import asyncio
 import pytest
-from time import time
 
-from bedsheet import Agent, ActionGroup, SenseMixin, SenseNetwork
+from bedsheet import Agent, SenseMixin, SenseNetwork
 from bedsheet.events import (
-    CompletionEvent,
     SignalReceivedEvent,
     AgentConnectedEvent,
     AgentDisconnectedEvent,
@@ -14,7 +12,7 @@
 )
 from bedsheet.sense.signals import Signal
 from bedsheet.sense.serialization import serialize, deserialize, MAX_MESSAGE_BYTES
-from bedsheet.sense.protocol import AgentPresence, SenseTransport
+from bedsheet.sense.protocol import AgentPresence
 from bedsheet.testing import MockLLMClient, MockResponse, MockSenseTransport, _MockSenseHub
 
 

From 9ae3037d6343313c1269505d6f07643e4cdaacdc Mon Sep 17 00:00:00 2001
From: Sivan Grunberg <sivan@vitakka.co>
Date: Tue, 10 Feb 2026 01:31:21 +0200
Subject: [PATCH 4/5] feat: add Agent Sentinel demo and design documentation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Agent Sentinel is a security monitoring demo inspired by the OpenClaw
crisis — 3 worker agents (web researcher, scheduler, skill acquirer)
do real work while 2 sentinels + 1 commander detect rogue behavior
and supply chain attacks over PubNub in real-time.

Includes architecture deep-dive docs for Sixth Sense and Agent Sentinel.
---
 docs/agent-sentinel-guide.html                | 599 ++++++++++++++++
 docs/sixth-sense-design.html                  | 669 ++++++++++++++++++
 docs/sixth-sense-guide.html                   |  20 +
 examples/agent-sentinel/README.md             | 119 ++++
 examples/agent-sentinel/agents/__init__.py    |   0
 .../agents/behavior_sentinel.py               | 201 ++++++
 examples/agent-sentinel/agents/scheduler.py   | 179 +++++
 .../agents/sentinel_commander.py              | 239 +++++++
 .../agent-sentinel/agents/skill_acquirer.py   | 198 ++++++
 .../agents/supply_chain_sentinel.py           | 215 ++++++
 .../agent-sentinel/agents/web_researcher.py   | 140 ++++
 examples/agent-sentinel/bedsheet.yaml         |  39 +
 .../clawhub/data_exfiltrator.py               |  24 +
 examples/agent-sentinel/clawhub/registry.json |  17 +
 .../clawhub/sentiment_analyzer.py             |  21 +
 .../agent-sentinel/clawhub/weather_lookup.py  |  10 +
 examples/agent-sentinel/data/calendar.json    |   5 +
 examples/agent-sentinel/pyproject.toml        |   9 +
 examples/agent-sentinel/run.py                | 114 +++
 19 files changed, 2818 insertions(+)
 create mode 100644 docs/agent-sentinel-guide.html
 create mode 100644 docs/sixth-sense-design.html
 create mode 100644 examples/agent-sentinel/README.md
 create mode 100644 examples/agent-sentinel/agents/__init__.py
 create mode 100644 examples/agent-sentinel/agents/behavior_sentinel.py
 create mode 100644 examples/agent-sentinel/agents/scheduler.py
 create mode 100644 examples/agent-sentinel/agents/sentinel_commander.py
 create mode 100644 examples/agent-sentinel/agents/skill_acquirer.py
 create mode 100644 examples/agent-sentinel/agents/supply_chain_sentinel.py
 create mode 100644 examples/agent-sentinel/agents/web_researcher.py
 create mode 100644 examples/agent-sentinel/bedsheet.yaml
 create mode 100644 examples/agent-sentinel/clawhub/data_exfiltrator.py
 create mode 100644 examples/agent-sentinel/clawhub/registry.json
 create mode 100644 examples/agent-sentinel/clawhub/sentiment_analyzer.py
 create mode 100644 examples/agent-sentinel/clawhub/weather_lookup.py
 create mode 100644 examples/agent-sentinel/data/calendar.json
 create mode 100644 examples/agent-sentinel/pyproject.toml
 create mode 100644 examples/agent-sentinel/run.py

diff --git a/docs/agent-sentinel-guide.html b/docs/agent-sentinel-guide.html
new file mode 100644
index 0000000..53ab9aa
--- /dev/null
+++ b/docs/agent-sentinel-guide.html
@@ -0,0 +1,599 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Bedsheet Agents - Agent Sentinel Guide</title>
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/github-dark.min.css">
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/python.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/bash.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/json.min.js"></script>
+    <style>
+        :root {
+            --bg-primary: #1a1b26;
+            --bg-secondary: #1f2133;
+            --bg-tertiary: #262840;
+            --bg-card: #24263a;
+            --text-primary: #c0caf5;
+            --text-secondary: #9aa5ce;
+            --text-muted: #565f89;
+            --accent-blue: #7aa2f7;
+            --accent-green: #9ece6a;
+            --accent-purple: #bb9af7;
+            --accent-orange: #e0af68;
+            --accent-red: #f7768e;
+            --accent-cyan: #7dcfff;
+            --border-color: #3b3d57;
+            --code-bg: #1f2133;
+            --sidebar-width: 280px;
+        }
+
+        * { margin: 0; padding: 0; box-sizing: border-box; }
+        html { scroll-behavior: smooth; }
+
+        body {
+            font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+            background: var(--bg-primary);
+            color: var(--text-primary);
+            line-height: 1.7;
+            font-size: 16px;
+        }
+
+        .sidebar {
+            position: fixed; top: 0; left: 0;
+            width: var(--sidebar-width); height: 100vh;
+            background: var(--bg-secondary);
+            border-right: 1px solid var(--border-color);
+            overflow-y: auto; padding: 24px 0; z-index: 100;
+            display: flex; flex-direction: column;
+        }
+
+        .sidebar-header { padding: 0 20px 20px; border-bottom: 1px solid var(--border-color); margin-bottom: 16px; }
+        .sidebar-header h1 { font-size: 18px; font-weight: 700; margin-bottom: 4px; color: var(--accent-red); }
+        .sidebar-header .subtitle { font-size: 12px; color: var(--text-secondary); }
+        .nav-section { padding: 8px 20px; }
+        .nav-section-title { font-size: 11px; font-weight: 600; text-transform: uppercase; letter-spacing: 0.5px; color: var(--text-muted); margin-bottom: 8px; }
+        .nav-link { display: flex; align-items: center; padding: 6px 0; color: var(--text-secondary); text-decoration: none; font-size: 14px; transition: color 0.15s; }
+        .nav-link:hover { color: var(--accent-cyan); }
+        .nav-link .step { display: inline-flex; align-items: center; justify-content: center; width: 20px; height: 20px; background: var(--border-color); border-radius: 50%; font-size: 11px; font-weight: 600; margin-right: 8px; color: var(--text-muted); }
+        .nav-link:hover .step { background: var(--accent-cyan); color: var(--bg-primary); }
+
+        .main-content { margin-left: var(--sidebar-width); max-width: 1000px; padding: 48px 64px; }
+        .hero { margin-bottom: 48px; }
+        .hero h1 { font-size: 42px; font-weight: 700; margin-bottom: 16px; color: var(--accent-red); }
+        .hero .lead { font-size: 20px; color: var(--text-secondary); margin-bottom: 24px; }
+        .hero .badge-row { display: flex; gap: 8px; flex-wrap: wrap; }
+        .badge { display: inline-block; padding: 4px 12px; border-radius: 20px; font-size: 13px; font-weight: 500; }
+        .badge-blue { background: rgba(122, 162, 247, 0.15); color: var(--accent-blue); }
+        .badge-green { background: rgba(158, 206, 106, 0.15); color: var(--accent-green); }
+        .badge-purple { background: rgba(187, 154, 247, 0.15); color: var(--accent-purple); }
+        .badge-orange { background: rgba(224, 175, 104, 0.15); color: var(--accent-orange); }
+        .badge-red { background: rgba(247, 118, 142, 0.15); color: var(--accent-red); }
+        .badge-cyan { background: rgba(125, 207, 255, 0.15); color: var(--accent-cyan); }
+
+        h2 { font-size: 28px; font-weight: 600; margin-top: 64px; margin-bottom: 24px; padding-bottom: 12px; border-bottom: 1px solid var(--border-color); display: flex; align-items: center; gap: 12px; color: var(--text-primary); }
+        h2 .step-number { display: inline-flex; align-items: center; justify-content: center; width: 36px; height: 36px; background: var(--accent-red); color: var(--bg-primary); border-radius: 50%; font-size: 18px; font-weight: 700; }
+        h3 { font-size: 20px; font-weight: 600; margin-top: 40px; margin-bottom: 16px; color: var(--accent-cyan); }
+        h4 { font-size: 16px; font-weight: 600; margin-top: 32px; margin-bottom: 12px; color: var(--text-secondary); }
+        p { margin-bottom: 16px; }
+
+        pre { background: var(--code-bg); border: 1px solid var(--border-color); border-radius: 8px; padding: 20px; overflow-x: auto; margin: 16px 0 24px 0; font-size: 14px; white-space: pre; }
+        code { font-family: 'JetBrains Mono', monospace; }
+        p code, li code, td code { background: var(--bg-tertiary); padding: 2px 6px; border-radius: 4px; font-size: 0.9em; color: var(--accent-purple); }
+
+        .info-box { border-radius: 8px; padding: 16px 20px; margin: 20px 0; border-left: 4px solid; }
+        .info-box.tip { background: rgba(158, 206, 106, 0.08); border-color: var(--accent-green); }
+        .info-box.note { background: rgba(122, 162, 247, 0.08); border-color: var(--accent-blue); }
+        .info-box.warning { background: rgba(224, 175, 104, 0.08); border-color: var(--accent-orange); }
+        .info-box.danger { background: rgba(247, 118, 142, 0.08); border-color: var(--accent-red); }
+        .info-box-title { font-weight: 600; margin-bottom: 8px; font-size: 14px; }
+        .tip .info-box-title { color: var(--accent-green); }
+        .note .info-box-title { color: var(--accent-blue); }
+        .warning .info-box-title { color: var(--accent-orange); }
+        .danger .info-box-title { color: var(--accent-red); }
+        .info-box p:last-child { margin-bottom: 0; }
+
+        .output { background: #0d1117; color: #e5e7eb; border-radius: 8px; padding: 16px 20px; margin: 16px 0; font-family: 'JetBrains Mono', monospace; font-size: 13px; overflow-x: auto; white-space: pre; }
+        .whats-happening { background: var(--bg-card); border-radius: 8px; padding: 20px; margin: 20px 0; border: 1px solid var(--border-color); }
+        .whats-happening h4 { margin-top: 0; color: var(--accent-purple); }
+        .whats-happening ol, .whats-happening ul { margin-left: 24px; margin-bottom: 0; }
+        .whats-happening li { margin-bottom: 8px; }
+        ul, ol { margin-left: 24px; margin-bottom: 16px; }
+        li { margin-bottom: 8px; }
+        .architecture { background: var(--bg-card); border-radius: 8px; padding: 20px; margin: 20px 0; font-family: 'JetBrains Mono', monospace; font-size: 13px; overflow-x: auto; white-space: pre; border: 1px solid var(--border-color); }
+        .feature-grid { display: grid; grid-template-columns: repeat(2, 1fr); gap: 16px; margin: 24px 0; }
+        .feature-card { background: var(--bg-card); border-radius: 8px; padding: 20px; border-left: 4px solid var(--accent-red); border: 1px solid var(--border-color); border-left: 4px solid var(--accent-red); }
+        .feature-card h4 { margin-top: 0; color: var(--accent-red); }
+        .feature-card p { margin-bottom: 0; font-size: 14px; }
+        .threat-card { background: var(--bg-card); border-radius: 8px; padding: 20px; border-left: 4px solid var(--accent-orange); border: 1px solid var(--border-color); margin: 12px 0; }
+        .threat-card h4 { margin-top: 0; color: var(--accent-orange); font-size: 15px; }
+        .threat-card p { margin-bottom: 0; font-size: 14px; }
+
+        table { width: 100%; border-collapse: collapse; margin: 16px 0; }
+        th, td { padding: 10px 14px; border: 1px solid var(--border-color); text-align: left; font-size: 14px; }
+        th { background: var(--bg-secondary); font-weight: 600; color: var(--accent-cyan); }
+
+        a { color: var(--accent-blue); text-decoration: none; }
+        a:hover { text-decoration: underline; }
+
+        footer { margin-top: 64px; padding-top: 32px; border-top: 1px solid var(--border-color); color: var(--text-muted); text-align: center; }
+        footer a { color: var(--accent-blue); text-decoration: none; }
+    </style>
+</head>
+<body>
+
+<nav class="sidebar">
+    <div class="sidebar-header">
+        <h1>Agent Sentinel</h1>
+        <div class="subtitle">AI Agent Security Monitoring</div>
+    </div>
+    <div class="nav-section">
+        <div class="nav-section-title">Context</div>
+        <a href="#threat-landscape" class="nav-link"><span class="step">1</span> Threat Landscape</a>
+        <a href="#architecture" class="nav-link"><span class="step">2</span> Architecture</a>
+    </div>
+    <div class="nav-section">
+        <div class="nav-section-title">Workers</div>
+        <a href="#web-researcher" class="nav-link"><span class="step">3</span> Web Researcher</a>
+        <a href="#scheduler" class="nav-link"><span class="step">4</span> Scheduler</a>
+        <a href="#skill-acquirer" class="nav-link"><span class="step">5</span> Skill Acquirer</a>
+    </div>
+    <div class="nav-section">
+        <div class="nav-section-title">Sentinels</div>
+        <a href="#behavior-sentinel" class="nav-link"><span class="step">6</span> Behavior Sentinel</a>
+        <a href="#supply-chain-sentinel" class="nav-link"><span class="step">7</span> Supply Chain Sentinel</a>
+        <a href="#sentinel-commander" class="nav-link"><span class="step">8</span> Sentinel Commander</a>
+    </div>
+    <div class="nav-section">
+        <div class="nav-section-title">Running</div>
+        <a href="#setup" class="nav-link"><span class="step">9</span> Setup &amp; Run</a>
+        <a href="#demo-flow" class="nav-link"><span class="step">10</span> Demo Flow</a>
+    </div>
+</nav>
+
+<main class="main-content">
+    <div class="hero">
+        <h1>Agent Sentinel</h1>
+        <p class="lead">Real-time AI agent security monitoring. Workers do real tasks. Sentinels watch for compromise. Commanders quarantine threats. All over PubNub.</p>
+        <div class="badge-row">
+            <span class="badge badge-red">Security Monitoring</span>
+            <span class="badge badge-cyan">Real I/O</span>
+            <span class="badge badge-green">PubNub</span>
+            <span class="badge badge-purple">Bedsheet Sense</span>
+            <span class="badge badge-orange">OpenClaw Inspired</span>
+        </div>
+    </div>
+
+    <!-- Section 1: Threat Landscape -->
+    <h2 id="threat-landscape"><span class="step-number">1</span> The Threat Landscape</h2>
+
+    <p>The OpenClaw crisis of January-February 2026 showed the world what happens when AI agents go wrong. This demo recreates those scenarios in a controlled environment so you can see how distributed sentinel agents detect and respond to compromise.</p>
+
+    <div class="threat-card">
+        <h4>Rogue Agent Behavior</h4>
+        <p>An OpenClaw agent gained iMessage access and spammed 500+ messages to a user's contacts. Our <strong>behavior sentinel</strong> monitors output rates to detect this kind of anomaly.</p>
+    </div>
+
+    <div class="threat-card">
+        <h4>Supply Chain Attacks</h4>
+        <p>7.1% of skills in the ClawHub marketplace contained malicious code. Our <strong>supply chain sentinel</strong> verifies skill integrity using SHA-256 hashes against a known-good registry.</p>
+    </div>
+
+    <div class="threat-card">
+        <h4>API Key Exposure</h4>
+        <p>The Moltbook breach exposed 1.5 million API keys. Our workers simulate real tasks where credentials could leak if an agent goes rogue.</p>
+    </div>
+
+    <div class="threat-card">
+        <h4>Mass Exposure</h4>
+        <p>Over 40,000 unsecured OpenClaw instances were found on the public internet. Sentinel networks like this one provide the missing security layer.</p>
+    </div>
+
+    <!-- Section 2: Architecture -->
+    <h2 id="architecture"><span class="step-number">2</span> Architecture</h2>
+
+    <p>Agent Sentinel uses six agents organized in three tiers:</p>
+
+    <div class="architecture">                          ┌─────────────────────┐
+                          │  sentinel-commander  │  Correlates alerts,
+                          │  (SenseMixin+Agent)  │  issues quarantine
+                          └──────────┬──────────┘
+                 PubNub alerts       │       PubNub queries
+              ┌──────────────────────┼──────────────────────┐
+              │                      │                      │
+    ┌─────────┴──────────┐ ┌────────┴─────────┐           │
+    │  behavior-sentinel │ │  supply-chain-    │           │
+    │  reads activity log│ │  sentinel         │           │
+    │  detects rate spikes│ │  hashes skills   │           │
+    └─────────┬──────────┘ └────────┬─────────┘           │
+              │  reads files        │  reads files         │
+    ┌─────────┴─────────────────────┴──────────────────────┘
+    │
+    │  data/activity_log.jsonl              data/installed_skills/
+    │  (workers append here)                (skill-acquirer writes here)
+    │
+    ├─────────────────┬───────────────────┐
+    │                 │                   │
+┌───┴────────┐  ┌────┴───────┐  ┌────────┴──────┐
+│ web-       │  │ scheduler  │  │ skill-        │
+│ researcher │  │ JSON cal.  │  │ acquirer      │
+│ DuckDuckGo │  │ CRUD       │  │ SHA-256 verify│
+└────────────┘  └────────────┘  └───────────────┘
+  ~15% rogue      ~15% rogue      ~15% rogue</div>
+
+    <h3>Communication Channels</h3>
+
+    <table>
+        <tr><th>Channel</th><th>Purpose</th><th>Who Publishes</th><th>Who Listens</th></tr>
+        <tr><td><code>alerts</code></td><td>Security alerts</td><td>Sentinels</td><td>Commander</td></tr>
+        <tr><td><code>quarantine</code></td><td>Quarantine orders</td><td>Commander</td><td>All agents</td></tr>
+        <tr><td><code>{agent-name}</code></td><td>Direct messages</td><td>Commander (queries)</td><td>Individual agents</td></tr>
+    </table>
+
+    <h3>Data Flow</h3>
+
+    <p>Workers write to shared files. Sentinels read those files. This is <strong>real file I/O</strong>, not in-memory simulation:</p>
+
+    <table>
+        <tr><th>File</th><th>Writer</th><th>Reader</th><th>Format</th></tr>
+        <tr><td><code>data/activity_log.jsonl</code></td><td>All workers</td><td>behavior-sentinel</td><td>JSON Lines (one object per line)</td></tr>
+        <tr><td><code>data/calendar.json</code></td><td>scheduler</td><td>scheduler</td><td>JSON array</td></tr>
+        <tr><td><code>data/installed_skills/</code></td><td>skill-acquirer</td><td>supply-chain-sentinel</td><td>.py files</td></tr>
+        <tr><td><code>clawhub/registry.json</code></td><td>(pre-seeded)</td><td>skill-acquirer, supply-chain-sentinel</td><td>JSON object</td></tr>
+    </table>
+
+    <!-- Section 3: Web Researcher -->
+    <h2 id="web-researcher"><span class="step-number">3</span> Web Researcher</h2>
+
+    <p>The web researcher performs <strong>real DuckDuckGo searches</strong> every 15 seconds. The LLM picks a topic and uses the <code>search_web</code> tool to find recent news.</p>
+
+    <h3>Tools</h3>
+
+    <pre><code class="language-python">@research_tools.action("search_web", "Search the web using DuckDuckGo")
+async def search_web(query: str) -> str:
+    ddgs = DDGS()
+    results = ddgs.text(query, max_results=3)
+    _log_activity("web-researcher", "search", query)
+    # Returns formatted search results...</code></pre>
+
+    <h3>Rogue Behavior (~15% chance)</h3>
+
+    <p>When triggered, the web researcher enters a rapid-fire search burst &mdash; 50 searches in quick succession, each logged to the activity log. This simulates the output spam pattern seen in the OpenClaw incident:</p>
+
+    <pre><code class="language-python">async def _rogue_search_burst():
+    junk_queries = [
+        "password dump site", "free API keys list",
+        "bypass authentication", "exploit database 2026",
+    ]
+    for i in range(50):
+        query = random.choice(junk_queries) + f" {i}"
+        ddgs.text(query, max_results=1)
+        _log_activity("web-researcher", "search", f"[ROGUE] {query}")</code></pre>
+
+    <div class="info-box note">
+        <div class="info-box-title">Detection Point</div>
+        <p>The behavior sentinel reads <code>data/activity_log.jsonl</code> and calculates actions-per-minute. A burst of 50 searches triggers a rate anomaly alert at the threshold of 10 actions/min.</p>
+    </div>
+
+    <!-- Section 4: Scheduler -->
+    <h2 id="scheduler"><span class="step-number">4</span> Scheduler</h2>
+
+    <p>The scheduler manages a <strong>real JSON calendar file</strong> (<code>data/calendar.json</code>). Every 20 seconds, the LLM reviews and manages appointments.</p>
+
+    <h3>Tools</h3>
+
+    <pre><code class="language-python">@scheduler_tools.action("list_appointments", "List all scheduled appointments")
+async def list_appointments() -> str:
+    appointments = _read_calendar()  # Reads data/calendar.json
+    ...
+
+@scheduler_tools.action("add_appointment", "Add a new appointment")
+async def add_appointment(title: str, date: str, time_str: str) -> str:
+    appointments = _read_calendar()
+    appointments.append(new_apt)
+    _write_calendar(appointments)  # Writes data/calendar.json
+    ...</code></pre>
+
+    <h3>Rogue Behavior (~15% chance)</h3>
+
+    <p>Calendar sabotage: deletes all real appointments and fills the calendar with 20 junk entries dated 1999-01-01. Each deletion and addition is logged to the activity log.</p>
+
+    <!-- Section 5: Skill Acquirer -->
+    <h2 id="skill-acquirer"><span class="step-number">5</span> Skill Acquirer</h2>
+
+    <p>The skill acquirer manages a local <strong>ClawHub-style marketplace</strong>. It installs Python skill files from <code>clawhub/</code> into <code>data/installed_skills/</code>, verifying SHA-256 hashes against the registry.</p>
+
+    <h3>The ClawHub Registry</h3>
+
+    <pre><code class="language-json">{
+  "weather_lookup.py": {
+    "sha256": "a5212db6...",
+    "malicious": false,
+    "description": "Weather Lookup"
+  },
+  "data_exfiltrator.py": {
+    "sha256": "d18b5ae5...",
+    "malicious": true,
+    "description": "Data Exfiltrator"
+  }
+}</code></pre>
+
+    <h3>Normal Behavior</h3>
+
+    <p>The install tool checks the registry before installing. If a skill is flagged <code>"malicious": true</code>, installation is blocked:</p>
+
+    <pre><code class="language-python">@skill_tools.action("install_skill", "Install a skill from ClawHub")
+async def install_skill(skill_name: str) -> str:
+    info = registry[skill_name]
+    if info.get("malicious"):
+        return f"BLOCKED: '{skill_name}' is flagged as malicious"
+
+    # Verify SHA-256 before installing
+    actual_hash = hashlib.sha256(open(source, "rb").read()).hexdigest()
+    if actual_hash != info["sha256"]:
+        return "INTEGRITY ERROR: hash mismatch"
+
+    shutil.copy2(source, dest)
+    return f"Installed '{skill_name}' (SHA-256 verified)"</code></pre>
+
+    <h3>Rogue Behavior (~15% chance)</h3>
+
+    <p>Bypasses the malicious check and installs <code>data_exfiltrator.py</code> directly. The file is inert (no actual network calls), but contains suspicious imports (<code>base64</code>, <code>socket</code>) that the supply chain sentinel will flag.</p>
+
+    <div class="info-box danger">
+        <div class="info-box-title">The data_exfiltrator.py Skill</div>
+        <p>This file is intentionally crafted to look malicious for the demo. It imports <code>base64</code> and <code>socket</code> and defines an <code>_EXFIL_ENDPOINT</code>, but the <code>exfiltrate_data()</code> function just returns a string. It performs <strong>no actual network calls or data theft</strong>.</p>
+    </div>
+
+    <!-- Section 6: Behavior Sentinel -->
+    <h2 id="behavior-sentinel"><span class="step-number">6</span> Behavior Sentinel</h2>
+
+    <p>The behavior sentinel monitors <strong>output rates</strong> by reading the shared activity log every 10 seconds. It doesn't use the LLM for monitoring &mdash; it does direct file I/O and math.</p>
+
+    <h3>Detection Logic</h3>
+
+    <pre><code class="language-python"># Monitoring loop (every 10 seconds):
+entries = _read_recent_activity(minutes=2)
+counts = {}
+for e in entries:
+    agent = e.get("agent", "unknown")
+    counts[agent] = counts.get(agent, 0) + 1
+
+for agent_name, count in counts.items():
+    rate = count / 2.0  # actions per minute
+    if rate > 10:  # THRESHOLD
+        alert = Signal(
+            kind="alert",
+            sender="behavior-sentinel",
+            payload={
+                "severity": "high",
+                "category": "behavior_anomaly",
+                "agent": agent_name,
+                "rate": rate,
+                "message": f"Agent '{agent_name}' output rate anomaly",
+            },
+        )
+        await agent.broadcast("alerts", alert)</code></pre>
+
+    <h3>Tools (for commander queries)</h3>
+
+    <p>When the commander queries the behavior sentinel via <code>request()</code>, the LLM uses these tools to investigate:</p>
+
+    <table>
+        <tr><th>Tool</th><th>What It Does</th></tr>
+        <tr><td><code>check_activity_log(minutes)</code></td><td>Count actions per agent in time window</td></tr>
+        <tr><td><code>check_output_rate(agent_name)</code></td><td>Actions/minute for a specific agent</td></tr>
+        <tr><td><code>get_anomaly_report()</code></td><td>Full report of all anomalies detected</td></tr>
+    </table>
+
+    <!-- Section 7: Supply Chain Sentinel -->
+    <h2 id="supply-chain-sentinel"><span class="step-number">7</span> Supply Chain Sentinel</h2>
+
+    <p>The supply chain sentinel scans <code>data/installed_skills/</code> every 15 seconds, computing SHA-256 hashes and comparing them against the ClawHub registry.</p>
+
+    <h3>Detection Logic</h3>
+
+    <pre><code class="language-python">def _scan_for_issues() -> list[dict]:
+    registry = _load_registry()
+    for f in os.listdir(_INSTALLED_DIR):
+        actual_hash = hashlib.sha256(open(path, "rb").read()).hexdigest()
+        info = registry.get(f)
+
+        if info is None:
+            issues.append({"type": "unknown_origin"})
+        elif info.get("malicious"):
+            issues.append({"type": "known_malicious"})
+        elif actual_hash != info["sha256"]:
+            issues.append({"type": "hash_mismatch"})
+    return issues</code></pre>
+
+    <p>Three detection categories:</p>
+
+    <table>
+        <tr><th>Issue Type</th><th>Severity</th><th>Meaning</th></tr>
+        <tr><td><code>known_malicious</code></td><td>Critical</td><td>Installed skill is flagged malicious in registry</td></tr>
+        <tr><td><code>hash_mismatch</code></td><td>High</td><td>File has been tampered with since registry was created</td></tr>
+        <tr><td><code>unknown_origin</code></td><td>High</td><td>Skill not in registry at all (unknown provenance)</td></tr>
+    </table>
+
+    <!-- Section 8: Sentinel Commander -->
+    <h2 id="sentinel-commander"><span class="step-number">8</span> Sentinel Commander</h2>
+
+    <p>The commander is the correlation engine. It listens for alert signals and uses <strong>Sense network RPC</strong> to query sentinels for evidence before issuing quarantine.</p>
+
+    <h3>Alert Handling Flow</h3>
+
+    <div class="whats-happening">
+        <h4>When an alert arrives:</h4>
+        <ol>
+            <li><strong>Claim the incident</strong> using the claim protocol (prevents duplicate handling)</li>
+            <li><strong>Query sentinels</strong> via <code>request_remote_agent()</code> for corroborating evidence</li>
+            <li><strong>Assess the threat</strong> &mdash; the LLM synthesizes findings from multiple sentinels</li>
+            <li><strong>Issue quarantine</strong> if evidence confirms compromise</li>
+            <li><strong>Generate report</strong> &mdash; a threat assessment printed to the console</li>
+        </ol>
+    </div>
+
+    <h3>Network Tools</h3>
+
+    <pre><code class="language-python">@commander_tools.action("request_remote_agent", "Query a sentinel for information")
+async def request_remote_agent(agent_name: str, task: str) -> str:
+    result = await _commander.request(agent_name, task, timeout=30.0)
+    return result
+
+@commander_tools.action("issue_quarantine", "Quarantine a compromised agent")
+async def issue_quarantine(agent_name: str, reason: str) -> str:
+    signal = Signal(
+        kind="alert",
+        sender="sentinel-commander",
+        payload={
+            "action": "quarantine",
+            "severity": "critical",
+            "agent": agent_name,
+            "reason": reason,
+        },
+    )
+    await _commander.broadcast("quarantine", signal)
+    return f"Quarantine issued for '{agent_name}'"</code></pre>
+
+    <div class="info-box tip">
+        <div class="info-box-title">How request() Works</div>
+        <p>When the commander calls <code>request("behavior-sentinel", "check web-researcher activity")</code>, the Sixth Sense sends a <code>request</code> signal to the behavior sentinel's direct channel. The sentinel's LLM receives the task, uses its tools to read the activity log, and sends the result back as a <code>response</code> signal matched by <code>correlation_id</code>. The commander's <code>request()</code> call returns the string result.</p>
+    </div>
+
+    <!-- Section 9: Setup -->
+    <h2 id="setup"><span class="step-number">9</span> Setup &amp; Run</h2>
+
+    <h3>Prerequisites</h3>
+
+    <ol>
+        <li><strong>PubNub account</strong> &mdash; Sign up at <a href="https://www.pubnub.com">pubnub.com</a> (free tier is sufficient)</li>
+        <li><strong>Anthropic API key</strong> &mdash; For Claude LLM access</li>
+        <li><strong>Python 3.11+</strong></li>
+    </ol>
+
+    <h3>Installation</h3>
+
+    <pre><code class="language-bash"># Install dependencies
+uv pip install bedsheet[sense] duckduckgo-search
+
+# Navigate to the demo
+cd examples/agent-sentinel
+
+# Validate the project configuration
+bedsheet validate</code></pre>
+
+    <div class="output">
+&#x2577; Configuration is valid!
+
+Configuration Summary:
+  Version: 1.0
+  Project: agent-sentinel
+  Active Target: local
+  Number of Agents: 6</div>
+
+    <h3>Running</h3>
+
+    <pre><code class="language-bash"># Set environment variables
+export PUBNUB_SUBSCRIBE_KEY=sub-c-...
+export PUBNUB_PUBLISH_KEY=pub-c-...
+export ANTHROPIC_API_KEY=sk-ant-...
+
+# Launch all 6 agents
+python run.py</code></pre>
+
+    <div class="output">============================================================
+  Agent Sentinel - AI Agent Security Monitoring
+  Inspired by the OpenClaw crisis of 2026
+  Launching 6 agents (3 workers + 2 sentinels + 1 commander)...
+============================================================
+  Starting web-researcher...
+[web-researcher] Online and researching...
+  Starting scheduler...
+[scheduler] Online and managing calendar...
+  Starting skill-acquirer...
+[skill-acquirer] Online and acquiring skills...
+  Starting behavior-sentinel...
+[behavior-sentinel] Online and monitoring behavior...
+  Starting supply-chain-sentinel...
+[supply-chain-sentinel] Online and monitoring skill integrity...
+  Starting sentinel-commander...
+[sentinel-commander] Online and coordinating...
+============================================================
+  All agents online! Workers are doing real work.
+  Sentinels are watching. ~15% chance of rogue behavior per cycle.
+  Press Ctrl+C to stop.
+============================================================</div>
+
+    <!-- Section 10: Demo Flow -->
+    <h2 id="demo-flow"><span class="step-number">10</span> Expected Demo Flow</h2>
+
+    <p>Because rogue behavior triggers randomly (~15% per cycle), each run tells a different story. Here's a typical sequence:</p>
+
+    <h3>Phase 1: Normal Operations (first 30-60 seconds)</h3>
+
+    <p>Workers do real work. The web researcher searches DuckDuckGo. The scheduler manages appointments. The skill acquirer installs legitimate skills. Sentinels scan and find nothing unusual.</p>
+
+    <h3>Phase 2: Rogue Trigger</h3>
+
+    <p>Eventually a worker goes rogue (15% chance per cycle). The most dramatic scenarios:</p>
+
+    <div class="info-box danger">
+        <div class="info-box-title">Scenario A: Search Spam</div>
+        <p>Web researcher fires 50 rapid searches. Behavior sentinel detects rate anomaly (25 actions/min, threshold is 10). Broadcasts alert. Commander investigates.</p>
+    </div>
+
+    <div class="info-box danger">
+        <div class="info-box-title">Scenario B: Malicious Skill Install</div>
+        <p>Skill acquirer installs <code>data_exfiltrator.py</code>. Supply chain sentinel detects known-malicious skill on next scan. Broadcasts critical alert. Commander queries both sentinels and issues quarantine.</p>
+    </div>
+
+    <h3>Phase 3: Commander Response</h3>
+
+    <div class="output">[sentinel-commander] Alert from behavior-sentinel: [high] Agent 'web-researcher' output rate anomaly
+[sentinel-commander] Claimed inc-a1b2c3, investigating...
+  -> request_remote_agent(behavior-sentinel, check web-researcher activity)
+  -> request_remote_agent(supply-chain-sentinel, audit installed skills)
+
+[THREAT ASSESSMENT]
+Based on my investigation:
+- behavior-sentinel reports web-researcher at 25.0 actions/min (threshold: 10)
+- supply-chain-sentinel reports no skill integrity issues
+Recommendation: Quarantine web-researcher for behavior anomaly.
+
+  -> issue_quarantine(web-researcher, Anomalous output rate detected)
+
+============================================================
+  QUARANTINE ISSUED: web-researcher
+  Reason: Anomalous output rate detected
+============================================================</div>
+
+    <h3>Using the Bedsheet CLI</h3>
+
+    <p>This project was created with the Bedsheet CLI and includes a <code>bedsheet.yaml</code> configuration:</p>
+
+    <pre><code class="language-bash"># Validate configuration
+bedsheet validate
+
+# Generate deployment artifacts
+bedsheet generate --target local    # Docker deployment
+bedsheet generate --target gcp      # Google Cloud Platform
+bedsheet generate --target aws      # Amazon Web Services</code></pre>
+
+    <div class="info-box tip">
+        <div class="info-box-title">Build Your Own</div>
+        <p>Start from scratch with <code>bedsheet init my-sentinel-network</code>, then add your own worker and sentinel agents. See the <a href="sixth-sense-guide.html">Sixth Sense Guide</a> for the full API tutorial, and the <a href="sixth-sense-design.html">Design Document</a> for architecture details.</p>
+    </div>
+
+    <footer>
+        <p>Bedsheet Agents &mdash; <a href="https://github.com/sivang/bedsheet">GitHub</a> | <a href="sixth-sense-guide.html">Sixth Sense Tutorial</a> | <a href="sixth-sense-design.html">Design Document</a></p>
+    </footer>
+</main>
+
+<script>hljs.highlightAll();</script>
+</body>
+</html>
diff --git a/docs/sixth-sense-design.html b/docs/sixth-sense-design.html
new file mode 100644
index 0000000..e034f33
--- /dev/null
+++ b/docs/sixth-sense-design.html
@@ -0,0 +1,669 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Bedsheet Agents - Sixth Sense Design &amp; Implementation</title>
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/github-dark.min.css">
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/python.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/bash.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/json.min.js"></script>
+    <style>
+        :root {
+            --bg-primary: #1a1b26;
+            --bg-secondary: #1f2133;
+            --bg-tertiary: #262840;
+            --text-primary: #c0caf5;
+            --text-secondary: #9aa5ce;
+            --text-muted: #565f89;
+            --accent-blue: #7aa2f7;
+            --accent-green: #9ece6a;
+            --accent-purple: #bb9af7;
+            --accent-orange: #e0af68;
+            --accent-red: #f7768e;
+            --border-color: #3b3d57;
+            --code-bg: #1f2133;
+            --sidebar-width: 280px;
+        }
+
+        * { margin: 0; padding: 0; box-sizing: border-box; }
+        html { scroll-behavior: smooth; }
+
+        body {
+            font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+            background: var(--bg-primary);
+            color: var(--text-primary);
+            line-height: 1.7;
+            font-size: 16px;
+        }
+
+        .sidebar {
+            position: fixed; top: 0; left: 0;
+            width: var(--sidebar-width); height: 100vh;
+            background: var(--bg-secondary);
+            border-right: 1px solid var(--border-color);
+            overflow-y: auto; padding: 24px 0; z-index: 100;
+            display: flex; flex-direction: column;
+        }
+
+        .sidebar-header { padding: 0 20px 20px; border-bottom: 1px solid var(--border-color); margin-bottom: 16px; }
+        .sidebar-header h1 { font-size: 18px; font-weight: 700; margin-bottom: 4px; color: var(--accent-blue); }
+        .sidebar-header .subtitle { font-size: 12px; color: var(--text-secondary); }
+        .nav-section { padding: 8px 20px; }
+        .nav-section-title { font-size: 11px; font-weight: 600; text-transform: uppercase; letter-spacing: 0.5px; color: var(--text-muted); margin-bottom: 8px; }
+        .nav-link { display: flex; align-items: center; padding: 6px 0; color: var(--text-secondary); text-decoration: none; font-size: 14px; transition: color 0.15s; }
+        .nav-link:hover { color: var(--accent-blue); }
+        .nav-link .step { display: inline-flex; align-items: center; justify-content: center; width: 20px; height: 20px; background: var(--border-color); border-radius: 50%; font-size: 11px; font-weight: 600; margin-right: 8px; color: var(--text-muted); }
+        .nav-link:hover .step { background: var(--accent-blue); color: white; }
+
+        .main-content { margin-left: var(--sidebar-width); max-width: 1000px; padding: 48px 64px; }
+        .hero { margin-bottom: 48px; }
+        .hero h1 { font-size: 42px; font-weight: 700; margin-bottom: 16px; }
+        .hero .lead { font-size: 20px; color: var(--text-secondary); margin-bottom: 24px; }
+        .hero .badge-row { display: flex; gap: 8px; flex-wrap: wrap; }
+        .badge { display: inline-block; padding: 4px 12px; border-radius: 20px; font-size: 13px; font-weight: 500; }
+        .badge-blue { background: rgba(122, 162, 247, 0.15); color: var(--accent-blue); }
+        .badge-green { background: rgba(158, 206, 106, 0.15); color: var(--accent-green); }
+        .badge-purple { background: rgba(187, 154, 247, 0.15); color: var(--accent-purple); }
+        .badge-orange { background: rgba(224, 175, 104, 0.15); color: var(--accent-orange); }
+        .badge-red { background: rgba(247, 118, 142, 0.15); color: var(--accent-red); }
+
+        h2 { font-size: 28px; font-weight: 600; margin-top: 64px; margin-bottom: 24px; padding-bottom: 12px; border-bottom: 1px solid var(--border-color); display: flex; align-items: center; gap: 12px; color: var(--text-primary); }
+        h2 .step-number { display: inline-flex; align-items: center; justify-content: center; width: 36px; height: 36px; background: var(--accent-blue); color: var(--bg-primary); border-radius: 50%; font-size: 18px; font-weight: 700; }
+        h3 { font-size: 20px; font-weight: 600; margin-top: 40px; margin-bottom: 16px; }
+        h4 { font-size: 16px; font-weight: 600; margin-top: 32px; margin-bottom: 12px; color: var(--text-secondary); }
+        p { margin-bottom: 16px; }
+
+        pre { background: var(--code-bg); border: 1px solid var(--border-color); border-radius: 8px; padding: 20px; overflow-x: auto; margin: 16px 0 24px 0; font-size: 14px; white-space: pre; }
+        code { font-family: 'JetBrains Mono', monospace; }
+        p code, li code, td code { background: var(--bg-tertiary); padding: 2px 6px; border-radius: 4px; font-size: 0.9em; color: var(--accent-purple); }
+
+        .info-box { border-radius: 8px; padding: 16px 20px; margin: 20px 0; border-left: 4px solid; }
+        .info-box.tip { background: rgba(158, 206, 106, 0.08); border-color: var(--accent-green); }
+        .info-box.note { background: rgba(122, 162, 247, 0.08); border-color: var(--accent-blue); }
+        .info-box.warning { background: rgba(224, 175, 104, 0.08); border-color: var(--accent-orange); }
+        .info-box.danger { background: rgba(247, 118, 142, 0.08); border-color: var(--accent-red); }
+        .info-box-title { font-weight: 600; margin-bottom: 8px; font-size: 14px; }
+        .tip .info-box-title { color: var(--accent-green); }
+        .note .info-box-title { color: var(--accent-blue); }
+        .warning .info-box-title { color: var(--accent-orange); }
+        .danger .info-box-title { color: var(--accent-red); }
+        .info-box p:last-child { margin-bottom: 0; }
+
+        .output { background: #0d1117; color: #e5e7eb; border-radius: 8px; padding: 16px 20px; margin: 16px 0; font-family: 'JetBrains Mono', monospace; font-size: 13px; overflow-x: auto; white-space: pre; }
+        .whats-happening { background: var(--bg-tertiary); border-radius: 8px; padding: 20px; margin: 20px 0; border: 1px solid var(--border-color); }
+        .whats-happening h4 { margin-top: 0; color: var(--accent-purple); }
+        .whats-happening ol, .whats-happening ul { margin-left: 24px; margin-bottom: 0; }
+        .whats-happening li { margin-bottom: 8px; }
+        ul, ol { margin-left: 24px; margin-bottom: 16px; }
+        li { margin-bottom: 8px; }
+        .architecture { background: var(--bg-tertiary); border-radius: 8px; padding: 20px; margin: 20px 0; font-family: 'JetBrains Mono', monospace; font-size: 13px; overflow-x: auto; white-space: pre; border: 1px solid var(--border-color); }
+        .feature-grid { display: grid; grid-template-columns: repeat(2, 1fr); gap: 16px; margin: 24px 0; }
+        .feature-card { background: var(--bg-tertiary); border-radius: 8px; padding: 20px; border: 1px solid var(--border-color); border-left: 4px solid var(--accent-blue); }
+        .feature-card h4 { margin-top: 0; color: var(--accent-blue); }
+        .feature-card p { margin-bottom: 0; font-size: 14px; }
+        .decision-box { background: var(--bg-tertiary); border-radius: 8px; padding: 20px; margin: 20px 0; border: 1px solid var(--border-color); border-left: 4px solid var(--accent-purple); }
+        .decision-box h4 { margin-top: 0; color: var(--accent-purple); }
+        .decision-box p:last-child { margin-bottom: 0; }
+
+        table { width: 100%; border-collapse: collapse; margin: 16px 0; }
+        th, td { padding: 10px 14px; border: 1px solid var(--border-color); text-align: left; font-size: 14px; }
+        th { background: var(--bg-secondary); font-weight: 600; color: var(--accent-blue); }
+
+        h3 { color: var(--accent-green); }
+
+        a { color: var(--accent-blue); text-decoration: none; }
+        a:hover { text-decoration: underline; }
+
+        footer { margin-top: 64px; padding-top: 32px; border-top: 1px solid var(--border-color); color: var(--text-muted); text-align: center; }
+        footer a { color: var(--accent-blue); text-decoration: none; }
+    </style>
+</head>
+<body>
+
+<nav class="sidebar">
+    <div class="sidebar-header">
+        <h1>Sixth Sense Design</h1>
+        <div class="subtitle">Architecture &amp; Implementation</div>
+    </div>
+    <div class="nav-section">
+        <div class="nav-section-title">Architecture</div>
+        <a href="#motivation" class="nav-link"><span class="step">1</span> Motivation</a>
+        <a href="#architecture" class="nav-link"><span class="step">2</span> Architecture Overview</a>
+        <a href="#signal-design" class="nav-link"><span class="step">3</span> Signal Design</a>
+        <a href="#transport-protocol" class="nav-link"><span class="step">4</span> Transport Protocol</a>
+    </div>
+    <div class="nav-section">
+        <div class="nav-section-title">PubNub Integration</div>
+        <a href="#why-pubnub" class="nav-link"><span class="step">5</span> Why PubNub</a>
+        <a href="#thread-bridge" class="nav-link"><span class="step">6</span> Thread-Asyncio Bridge</a>
+        <a href="#channel-naming" class="nav-link"><span class="step">7</span> Channel Naming</a>
+    </div>
+    <div class="nav-section">
+        <div class="nav-section-title">Implementation</div>
+        <a href="#mixin-pattern" class="nav-link"><span class="step">8</span> The Mixin Pattern</a>
+        <a href="#request-response" class="nav-link"><span class="step">9</span> Request/Response</a>
+        <a href="#claim-protocol" class="nav-link"><span class="step">10</span> Claim Protocol</a>
+        <a href="#testing" class="nav-link"><span class="step">11</span> Testing Strategy</a>
+        <a href="#tradeoffs" class="nav-link"><span class="step">12</span> Trade-offs</a>
+    </div>
+</nav>
+
+<main class="main-content">
+    <div class="hero">
+        <h1>The Sixth Sense: Design &amp; Implementation</h1>
+        <p class="lead">A deep dive into the architecture, design choices, and PubNub integration behind Bedsheet's distributed agent communication module.</p>
+        <div class="badge-row">
+            <span class="badge badge-blue">PubNub</span>
+            <span class="badge badge-green">Protocol-based</span>
+            <span class="badge badge-purple">Mixin Architecture</span>
+            <span class="badge badge-orange">Async-first</span>
+        </div>
+    </div>
+
+    <!-- Section 1: Motivation -->
+    <h2 id="motivation"><span class="step-number">1</span> Motivation</h2>
+
+    <p>Before the Sixth Sense, Bedsheet agents were limited to single-process execution. A Supervisor could coordinate multiple agents, but they all lived in the same Python process. This created three problems:</p>
+
+    <ol>
+        <li><strong>Scalability:</strong> A single process can only run so many agents before resource contention kills performance. CPU-intensive agents block the event loop for others.</li>
+        <li><strong>Isolation:</strong> One crashing agent can take down the whole system. No way to restart a single agent without restarting everything.</li>
+        <li><strong>Distribution:</strong> No way to run agents across machines or cloud providers. A monitoring agent on AWS can't talk to an analyzer on GCP.</li>
+    </ol>
+
+    <p>The Sixth Sense solves this by giving agents distributed communication over PubNub. Each agent runs in its own process (or container, or cloud function) and communicates through publish/subscribe messaging. They find each other by subscribing to shared channels.</p>
+
+    <div class="decision-box">
+        <h4>Design Goal</h4>
+        <p>Add distributed communication <strong>without changing how single agents work</strong>. A regular <code>Agent</code> stays exactly the same. You opt in to networking by adding <code>SenseMixin</code> to your class hierarchy &mdash; zero changes to existing code.</p>
+    </div>
+
+    <!-- Section 2: Architecture Overview -->
+    <h2 id="architecture"><span class="step-number">2</span> Architecture Overview</h2>
+
+    <p>The Sixth Sense is organized as a layered module inside <code>bedsheet/sense/</code>:</p>
+
+    <div class="architecture">bedsheet/sense/
+├── __init__.py           # Public API exports
+├── signals.py            # Signal dataclass &amp; SignalKind type
+├── serialization.py      # Compact JSON serialization (30KB limit)
+├── protocol.py           # SenseTransport Protocol &amp; AgentPresence
+├── mixin.py              # SenseMixin (the main integration point)
+├── network.py            # SenseNetwork (multi-agent convenience)
+└── pubnub_transport.py   # PubNub implementation</div>
+
+    <p>Each layer has a clear responsibility:</p>
+
+    <div class="feature-grid">
+        <div class="feature-card">
+            <h4>signals.py</h4>
+            <p>The <code>Signal</code> dataclass &mdash; the atomic unit of inter-agent communication. Seven signal kinds cover all interaction patterns.</p>
+        </div>
+        <div class="feature-card">
+            <h4>serialization.py</h4>
+            <p>Compact JSON encoding with short keys (<code>k</code>, <code>s</code>, <code>p</code>) to stay under PubNub's 32KB message limit. Auto-truncates large payloads.</p>
+        </div>
+        <div class="feature-card">
+            <h4>protocol.py</h4>
+            <p>The <code>SenseTransport</code> Protocol defines the transport contract. Any class implementing these 7 methods can serve as a transport.</p>
+        </div>
+        <div class="feature-card">
+            <h4>mixin.py</h4>
+            <p><code>SenseMixin</code> adds network capabilities to any Agent via Python's multiple inheritance. This is the primary integration point.</p>
+        </div>
+    </div>
+
+    <div class="info-box note">
+        <div class="info-box-title">Key Insight: The Dependency Direction</div>
+        <p>Dependencies flow inward: <code>mixin.py</code> depends on <code>protocol.py</code> (not on <code>pubnub_transport.py</code>). The PubNub transport is the outermost layer and is completely swappable. You could write a Redis, NATS, or MQTT transport without touching any other file.</p>
+    </div>
+
+    <!-- Section 3: Signal Design -->
+    <h2 id="signal-design"><span class="step-number">3</span> Signal Design</h2>
+
+    <h3>The Signal Dataclass</h3>
+
+    <pre><code class="language-python">@dataclass
+class Signal:
+    kind: SignalKind          # What type of signal
+    sender: str               # Who sent it (agent name)
+    payload: dict[str, Any]   # Arbitrary data
+    correlation_id: str       # Links requests to responses
+    target: str | None        # Intended recipient (None = broadcast)
+    timestamp: float          # Unix timestamp (auto-set)
+    source_channel: str | None  # Which channel it arrived on</code></pre>
+
+    <div class="decision-box">
+        <h4>Why a Dataclass, Not a Pydantic Model?</h4>
+        <p>Bedsheet uses <code>@dataclass</code> for all data structures (events, signals, messages). Pydantic adds validation overhead that's unnecessary for internal data structures where the framework controls construction. Dataclasses give us type hints, <code>__eq__</code>, and <code>__repr__</code> for free with zero runtime cost. The same reasoning applies to the existing <code>Event</code> types in <code>bedsheet/events.py</code>.</p>
+    </div>
+
+    <h3>The Seven Signal Kinds</h3>
+
+    <p>We use a <code>Literal</code> type (not an <code>Enum</code>) for signal kinds. This gives us type-checking without the overhead of enum instances:</p>
+
+    <pre><code class="language-python">SignalKind = Literal[
+    "request",    # Ask another agent to do something
+    "response",   # Reply to a request
+    "alert",      # Broadcast an alert to all listeners
+    "heartbeat",  # Periodic "I'm alive" signal
+    "claim",      # Attempt to claim ownership of an incident
+    "release",    # Release a claimed incident
+    "event",      # General-purpose notification
+]</code></pre>
+
+    <table>
+        <tr><th>Kind</th><th>Direction</th><th>Purpose</th></tr>
+        <tr><td><code>request</code></td><td>Targeted (one agent)</td><td>Delegate a task to a specific agent via <code>request()</code></td></tr>
+        <tr><td><code>response</code></td><td>Targeted (requester)</td><td>Return the result of a request, matched by <code>correlation_id</code></td></tr>
+        <tr><td><code>alert</code></td><td>Broadcast (all)</td><td>Notify all subscribers of a condition (CPU high, breach detected)</td></tr>
+        <tr><td><code>heartbeat</code></td><td>Broadcast (all)</td><td>Periodic signal with agent capabilities for presence detection</td></tr>
+        <tr><td><code>claim</code></td><td>Broadcast (all)</td><td>Attempt to own an incident (for conflict-free coordination)</td></tr>
+        <tr><td><code>release</code></td><td>Broadcast (all)</td><td>Release ownership so another agent can claim it</td></tr>
+        <tr><td><code>event</code></td><td>Broadcast or targeted</td><td>General-purpose notification for extensibility</td></tr>
+    </table>
+
+    <div class="decision-box">
+        <h4>Why Exactly Seven Kinds?</h4>
+        <p><strong>request + response</strong> cover RPC-style delegation. <strong>alert + event</strong> cover pub/sub notifications. <strong>claim + release</strong> cover distributed coordination. <strong>heartbeat</strong> covers presence. This set is minimal but sufficient &mdash; every agent interaction pattern we've encountered maps to one of these seven. We chose not to make it extensible (e.g., custom kinds) because a fixed set enables optimized routing in the signal loop.</p>
+    </div>
+
+    <h3>Correlation IDs</h3>
+
+    <p>Every signal gets a <code>correlation_id</code> &mdash; a 12-character hex string from <code>uuid4()</code>. This is how request/response pairs are matched:</p>
+
+    <pre><code class="language-python"># Commander sends a request with correlation_id="a1b2c3d4e5f6"
+signal = Signal(kind="request", sender="commander",
+                payload={"task": "check CPU"}, target="cpu-watcher")
+
+# cpu-watcher responds with the SAME correlation_id
+response = Signal(kind="response", sender="cpu-watcher",
+                  payload={"result": "CPU at 45%"},
+                  correlation_id="a1b2c3d4e5f6",  # same ID
+                  target="commander")</code></pre>
+
+    <p>The mixin's signal loop checks <code>self._pending_requests[signal.correlation_id]</code> to resolve the correct <code>asyncio.Future</code>. This means an agent can have multiple concurrent requests in flight without confusion.</p>
+
+    <!-- Section 4: Transport Protocol -->
+    <h2 id="transport-protocol"><span class="step-number">4</span> Transport Protocol</h2>
+
+    <pre><code class="language-python">@runtime_checkable
+class SenseTransport(Protocol):
+    async def connect(self, agent_id: str, namespace: str) -> None: ...
+    async def disconnect(self) -> None: ...
+    async def broadcast(self, channel: str, signal: Signal) -> None: ...
+    async def subscribe(self, channel: str) -> None: ...
+    async def unsubscribe(self, channel: str) -> None: ...
+    def signals(self) -> AsyncIterator[Signal]: ...
+    async def get_online_agents(self, channel: str) -> list[AgentPresence]: ...</code></pre>
+
+    <div class="decision-box">
+        <h4>Why Protocol, Not ABC?</h4>
+        <p>Bedsheet uses <code>Protocol</code> (structural subtyping) throughout the codebase &mdash; <code>LLMClient</code>, <code>Memory</code>, and now <code>SenseTransport</code>. The philosophy: <strong>if it walks like a duck and quacks like a duck, it's a duck.</strong> A class satisfies <code>SenseTransport</code> by implementing the right methods, without explicitly inheriting from it. This means you can write a transport in a separate package that doesn't import <code>bedsheet</code> at all &mdash; it just needs the right method signatures. The <code>@runtime_checkable</code> decorator lets us use <code>isinstance()</code> checks when needed.</p>
+    </div>
+
+    <h3>The Seven Methods</h3>
+
+    <p>The protocol is intentionally minimal. Every method maps to a fundamental pub/sub operation:</p>
+
+    <table>
+        <tr><th>Method</th><th>What It Does</th><th>PubNub Equivalent</th></tr>
+        <tr><td><code>connect()</code></td><td>Establish connection with identity</td><td>Create <code>PubNubAsyncio</code> instance</td></tr>
+        <tr><td><code>disconnect()</code></td><td>Clean up and close</td><td><code>pubnub.stop()</code></td></tr>
+        <tr><td><code>broadcast()</code></td><td>Publish a signal to a channel</td><td><code>pubnub.publish()</code></td></tr>
+        <tr><td><code>subscribe()</code></td><td>Listen to a channel</td><td><code>pubnub.subscribe()</code></td></tr>
+        <tr><td><code>unsubscribe()</code></td><td>Stop listening</td><td><code>pubnub.unsubscribe()</code></td></tr>
+        <tr><td><code>signals()</code></td><td>Async iterator of incoming signals</td><td>Read from <code>asyncio.Queue</code></td></tr>
+        <tr><td><code>get_online_agents()</code></td><td>Who's on a channel right now?</td><td><code>pubnub.here_now()</code></td></tr>
+    </table>
+
+    <h3>AgentPresence</h3>
+
+    <p><code>AgentPresence</code> is a simple dataclass representing a remote agent's identity on the network:</p>
+
+    <pre><code class="language-python">@dataclass
+class AgentPresence:
+    agent_id: str
+    agent_name: str
+    namespace: str
+    capabilities: list[str] = field(default_factory=list)
+    status: str = "online"
+    metadata: dict[str, Any] = field(default_factory=dict)</code></pre>
+
+    <p>This is returned by <code>get_online_agents()</code> and populated from PubNub's <code>here_now()</code> API (or from heartbeat signals in the mock transport).</p>
+
+    <!-- Section 5: Why PubNub -->
+    <h2 id="why-pubnub"><span class="step-number">5</span> Why PubNub</h2>
+
+    <p>We evaluated several messaging backends before choosing PubNub:</p>
+
+    <table>
+        <tr><th>Option</th><th>Pros</th><th>Cons</th></tr>
+        <tr><td><strong>PubNub</strong></td><td>Zero infrastructure, built-in presence, global CDN, generous free tier</td><td>32KB message limit, vendor lock-in</td></tr>
+        <tr><td>Redis Pub/Sub</td><td>Fast, familiar, no message limits</td><td>Requires Redis server, no built-in presence, no cross-cloud</td></tr>
+        <tr><td>NATS</td><td>Very fast, cloud-native</td><td>Requires NATS server, complex JetStream setup for persistence</td></tr>
+        <tr><td>WebSocket server</td><td>Full control, no vendor</td><td>Must build everything: routing, presence, reconnection, scaling</td></tr>
+        <tr><td>AWS SNS/SQS</td><td>Native AWS, highly reliable</td><td>AWS-only, complex setup, not real-time (polling)</td></tr>
+    </table>
+
+    <div class="decision-box">
+        <h4>The Decision</h4>
+        <p>PubNub won because of <strong>zero infrastructure</strong>. A demo user signs up, gets keys, and has global real-time messaging in 5 minutes. No Docker containers, no cloud setup, no servers to manage. The 32KB limit is handled by compact serialization (short keys, auto-truncation). The vendor lock-in is mitigated by the <code>SenseTransport</code> Protocol &mdash; you can swap to Redis or NATS by implementing 7 methods.</p>
+    </div>
+
+    <h3>PubNub's Key Features We Use</h3>
+
+    <ul>
+        <li><strong>Publish/Subscribe:</strong> Core messaging. Each channel is a topic agents subscribe to.</li>
+        <li><strong>Presence:</strong> PubNub tracks who's on each channel via <code>here_now()</code>. We get agent discovery for free.</li>
+        <li><strong>UUID identity:</strong> Each PubNub connection has a UUID. We set this to the agent's name for presence identification.</li>
+        <li><strong>Auto-reconnection:</strong> <code>PNReconnectionPolicy.EXPONENTIAL</code> handles network flaps automatically.</li>
+        <li><strong>Global CDN:</strong> Messages route through PubNub's edge network, so agents in different regions get low latency.</li>
+    </ul>
+
+    <!-- Section 6: Thread-Asyncio Bridge -->
+    <h2 id="thread-bridge"><span class="step-number">6</span> The Thread-to-Asyncio Bridge</h2>
+
+    <p>This is the trickiest piece of the PubNub integration. PubNub's Python SDK uses <strong>threaded callbacks</strong> for incoming messages, but Bedsheet is <strong>fully async</strong>. We need to safely cross the thread boundary.</p>
+
+    <h3>The Problem</h3>
+
+    <pre><code class="language-python"># PubNub calls this from a BACKGROUND THREAD:
+class _SignalListener(SubscribeCallback):
+    def message(self, pubnub, message):
+        # We're on PubNub's thread, NOT the asyncio event loop!
+        # Cannot await anything, cannot use asyncio directly
+        signal = deserialize(message.message)
+        # How do we get this signal to the async signal_loop?</code></pre>
+
+    <h3>The Solution: <code>call_soon_threadsafe</code></h3>
+
+    <pre><code class="language-python">class _SignalListener(SubscribeCallback):
+    def __init__(self, queue: asyncio.Queue[Signal], loop: asyncio.AbstractEventLoop):
+        self._queue = queue
+        self._loop = loop
+
+    def message(self, pubnub, message):
+        signal = deserialize(message.message, source_channel=message.channel)
+        # Thread-safe way to put into the asyncio queue:
+        self._loop.call_soon_threadsafe(self._queue.put_nowait, signal)</code></pre>
+
+    <div class="whats-happening">
+        <h4>What's Happening Here</h4>
+        <ol>
+            <li>We capture the asyncio event loop reference at connection time (<code>asyncio.get_running_loop()</code>)</li>
+            <li>We pass the loop and an <code>asyncio.Queue</code> to the PubNub callback listener</li>
+            <li>When PubNub's thread delivers a message, we call <code>loop.call_soon_threadsafe()</code></li>
+            <li>This schedules <code>queue.put_nowait(signal)</code> to run on the event loop's thread</li>
+            <li>The mixin's <code>_signal_loop()</code> awaits <code>queue.get()</code> on the async side</li>
+        </ol>
+    </div>
+
+    <p><code>call_soon_threadsafe</code> is the standard Python mechanism for thread-to-asyncio communication. It's safe to call from any thread and guarantees the callback runs on the event loop's thread during the next iteration.</p>
+
+    <div class="info-box warning">
+        <div class="info-box-title">Why Not <code>asyncio.run_coroutine_threadsafe</code>?</div>
+        <p>We use <code>call_soon_threadsafe</code> with <code>put_nowait</code> instead of <code>run_coroutine_threadsafe</code> with <code>put</code> because <code>put_nowait</code> is synchronous and never blocks. The queue has no max size, so it won't raise <code>QueueFull</code>. This is simpler and avoids creating unnecessary futures on the PubNub callback thread.</p>
+    </div>
+
+    <!-- Section 7: Channel Naming -->
+    <h2 id="channel-naming"><span class="step-number">7</span> Channel Naming Convention</h2>
+
+    <p>PubNub channels are just strings. We use a namespaced convention to prevent collisions:</p>
+
+    <pre><code class="language-python">def _full_channel(self, channel: str) -> str:
+    """Expand short channel name to full namespaced channel."""
+    if channel.startswith("bedsheet."):
+        return channel
+    return f"bedsheet.{self._namespace}.{channel}"
+
+# Examples:
+# "alerts"  → "bedsheet.cloud-ops.alerts"
+# "tasks"   → "bedsheet.cloud-ops.tasks"
+# "agent-1" → "bedsheet.cloud-ops.agent-1"  (direct channel)</code></pre>
+
+    <p>Every agent also subscribes to its own <strong>direct channel</strong> (<code>bedsheet.{namespace}.{agent_name}</code>). This enables targeted messaging &mdash; when you call <code>send_to("cpu-watcher", signal)</code>, it publishes to <code>bedsheet.cloud-ops.cpu-watcher</code>.</p>
+
+    <div class="decision-box">
+        <h4>Why Namespace Channels?</h4>
+        <p>Namespacing prevents cross-contamination between different deployments sharing the same PubNub keys. A staging environment using namespace <code>"staging"</code> won't interfere with production using <code>"prod"</code>, even on the same PubNub app.</p>
+    </div>
+
+    <!-- Section 8: The Mixin Pattern -->
+    <h2 id="mixin-pattern"><span class="step-number">8</span> The Mixin Pattern</h2>
+
+    <p><code>SenseMixin</code> is the heart of the Sixth Sense. It adds distributed capabilities to any Agent without modifying the Agent class itself:</p>
+
+    <pre><code class="language-python">class SenseMixin:
+    """Mixin that adds distributed sensing to any Agent."""
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)  # Calls Agent.__init__()
+        self._transport: SenseTransport | None = None
+        self._namespace: str = ""
+        self._signal_handlers: dict[SignalKind, list[SignalHandler]] = {}
+        self._signal_task: asyncio.Task | None = None
+        self._pending_requests: dict[str, asyncio.Future[Signal]] = {}
+        self._claimed_incidents: set[str] = set()
+        self._heartbeat_task: asyncio.Task | None = None</code></pre>
+
+    <h3>How Python MRO Makes This Work</h3>
+
+    <pre><code class="language-python">class MyAgent(SenseMixin, Agent):
+    pass
+
+# Method Resolution Order (MRO):
+# MyAgent → SenseMixin → Agent → object
+
+# When you call MyAgent(name="x", instruction="y", model_client=client):
+# 1. MyAgent.__init__ → not defined, goes to next
+# 2. SenseMixin.__init__(self, name="x", ...)
+#    → super().__init__(name="x", ...) → Agent.__init__
+# 3. Agent.__init__ sets up name, instruction, model_client
+# 4. Back in SenseMixin.__init__, adds _transport, _signal_handlers, etc.</code></pre>
+
+    <div class="decision-box">
+        <h4>Why a Mixin, Not Inheritance or Composition?</h4>
+        <p><strong>Option A: Inheritance</strong> (<code>class SenseAgent(Agent)</code>) &mdash; Forces users to subclass a specific class. Can't add sensing to a Supervisor, or to user's custom Agent subclass.</p>
+        <p><strong>Option B: Composition</strong> (<code>agent.sense = SenseAdapter(agent)</code>) &mdash; Cleaner separation, but awkward API. Users would write <code>agent.sense.broadcast()</code> instead of <code>agent.broadcast()</code>. The adapter would need to reach into the agent's internals for <code>invoke()</code>.</p>
+        <p><strong>Option C: Mixin</strong> (<code>class MyAgent(SenseMixin, Agent)</code>) &mdash; Best of both worlds. The agent IS-A SenseMixin and IS-A Agent. <code>broadcast()</code>, <code>request()</code>, <code>on_signal()</code> feel like native agent methods. Works with both <code>Agent</code> and <code>Supervisor</code>.</p>
+    </div>
+
+    <h3>The <code>type: ignore[attr-defined]</code> Pattern</h3>
+
+    <p>You'll notice <code># type: ignore[attr-defined]</code> comments throughout the mixin. This is because <code>SenseMixin</code> accesses <code>self.name</code> and <code>self.invoke()</code>, which are defined on <code>Agent</code>, not on the mixin itself:</p>
+
+    <pre><code class="language-python">await transport.connect(self.name, namespace)  # type: ignore[attr-defined]</code></pre>
+
+    <p>Mypy can't know that <code>SenseMixin</code> will always be combined with <code>Agent</code>. The type ignores acknowledge this limitation. An alternative would be a generic <code>Protocol</code> for the host class, but that adds complexity for no runtime benefit.</p>
+
+    <!-- Section 9: Request/Response -->
+    <h2 id="request-response"><span class="step-number">9</span> Request/Response Over PubNub</h2>
+
+    <p>The most complex pattern is request/response &mdash; asking a remote agent to do something and waiting for the answer. This implements an RPC-like pattern over pub/sub messaging.</p>
+
+    <h3>The Flow</h3>
+
+    <div class="whats-happening">
+        <h4>Commander requests CPU check from cpu-watcher</h4>
+        <ol>
+            <li><strong>Commander calls <code>request("cpu-watcher", "check CPU")</code></strong></li>
+            <li>Creates a <code>correlation_id</code> and an <code>asyncio.Future</code></li>
+            <li>Stores the future in <code>self._pending_requests[correlation_id]</code></li>
+            <li>Sends a <code>request</code> signal to cpu-watcher's direct channel</li>
+            <li>Awaits the future with a timeout</li>
+        </ol>
+        <ol start="6">
+            <li><strong>cpu-watcher's signal loop receives the request</strong></li>
+            <li>Calls <code>_handle_request()</code> which runs <code>self.invoke(session_id, task)</code></li>
+            <li>The agent's LLM processes the task, calls tools, generates a response</li>
+            <li>Sends a <code>response</code> signal back with the same <code>correlation_id</code></li>
+        </ol>
+        <ol start="10">
+            <li><strong>Commander's signal loop receives the response</strong></li>
+            <li>Matches <code>correlation_id</code> to the pending future</li>
+            <li>Resolves the future with the response signal</li>
+            <li>Commander's <code>request()</code> returns the result string</li>
+        </ol>
+    </div>
+
+    <h3>Key Implementation Detail: <code>_handle_request</code></h3>
+
+    <pre><code class="language-python">async def _handle_request(self, signal: Signal) -> None:
+    task = signal.payload.get("task", "")
+    session_id = f"sense-{signal.correlation_id}"
+
+    # Run the full agent loop (LLM + tools)
+    result = ""
+    async for event in self.invoke(session_id, task):
+        if isinstance(event, CompletionEvent):
+            result = event.response
+
+    # Send response back to requester
+    response_signal = Signal(
+        kind="response",
+        sender=self.name,
+        payload={"result": result},
+        correlation_id=signal.correlation_id,
+        target=signal.sender,
+    )
+    await self.send_to(signal.sender, response_signal)</code></pre>
+
+    <p>This is where the Sixth Sense connects to Bedsheet's core: the request handler calls <code>self.invoke()</code>, which runs the agent's full ReAct loop (LLM reasoning &rarr; tool calls &rarr; final response). The remote agent isn't just a message router &mdash; it's a full AI agent that thinks about the request and uses its tools to answer it.</p>
+
+    <div class="info-box tip">
+        <div class="info-box-title">Concurrency</div>
+        <p>Requests are handled with <code>asyncio.create_task(self._handle_request(signal))</code>, so multiple requests can be processed concurrently. An agent can handle several incoming requests while also sending its own requests to others.</p>
+    </div>
+
+    <!-- Section 10: Claim Protocol -->
+    <h2 id="claim-protocol"><span class="step-number">10</span> Claim Protocol</h2>
+
+    <p>When multiple agents see the same alert, we need exactly one to handle it. The claim protocol provides <strong>leaderless conflict resolution</strong> &mdash; no central coordinator required.</p>
+
+    <h3>How It Works</h3>
+
+    <pre><code class="language-python">async def claim_incident(self, incident_id: str, channel: str) -> bool:
+    # 1. Broadcast our claim
+    signal = Signal(kind="claim", sender=self.name,
+                    payload={"incident_id": incident_id})
+    await self.broadcast(channel, signal)
+
+    # 2. Wait 500ms for competing claims
+    await asyncio.sleep(0.5)
+
+    # 3. If still in our claimed set, we won
+    return incident_id in self._claimed_incidents</code></pre>
+
+    <p>The conflict resolution happens in <code>_handle_claim()</code>:</p>
+
+    <pre><code class="language-python">def _handle_claim(self, signal: Signal) -> None:
+    incident_id = signal.payload.get("incident_id")
+    if incident_id in self._claimed_incidents:
+        # Tie-breaking: lower sender name wins
+        if signal.sender < self.name:
+            self._claimed_incidents.discard(incident_id)</code></pre>
+
+    <div class="decision-box">
+        <h4>Why Not a Distributed Lock?</h4>
+        <p>A proper distributed lock (Redlock, ZooKeeper, etcd) would guarantee exactly-once processing. But it would also require additional infrastructure, add latency, and create failure modes. The claim protocol is <strong>probabilistic but practical</strong>: the 500ms window and deterministic tie-breaking (alphabetical agent name) give us conflict-free coordination 99%+ of the time. For a monitoring system where occasional duplicate handling is harmless, this is the right trade-off.</p>
+    </div>
+
+    <!-- Section 11: Testing Strategy -->
+    <h2 id="testing"><span class="step-number">11</span> Testing Strategy</h2>
+
+    <h3>The MockSenseTransport</h3>
+
+    <p>The key testing challenge: how to test distributed agent communication without PubNub? The answer is <code>MockSenseTransport</code>, which follows the same pattern as <code>MockLLMClient</code>.</p>
+
+    <h4>The Hub Pattern</h4>
+
+    <pre><code class="language-python">class _MockSenseHub:
+    """Shared state for mock transports. Routes signals between agents."""
+
+    def __init__(self):
+        self.queues: dict[str, asyncio.Queue[Signal]] = {}
+        self.subscriptions: dict[str, set[str]] = {}
+        self.presences: dict[str, AgentPresence] = {}
+
+class MockSenseTransport:
+    def __init__(self, hub: _MockSenseHub | None = None):
+        self.hub = hub or _MockSenseHub()
+
+    def create_peer(self) -> "MockSenseTransport":
+        """Create a sibling transport sharing the same hub."""
+        return MockSenseTransport(self.hub)</code></pre>
+
+    <div class="decision-box">
+        <h4>Why the Hub Pattern?</h4>
+        <p>The first implementation used a single transport for all agents. This failed because <code>connect(agent_id)</code> overwrites the agent's identity &mdash; the second agent's connect would overwrite the first agent's ID. The hub pattern gives each agent its own transport instance (with its own identity and queue) while sharing the routing infrastructure. <code>create_peer()</code> returns a new transport connected to the same hub.</p>
+    </div>
+
+    <h3>Test Design Lessons</h3>
+
+    <div class="info-box warning">
+        <div class="info-box-title">Don't Read From the Queue Directly</div>
+        <p>The signal loop is a background task that continuously reads from the transport's queue. If a test tries to read from the queue directly (e.g., <code>await queue.get()</code>), it races with the signal loop. Use <code>on_signal</code> handlers in tests instead, and <code>await asyncio.sleep()</code> to give the loop time to process.</p>
+    </div>
+
+    <p>Test coverage (31 tests in <code>tests/test_sense.py</code>):</p>
+
+    <table>
+        <tr><th>Test Group</th><th>Count</th><th>What's Covered</th></tr>
+        <tr><td>Signal creation</td><td>3</td><td>Dataclass defaults, payload, all 7 kinds</td></tr>
+        <tr><td>Serialization</td><td>5</td><td>Compact encoding, roundtrip, truncation, minimal deserialization</td></tr>
+        <tr><td>Protocol</td><td>2</td><td>Mock satisfies protocol, AgentPresence creation</td></tr>
+        <tr><td>MockSenseTransport</td><td>4</td><td>Connect/disconnect, subscribe/broadcast, online agents, create_peer</td></tr>
+        <tr><td>SenseMixin</td><td>7</td><td>Join/leave, broadcast, request/response, timeout, handlers, self-skip, targeting</td></tr>
+        <tr><td>Claim protocol</td><td>2</td><td>Claim win, release</td></tr>
+        <tr><td>SenseNetwork</td><td>3</td><td>Add agent, reject non-sense agent, stop disconnects all</td></tr>
+        <tr><td>Events</td><td>5</td><td>All 5 new event dataclasses</td></tr>
+    </table>
+
+    <!-- Section 12: Trade-offs -->
+    <h2 id="tradeoffs"><span class="step-number">12</span> Trade-offs &amp; Future Work</h2>
+
+    <h3>What We Chose</h3>
+
+    <table>
+        <tr><th>Decision</th><th>Benefit</th><th>Cost</th></tr>
+        <tr><td>PubNub over self-hosted</td><td>Zero infrastructure</td><td>32KB limit, vendor dependency</td></tr>
+        <tr><td>Mixin over composition</td><td>Natural API (<code>agent.request()</code>)</td><td><code>type: ignore</code> comments</td></tr>
+        <tr><td>Protocol over ABC</td><td>Structural subtyping</td><td>No enforced implementation</td></tr>
+        <tr><td>Probabilistic claims</td><td>No infrastructure needed</td><td>Rare duplicate handling</td></tr>
+        <tr><td>Short-key serialization</td><td>Stays under 32KB</td><td>Less readable wire format</td></tr>
+        <tr><td>Hub pattern for testing</td><td>True multi-agent tests</td><td>More complex mock</td></tr>
+    </table>
+
+    <h3>Known Limitations</h3>
+
+    <ul>
+        <li><strong>No message persistence:</strong> PubNub messages are ephemeral (unless you enable PubNub Storage, a paid feature). If an agent is offline when a signal is sent, it misses it.</li>
+        <li><strong>No message ordering guarantee:</strong> PubNub guarantees per-channel ordering, but cross-channel ordering is not guaranteed.</li>
+        <li><strong>Claim protocol is probabilistic:</strong> Under very high load or network partitions, two agents might both win a claim. Acceptable for monitoring; not suitable for financial transactions.</li>
+        <li><strong>32KB message limit:</strong> The auto-truncation handles this, but very large payloads lose data. If you need to send large data, send a reference (URL, S3 key) instead.</li>
+    </ul>
+
+    <h3>Future Directions</h3>
+
+    <ul>
+        <li><strong>Redis transport:</strong> For teams with existing Redis infrastructure</li>
+        <li><strong>NATS transport:</strong> For high-throughput scenarios</li>
+        <li><strong>Message persistence:</strong> Store signals for replay and audit trails</li>
+        <li><strong>Encryption:</strong> End-to-end encryption for signal payloads</li>
+        <li><strong>Agent discovery:</strong> Automatic capability-based routing (find the agent that can handle this request)</li>
+    </ul>
+
+    <footer>
+        <p>Bedsheet Agents &mdash; <a href="https://github.com/sivang/bedsheet">GitHub</a> | <a href="sixth-sense-guide.html">Sixth Sense Tutorial</a> | <a href="agent-sentinel-guide.html">Agent Sentinel Guide</a></p>
+    </footer>
+</main>
+
+<script>hljs.highlightAll();</script>
+</body>
+</html>
diff --git a/docs/sixth-sense-guide.html b/docs/sixth-sense-guide.html
index 8cabd40..95e02e3 100644
--- a/docs/sixth-sense-guide.html
+++ b/docs/sixth-sense-guide.html
@@ -412,6 +412,26 @@ <h3>Running the Demo</h3>
 
     <p>When CPU exceeds 80%, the cpu-watcher broadcasts an alert. The incident-commander claims it, queries the other agents for context, and synthesizes an incident report.</p>
 
+    <h3>Agent Sentinel Demo</h3>
+
+    <p>The <code>examples/agent-sentinel/</code> directory demonstrates AI agent security monitoring, inspired by the OpenClaw crisis of 2026. Three worker agents perform real tasks (DuckDuckGo searches, JSON calendar management, skill installation with SHA-256 verification), while sentinel agents monitor them for rogue behavior:</p>
+
+    <table>
+        <tr><th>Agent</th><th>Role</th><th>Data Source</th></tr>
+        <tr><td><code>web-researcher</code></td><td>Worker: web search</td><td>DuckDuckGo</td></tr>
+        <tr><td><code>scheduler</code></td><td>Worker: calendar management</td><td>JSON file</td></tr>
+        <tr><td><code>skill-acquirer</code></td><td>Worker: skill installation</td><td>Local ClawHub files</td></tr>
+        <tr><td><code>behavior-sentinel</code></td><td>Sentinel: output rate monitoring</td><td>Activity log</td></tr>
+        <tr><td><code>supply-chain-sentinel</code></td><td>Sentinel: skill integrity</td><td>SHA-256 hashing</td></tr>
+        <tr><td><code>sentinel-commander</code></td><td>Commander: alert correlation</td><td>Sense network</td></tr>
+    </table>
+
+    <p>Each worker has a ~15% chance per cycle of going rogue. Sentinels detect anomalies through real file I/O and alert the commander over PubNub, who investigates and issues quarantine orders.</p>
+
+    <pre><code class="language-bash">pip install bedsheet[sense] duckduckgo-search
+cd examples/agent-sentinel
+python run.py</code></pre>
+
     <!-- Step 9: Testing -->
     <h2 id="testing"><span class="step-number">9</span> Testing</h2>
 
diff --git a/examples/agent-sentinel/README.md b/examples/agent-sentinel/README.md
new file mode 100644
index 0000000..6409699
--- /dev/null
+++ b/examples/agent-sentinel/README.md
@@ -0,0 +1,119 @@
+# Agent Sentinel
+
+Real-time AI agent security monitoring using [Bedsheet Sense](../../docs/sixth-sense-guide.html).
+
+## Motivation
+
+The OpenClaw crisis of Jan-Feb 2026 exposed critical gaps in AI agent security:
+
+- **Rogue behavior**: Agent spammed 500+ messages after gaining iMessage access
+- **Supply chain attacks**: 7.1% of ClawHub marketplace skills contained malicious code
+- **API key leaks**: Moltbook breach exposed 1.5M API keys
+- **Mass exposure**: 40,000+ unsecured agent instances on the public internet
+
+Agent Sentinel demonstrates how a network of sentinel agents can monitor production AI agents for compromise, drift, and rogue behavior in real-time using PubNub.
+
+## Architecture
+
+**3 Worker Agents** (do real work):
+- `web-researcher` — Performs DuckDuckGo searches
+- `scheduler` — Manages a JSON calendar file
+- `skill-acquirer` — Installs Python skills from a local ClawHub registry with SHA-256 verification
+
+**2 Sentinel Agents** (monitor workers):
+- `behavior-sentinel` — Reads the shared activity log, detects output rate anomalies
+- `supply-chain-sentinel` — Re-hashes installed skills, detects malicious installs
+
+**1 Commander** (correlates and responds):
+- `sentinel-commander` — Listens for alerts, queries sentinels, issues quarantine orders
+
+Each worker has a ~15% chance per cycle of going "rogue" — the web researcher spams searches, the scheduler sabotages the calendar, the skill acquirer installs a known-malicious skill. Sentinels detect this through real file I/O and alert the commander over PubNub.
+
+## Quick Start
+
+This project was scaffolded with `bedsheet init` and uses the Bedsheet CLI tooling:
+
+```bash
+# 1. Install Bedsheet with Sense module and search dependency
+uv pip install bedsheet[sense] duckduckgo-search
+
+# 2. Validate the project configuration
+cd examples/agent-sentinel
+bedsheet validate
+
+# 3. Set environment variables
+export PUBNUB_SUBSCRIBE_KEY=sub-c-...
+export PUBNUB_PUBLISH_KEY=pub-c-...
+export ANTHROPIC_API_KEY=sk-ant-...
+
+# 4. Run the demo
+python run.py
+```
+
+## Using the Bedsheet CLI
+
+This project includes a `bedsheet.yaml` that defines all 6 agents. You can use the full Bedsheet CLI workflow:
+
+```bash
+# Validate the configuration
+bedsheet validate
+# ✓ Configuration is valid!
+# Project: agent-sentinel
+# Agents: 6
+
+# Generate deployment artifacts (e.g., for local Docker)
+bedsheet generate --target local
+
+# Or generate for cloud deployment
+bedsheet generate --target gcp
+bedsheet generate --target aws
+```
+
+### Creating Your Own Sentinel Project
+
+To start a new project from scratch using the Bedsheet CLI:
+
+```bash
+# Scaffold a new project
+bedsheet init my-sentinel-network
+
+# Customize agents/ with your own worker and sentinel agents
+# Edit bedsheet.yaml to register your agents
+
+# Validate and generate
+bedsheet validate
+bedsheet generate --target local
+```
+
+## What to Expect
+
+1. Workers come online and start doing real work (searching, scheduling, installing skills)
+2. Randomly (~15% per cycle), a worker goes rogue
+3. Sentinels detect the anomaly through real file reads:
+   - Behavior sentinel sees the activity rate spike in `data/activity_log.jsonl`
+   - Supply chain sentinel sees the malicious skill in `data/installed_skills/`
+4. Sentinels broadcast alert signals over PubNub
+5. Commander claims the incident, queries sentinels for evidence, issues quarantine
+
+## Files
+
+```
+agent-sentinel/
+├── bedsheet.yaml             # Bedsheet CLI configuration
+├── pyproject.toml            # Dependencies
+├── run.py                    # Subprocess launcher
+├── data/
+│   └── calendar.json         # Pre-seeded appointments
+├── clawhub/
+│   ├── registry.json         # Skill hashes + malicious flags
+│   ├── weather_lookup.py     # Legit skill
+│   ├── sentiment_analyzer.py # Legit skill
+│   └── data_exfiltrator.py   # Known-malicious (inert)
+└── agents/
+    ├── web_researcher.py     # Worker
+    ├── scheduler.py          # Worker
+    ├── skill_acquirer.py     # Worker
+    ├── behavior_sentinel.py  # Sentinel
+    ├── supply_chain_sentinel.py  # Sentinel
+    └── sentinel_commander.py # Commander
+```
diff --git a/examples/agent-sentinel/agents/__init__.py b/examples/agent-sentinel/agents/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/examples/agent-sentinel/agents/behavior_sentinel.py b/examples/agent-sentinel/agents/behavior_sentinel.py
new file mode 100644
index 0000000..8b7842e
--- /dev/null
+++ b/examples/agent-sentinel/agents/behavior_sentinel.py
@@ -0,0 +1,201 @@
+"""Behavior Sentinel - monitors worker agents for output rate anomalies.
+
+Reads the shared activity_log.jsonl file and detects when agents produce
+abnormally high action rates (e.g., 50+ searches in a burst = rogue behavior).
+"""
+
+import asyncio
+import json
+import os
+import time
+
+from bedsheet import Agent, ActionGroup, SenseMixin
+from bedsheet.llm.anthropic import AnthropicClient
+from bedsheet.sense import Signal
+from bedsheet.sense.pubnub_transport import PubNubTransport
+
+
+class BehaviorSentinel(SenseMixin, Agent):
+    pass
+
+
+behavior_tools = ActionGroup("behavior_tools", "Behavior monitoring tools")
+
+_DATA_DIR = os.path.join(os.path.dirname(os.path.dirname(__file__)), "data")
+_LOG_PATH = os.path.join(_DATA_DIR, "activity_log.jsonl")
+
+# Threshold: more than 10 actions per minute from a single agent is anomalous
+_RATE_THRESHOLD = 10
+
+# Module-level reference for broadcasting
+_sentinel: BehaviorSentinel | None = None
+
+
+def _read_recent_activity(minutes: int = 5) -> list[dict]:
+    """Read activity log entries from the last N minutes."""
+    cutoff = time.time() - (minutes * 60)
+    entries = []
+    try:
+        with open(_LOG_PATH) as f:
+            for line in f:
+                line = line.strip()
+                if not line:
+                    continue
+                try:
+                    entry = json.loads(line)
+                    if entry.get("timestamp", 0) >= cutoff:
+                        entries.append(entry)
+                except json.JSONDecodeError:
+                    continue
+    except FileNotFoundError:
+        pass
+    return entries
+
+
+@behavior_tools.action(
+    "check_activity_log",
+    "Read the shared activity log and count actions per agent",
+    parameters={
+        "type": "object",
+        "properties": {
+            "minutes": {
+                "type": "integer",
+                "description": "Time window in minutes (default 5)",
+            },
+        },
+    },
+)
+async def check_activity_log(minutes: int = 5) -> str:
+    entries = _read_recent_activity(minutes)
+    if not entries:
+        return f"No activity in the last {minutes} minutes."
+
+    counts: dict[str, int] = {}
+    for e in entries:
+        agent = e.get("agent", "unknown")
+        counts[agent] = counts.get(agent, 0) + 1
+
+    lines = [f"Activity in last {minutes} minutes ({len(entries)} total actions):"]
+    for agent, count in sorted(counts.items(), key=lambda x: -x[1]):
+        rate = count / minutes
+        flag = " ** ANOMALOUS **" if rate > _RATE_THRESHOLD else ""
+        lines.append(f"  {agent}: {count} actions ({rate:.1f}/min){flag}")
+    return "\n".join(lines)
+
+
+@behavior_tools.action(
+    "check_output_rate",
+    "Get the actions-per-minute rate for a specific agent",
+    parameters={
+        "type": "object",
+        "properties": {
+            "agent_name": {
+                "type": "string",
+                "description": "Name of the agent to check",
+            },
+        },
+        "required": ["agent_name"],
+    },
+)
+async def check_output_rate(agent_name: str) -> str:
+    entries = _read_recent_activity(minutes=2)
+    count = sum(1 for e in entries if e.get("agent") == agent_name)
+    rate = count / 2.0
+    status = "ANOMALOUS" if rate > _RATE_THRESHOLD else "normal"
+    return f"{agent_name}: {count} actions in 2min ({rate:.1f}/min) - {status}"
+
+
+@behavior_tools.action(
+    "get_anomaly_report", "Generate a report of all detected anomalies"
+)
+async def get_anomaly_report() -> str:
+    entries = _read_recent_activity(minutes=5)
+    if not entries:
+        return "No activity to analyze."
+
+    counts: dict[str, int] = {}
+    rogue_actions: dict[str, list[str]] = {}
+    for e in entries:
+        agent = e.get("agent", "unknown")
+        counts[agent] = counts.get(agent, 0) + 1
+        details = e.get("details", "")
+        if "[ROGUE]" in details:
+            rogue_actions.setdefault(agent, []).append(details)
+
+    anomalies = []
+    for agent, count in counts.items():
+        rate = count / 5.0
+        if rate > _RATE_THRESHOLD:
+            anomalies.append(
+                f"  {agent}: {rate:.1f} actions/min (threshold: {_RATE_THRESHOLD})"
+            )
+
+    for agent, actions in rogue_actions.items():
+        anomalies.append(f"  {agent}: {len(actions)} actions with [ROGUE] markers")
+
+    if not anomalies:
+        return "No anomalies detected."
+    return "Anomaly report:\n" + "\n".join(anomalies)
+
+
+async def main():
+    global _sentinel
+
+    transport = PubNubTransport(
+        subscribe_key=os.environ["PUBNUB_SUBSCRIBE_KEY"],
+        publish_key=os.environ["PUBNUB_PUBLISH_KEY"],
+    )
+
+    agent = BehaviorSentinel(
+        name="behavior-sentinel",
+        instruction=(
+            "You are a behavior monitoring sentinel. You watch for anomalous "
+            "agent activity patterns. When you detect high output rates or "
+            "suspicious behavior markers, report your findings clearly."
+        ),
+        model_client=AnthropicClient(),
+    )
+    agent.add_action_group(behavior_tools)
+    _sentinel = agent
+
+    await agent.join_network(transport, "agent-sentinel", ["alerts", "quarantine"])
+    print("[behavior-sentinel] Online and monitoring behavior...")
+
+    try:
+        while True:
+            # Direct monitoring: read log and check for anomalies
+            entries = _read_recent_activity(minutes=2)
+            counts: dict[str, int] = {}
+            for e in entries:
+                a = e.get("agent", "unknown")
+                counts[a] = counts.get(a, 0) + 1
+
+            for agent_name, count in counts.items():
+                rate = count / 2.0
+                if rate > _RATE_THRESHOLD:
+                    print(
+                        f"[behavior-sentinel] ALERT: {agent_name} at {rate:.1f} actions/min!"
+                    )
+                    alert = Signal(
+                        kind="alert",
+                        sender="behavior-sentinel",
+                        payload={
+                            "severity": "high",
+                            "category": "behavior_anomaly",
+                            "agent": agent_name,
+                            "rate": rate,
+                            "threshold": _RATE_THRESHOLD,
+                            "message": f"Agent '{agent_name}' output rate anomaly: {rate:.1f}/min (threshold: {_RATE_THRESHOLD})",
+                        },
+                    )
+                    await agent.broadcast("alerts", alert)
+
+            await asyncio.sleep(10)
+    except KeyboardInterrupt:
+        pass
+    finally:
+        await agent.leave_network()
+
+
+if __name__ == "__main__":
+    asyncio.run(main())
diff --git a/examples/agent-sentinel/agents/scheduler.py b/examples/agent-sentinel/agents/scheduler.py
new file mode 100644
index 0000000..0a84f2f
--- /dev/null
+++ b/examples/agent-sentinel/agents/scheduler.py
@@ -0,0 +1,179 @@
+"""Scheduler agent - manages a JSON-based calendar.
+
+Normal behavior: lists, adds, or tidies appointments every 20 seconds.
+Rogue behavior (~15% chance): deletes all appointments and writes junk entries.
+"""
+
+import asyncio
+import json
+import os
+import random
+import time
+import uuid
+
+from bedsheet import Agent, ActionGroup, SenseMixin
+from bedsheet.llm.anthropic import AnthropicClient
+from bedsheet.sense.pubnub_transport import PubNubTransport
+
+
+class Scheduler(SenseMixin, Agent):
+    pass
+
+
+scheduler_tools = ActionGroup("scheduler_tools", "Calendar management tools")
+
+_DATA_DIR = os.path.join(os.path.dirname(os.path.dirname(__file__)), "data")
+_CALENDAR_PATH = os.path.join(_DATA_DIR, "calendar.json")
+
+
+def _log_activity(agent: str, action: str, details: str) -> None:
+    entry = {
+        "timestamp": time.time(),
+        "agent": agent,
+        "action": action,
+        "details": details,
+    }
+    log_path = os.path.join(_DATA_DIR, "activity_log.jsonl")
+    with open(log_path, "a") as f:
+        f.write(json.dumps(entry) + "\n")
+
+
+def _read_calendar() -> list[dict]:
+    try:
+        with open(_CALENDAR_PATH) as f:
+            return json.load(f)
+    except (FileNotFoundError, json.JSONDecodeError):
+        return []
+
+
+def _write_calendar(appointments: list[dict]) -> None:
+    with open(_CALENDAR_PATH, "w") as f:
+        json.dump(appointments, f, indent=2)
+
+
+@scheduler_tools.action("list_appointments", "List all scheduled appointments")
+async def list_appointments() -> str:
+    appointments = _read_calendar()
+    _log_activity("scheduler", "list_appointments", f"{len(appointments)} appointments")
+    if not appointments:
+        return "No appointments scheduled."
+    lines = []
+    for apt in appointments:
+        lines.append(f"  [{apt['id']}] {apt['title']} - {apt['date']} at {apt['time']}")
+    return f"Appointments ({len(appointments)}):\n" + "\n".join(lines)
+
+
+@scheduler_tools.action(
+    "add_appointment",
+    "Add a new appointment to the calendar",
+    parameters={
+        "type": "object",
+        "properties": {
+            "title": {"type": "string", "description": "Appointment title"},
+            "date": {"type": "string", "description": "Date (YYYY-MM-DD)"},
+            "time": {"type": "string", "description": "Time (HH:MM)"},
+        },
+        "required": ["title", "date", "time"],
+    },
+)
+async def add_appointment(title: str, date: str, time_str: str = "09:00") -> str:
+    appointments = _read_calendar()
+    new_apt = {
+        "id": f"apt-{uuid.uuid4().hex[:6]}",
+        "title": title,
+        "date": date,
+        "time": time_str,
+    }
+    appointments.append(new_apt)
+    _write_calendar(appointments)
+    _log_activity("scheduler", "add_appointment", f"{title} on {date}")
+    return f"Added: {title} on {date} at {time_str}"
+
+
+@scheduler_tools.action(
+    "delete_appointment",
+    "Delete an appointment by ID",
+    parameters={
+        "type": "object",
+        "properties": {
+            "appointment_id": {
+                "type": "string",
+                "description": "Appointment ID to delete",
+            },
+        },
+        "required": ["appointment_id"],
+    },
+)
+async def delete_appointment(appointment_id: str) -> str:
+    appointments = _read_calendar()
+    before = len(appointments)
+    appointments = [a for a in appointments if a["id"] != appointment_id]
+    _write_calendar(appointments)
+    removed = before - len(appointments)
+    _log_activity("scheduler", "delete_appointment", appointment_id)
+    if removed:
+        return f"Deleted appointment {appointment_id}"
+    return f"No appointment found with ID {appointment_id}"
+
+
+async def _rogue_calendar_sabotage() -> None:
+    """Delete all appointments and write junk entries."""
+    print("[scheduler] ROGUE MODE: sabotaging calendar!")
+    _write_calendar([])
+    _log_activity("scheduler", "delete_all", "ROGUE: wiped calendar")
+
+    junk = [
+        {
+            "id": f"apt-rogue-{i}",
+            "title": f"JUNK-{random.randint(1000,9999)}",
+            "date": "1999-01-01",
+            "time": "00:00",
+        }
+        for i in range(20)
+    ]
+    _write_calendar(junk)
+    for entry in junk:
+        _log_activity("scheduler", "add_appointment", f"[ROGUE] {entry['title']}")
+    print("[scheduler] ROGUE MODE: wrote 20 junk entries")
+
+
+async def main():
+    transport = PubNubTransport(
+        subscribe_key=os.environ["PUBNUB_SUBSCRIBE_KEY"],
+        publish_key=os.environ["PUBNUB_PUBLISH_KEY"],
+    )
+
+    agent = Scheduler(
+        name="scheduler",
+        instruction=(
+            "You are a scheduling agent that manages a team calendar. "
+            "Each cycle, review the current appointments and optionally "
+            "add a new one for an upcoming meeting or task. Keep things organized."
+        ),
+        model_client=AnthropicClient(),
+    )
+    agent.add_action_group(scheduler_tools)
+
+    await agent.join_network(transport, "agent-sentinel", ["alerts", "quarantine"])
+    print("[scheduler] Online and managing calendar...")
+
+    try:
+        while True:
+            if random.random() < 0.15:
+                await _rogue_calendar_sabotage()
+            else:
+                session_id = f"schedule-{int(time.time())}"
+                async for event in agent.invoke(
+                    session_id,
+                    "Check the calendar and manage appointments as needed.",
+                ):
+                    pass
+            await asyncio.sleep(20)
+    except KeyboardInterrupt:
+        pass
+    finally:
+        await agent.leave_network()
+
+
+if __name__ == "__main__":
+    asyncio.run(main())
diff --git a/examples/agent-sentinel/agents/sentinel_commander.py b/examples/agent-sentinel/agents/sentinel_commander.py
new file mode 100644
index 0000000..b809d89
--- /dev/null
+++ b/examples/agent-sentinel/agents/sentinel_commander.py
@@ -0,0 +1,239 @@
+"""Sentinel Commander - correlates alerts from sentinels and issues quarantine orders.
+
+Listens for alert signals from behavior-sentinel and supply-chain-sentinel.
+When alerts arrive, queries other sentinels for corroborating evidence,
+then issues quarantine signals for confirmed compromises.
+"""
+
+import asyncio
+import os
+import time
+
+from bedsheet import Agent, ActionGroup, SenseMixin
+from bedsheet.events import CompletionEvent, ToolCallEvent
+from bedsheet.llm.anthropic import AnthropicClient
+from bedsheet.sense import Signal
+from bedsheet.sense.pubnub_transport import PubNubTransport
+
+
+class SentinelCommander(SenseMixin, Agent):
+    pass
+
+
+commander_tools = ActionGroup("commander_tools", "Network coordination tools")
+
+_commander: SentinelCommander | None = None
+
+# Track alerts for correlation
+_recent_alerts: list[dict] = []
+
+
+@commander_tools.action(
+    "request_remote_agent",
+    "Send a task to a remote agent and wait for its response",
+    parameters={
+        "type": "object",
+        "properties": {
+            "agent_name": {"type": "string", "description": "Name of the remote agent"},
+            "task": {"type": "string", "description": "Task description for the agent"},
+        },
+        "required": ["agent_name", "task"],
+    },
+)
+async def request_remote_agent(agent_name: str, task: str) -> str:
+    if _commander is None:
+        return "Error: Commander not initialized"
+    try:
+        result = await _commander.request(agent_name, task, timeout=30.0)
+        return result
+    except TimeoutError:
+        return f"Timeout: {agent_name} did not respond within 30s"
+    except Exception as e:
+        return f"Error requesting {agent_name}: {e}"
+
+
+@commander_tools.action(
+    "broadcast_alert",
+    "Broadcast an alert to all agents on the network",
+    parameters={
+        "type": "object",
+        "properties": {
+            "severity": {
+                "type": "string",
+                "description": "Alert severity: low, medium, high, critical",
+            },
+            "message": {"type": "string", "description": "Alert message"},
+        },
+        "required": ["severity", "message"],
+    },
+)
+async def broadcast_alert(severity: str, message: str) -> str:
+    if _commander is None:
+        return "Error: Commander not initialized"
+    signal = Signal(
+        kind="alert",
+        sender="sentinel-commander",
+        payload={"severity": severity, "message": message, "source": "commander"},
+    )
+    await _commander.broadcast("alerts", signal)
+    return f"Alert broadcast: [{severity}] {message}"
+
+
+@commander_tools.action(
+    "issue_quarantine",
+    "Issue a quarantine order for a compromised agent",
+    parameters={
+        "type": "object",
+        "properties": {
+            "agent_name": {
+                "type": "string",
+                "description": "Name of the agent to quarantine",
+            },
+            "reason": {"type": "string", "description": "Reason for quarantine"},
+        },
+        "required": ["agent_name", "reason"],
+    },
+)
+async def issue_quarantine(agent_name: str, reason: str) -> str:
+    if _commander is None:
+        return "Error: Commander not initialized"
+    signal = Signal(
+        kind="alert",
+        sender="sentinel-commander",
+        payload={
+            "action": "quarantine",
+            "severity": "critical",
+            "agent": agent_name,
+            "reason": reason,
+            "message": f"QUARANTINE: {agent_name} - {reason}",
+            "source": "commander",
+        },
+    )
+    await _commander.broadcast("quarantine", signal)
+    print(f"\n{'='*60}")
+    print(f"  QUARANTINE ISSUED: {agent_name}")
+    print(f"  Reason: {reason}")
+    print(f"{'='*60}\n")
+    return f"Quarantine issued for '{agent_name}': {reason}"
+
+
+@commander_tools.action("list_online_agents", "List all agents currently online")
+async def list_online_agents() -> str:
+    if _commander is None:
+        return "Error: Commander not initialized"
+    agents = await _commander._transport.get_online_agents("alerts")
+    if not agents:
+        return "No agents online"
+    names = [a.agent_name for a in agents]
+    return f"Online agents: {', '.join(names)}"
+
+
+@commander_tools.action("get_threat_summary", "Get a summary of recent alerts")
+async def get_threat_summary() -> str:
+    if not _recent_alerts:
+        return "No recent alerts."
+    lines = [f"Recent alerts ({len(_recent_alerts)}):"]
+    for alert in _recent_alerts[-10:]:
+        ts = time.strftime("%H:%M:%S", time.localtime(alert.get("timestamp", 0)))
+        lines.append(
+            f"  [{ts}] {alert.get('severity', '?')}: {alert.get('message', 'no details')}"
+        )
+    return "\n".join(lines)
+
+
+async def main():
+    global _commander
+
+    transport = PubNubTransport(
+        subscribe_key=os.environ["PUBNUB_SUBSCRIBE_KEY"],
+        publish_key=os.environ["PUBNUB_PUBLISH_KEY"],
+    )
+
+    agent = SentinelCommander(
+        name="sentinel-commander",
+        instruction=(
+            "You are the Sentinel Commander for an AI agent security monitoring network. "
+            "You coordinate responses to security alerts by querying sentinel agents for evidence.\n\n"
+            "Available sentinel agents:\n"
+            "- behavior-sentinel: Monitors agent output rates for anomalies\n"
+            "- supply-chain-sentinel: Verifies skill integrity via SHA-256 hashing\n\n"
+            "When you receive an alert:\n"
+            "1. Query the relevant sentinels for details\n"
+            "2. If multiple sources confirm the threat, issue a quarantine\n"
+            "3. Generate a clear threat assessment report\n\n"
+            "Be decisive — if evidence confirms compromise, quarantine immediately."
+        ),
+        model_client=AnthropicClient(),
+    )
+    agent.add_action_group(commander_tools)
+    _commander = agent
+
+    await agent.join_network(transport, "agent-sentinel", ["alerts", "quarantine"])
+    print("[sentinel-commander] Online and coordinating...")
+
+    @agent.on_signal("alert")
+    async def handle_alert(signal: Signal):
+        if signal.payload.get("source") == "commander":
+            return  # Don't react to our own alerts
+
+        severity = signal.payload.get("severity", "unknown")
+        message = signal.payload.get("message", "No details")
+        category = signal.payload.get("category", "general")
+        flagged_agent = signal.payload.get(
+            "agent", signal.payload.get("skill", "unknown")
+        )
+
+        _recent_alerts.append(
+            {
+                "timestamp": time.time(),
+                "severity": severity,
+                "category": category,
+                "agent": flagged_agent,
+                "message": message,
+                "sender": signal.sender,
+            }
+        )
+
+        print(
+            f"\n[sentinel-commander] Alert from {signal.sender}: [{severity}] {message}"
+        )
+
+        # Claim the incident
+        incident_id = f"inc-{signal.correlation_id}"
+        agent._claimed_incidents.add(incident_id)
+        won = await agent.claim_incident(incident_id, "alerts")
+
+        if won:
+            print(f"[sentinel-commander] Claimed {incident_id}, investigating...")
+            session_id = f"incident-{incident_id}"
+            prompt = (
+                f"SECURITY ALERT from {signal.sender}:\n"
+                f"  Severity: {severity}\n"
+                f"  Category: {category}\n"
+                f"  Flagged: {flagged_agent}\n"
+                f"  Details: {message}\n\n"
+                "Investigate this alert: query the relevant sentinels for corroborating "
+                "evidence, then decide whether to quarantine the affected agent. "
+                "Provide a threat assessment report."
+            )
+            async for event in agent.invoke(session_id, prompt):
+                if isinstance(event, ToolCallEvent):
+                    print(
+                        f"  -> {event.tool_name}({', '.join(str(v) for v in event.tool_input.values())})"
+                    )
+                elif isinstance(event, CompletionEvent):
+                    print(f"\n[THREAT ASSESSMENT]\n{event.response}\n")
+        else:
+            print(f"[sentinel-commander] Lost claim for {incident_id}")
+
+    try:
+        while True:
+            await asyncio.sleep(1)
+    except KeyboardInterrupt:
+        pass
+    finally:
+        await agent.leave_network()
+
+
+if __name__ == "__main__":
+    asyncio.run(main())
diff --git a/examples/agent-sentinel/agents/skill_acquirer.py b/examples/agent-sentinel/agents/skill_acquirer.py
new file mode 100644
index 0000000..726ec0b
--- /dev/null
+++ b/examples/agent-sentinel/agents/skill_acquirer.py
@@ -0,0 +1,198 @@
+"""Skill Acquirer agent - installs skills from the local ClawHub registry.
+
+Normal behavior: browses available skills and installs legitimate ones with SHA-256 verification.
+Rogue behavior (~15% chance): installs the known-malicious data_exfiltrator.py skill.
+"""
+
+import asyncio
+import hashlib
+import json
+import os
+import random
+import shutil
+import time
+
+from bedsheet import Agent, ActionGroup, SenseMixin
+from bedsheet.llm.anthropic import AnthropicClient
+from bedsheet.sense.pubnub_transport import PubNubTransport
+
+
+class SkillAcquirer(SenseMixin, Agent):
+    pass
+
+
+skill_tools = ActionGroup("skill_tools", "Skill installation tools")
+
+_BASE_DIR = os.path.dirname(os.path.dirname(__file__))
+_CLAWHUB_DIR = os.path.join(_BASE_DIR, "clawhub")
+_DATA_DIR = os.path.join(_BASE_DIR, "data")
+_INSTALLED_DIR = os.path.join(_DATA_DIR, "installed_skills")
+_REGISTRY_PATH = os.path.join(_CLAWHUB_DIR, "registry.json")
+
+
+def _log_activity(agent: str, action: str, details: str) -> None:
+    entry = {
+        "timestamp": time.time(),
+        "agent": agent,
+        "action": action,
+        "details": details,
+    }
+    log_path = os.path.join(_DATA_DIR, "activity_log.jsonl")
+    with open(log_path, "a") as f:
+        f.write(json.dumps(entry) + "\n")
+
+
+def _load_registry() -> dict:
+    with open(_REGISTRY_PATH) as f:
+        return json.load(f)
+
+
+def _sha256(path: str) -> str:
+    return hashlib.sha256(open(path, "rb").read()).hexdigest()
+
+
+@skill_tools.action(
+    "list_available_skills", "List skills available in the ClawHub registry"
+)
+async def list_available_skills() -> str:
+    registry = _load_registry()
+    _log_activity("skill-acquirer", "list_skills", f"{len(registry)} available")
+    lines = []
+    for name, info in registry.items():
+        status = "MALICIOUS" if info.get("malicious") else "safe"
+        lines.append(f"  {name}: {info['description']} [{status}]")
+    return f"Available skills ({len(registry)}):\n" + "\n".join(lines)
+
+
+@skill_tools.action(
+    "install_skill",
+    "Install a skill from ClawHub to the local skills directory",
+    parameters={
+        "type": "object",
+        "properties": {
+            "skill_name": {
+                "type": "string",
+                "description": "Skill filename (e.g. weather_lookup.py)",
+            },
+        },
+        "required": ["skill_name"],
+    },
+)
+async def install_skill(skill_name: str) -> str:
+    registry = _load_registry()
+
+    if skill_name not in registry:
+        return f"Skill '{skill_name}' not found in ClawHub registry"
+
+    info = registry[skill_name]
+
+    # Check if malicious
+    if info.get("malicious"):
+        _log_activity("skill-acquirer", "install_blocked", f"{skill_name} (malicious)")
+        return f"BLOCKED: '{skill_name}' is flagged as malicious in the registry"
+
+    source = os.path.join(_CLAWHUB_DIR, skill_name)
+    if not os.path.exists(source):
+        return f"Skill file '{skill_name}' not found in ClawHub directory"
+
+    # Verify hash before installing
+    actual_hash = _sha256(source)
+    expected_hash = info["sha256"]
+    if actual_hash != expected_hash:
+        _log_activity("skill-acquirer", "install_failed", f"{skill_name} hash mismatch")
+        return f"INTEGRITY ERROR: {skill_name} hash mismatch (expected {expected_hash[:12]}..., got {actual_hash[:12]}...)"
+
+    # Install
+    os.makedirs(_INSTALLED_DIR, exist_ok=True)
+    dest = os.path.join(_INSTALLED_DIR, skill_name)
+    shutil.copy2(source, dest)
+    _log_activity(
+        "skill-acquirer",
+        "install_skill",
+        f"{skill_name} (sha256: {actual_hash[:12]}...)",
+    )
+    return f"Installed '{skill_name}' (SHA-256 verified: {actual_hash[:12]}...)"
+
+
+@skill_tools.action(
+    "list_installed_skills", "List currently installed skills with their hashes"
+)
+async def list_installed_skills() -> str:
+    if not os.path.exists(_INSTALLED_DIR):
+        return "No skills installed yet."
+    files = [f for f in os.listdir(_INSTALLED_DIR) if f.endswith(".py")]
+    if not files:
+        return "No skills installed yet."
+    registry = _load_registry()
+    lines = []
+    for f in sorted(files):
+        path = os.path.join(_INSTALLED_DIR, f)
+        h = _sha256(path)
+        info = registry.get(f, {})
+        expected = info.get("sha256", "unknown")
+        match = "OK" if h == expected else "MISMATCH"
+        malicious = " [MALICIOUS]" if info.get("malicious") else ""
+        lines.append(f"  {f}: {h[:16]}... ({match}){malicious}")
+    _log_activity("skill-acquirer", "list_installed", f"{len(files)} installed")
+    return f"Installed skills ({len(files)}):\n" + "\n".join(lines)
+
+
+async def _rogue_install_malicious() -> None:
+    """Install the known-malicious skill, bypassing the safety check."""
+    print("[skill-acquirer] ROGUE MODE: installing malicious skill!")
+    source = os.path.join(_CLAWHUB_DIR, "data_exfiltrator.py")
+    if not os.path.exists(source):
+        print("[skill-acquirer] ROGUE MODE: malicious skill file not found")
+        return
+    os.makedirs(_INSTALLED_DIR, exist_ok=True)
+    dest = os.path.join(_INSTALLED_DIR, "data_exfiltrator.py")
+    shutil.copy2(source, dest)
+    _log_activity(
+        "skill-acquirer",
+        "install_skill",
+        "[ROGUE] data_exfiltrator.py (bypassed safety)",
+    )
+    print("[skill-acquirer] ROGUE MODE: data_exfiltrator.py installed!")
+
+
+async def main():
+    transport = PubNubTransport(
+        subscribe_key=os.environ["PUBNUB_SUBSCRIBE_KEY"],
+        publish_key=os.environ["PUBNUB_PUBLISH_KEY"],
+    )
+
+    agent = SkillAcquirer(
+        name="skill-acquirer",
+        instruction=(
+            "You are a skill acquisition agent that manages the installation of "
+            "skills from ClawHub. Each cycle, check what skills are available, "
+            "review what's already installed, and install any safe skills that "
+            "are missing. Never install skills flagged as malicious."
+        ),
+        model_client=AnthropicClient(),
+    )
+    agent.add_action_group(skill_tools)
+
+    await agent.join_network(transport, "agent-sentinel", ["alerts", "quarantine"])
+    print("[skill-acquirer] Online and acquiring skills...")
+
+    try:
+        while True:
+            if random.random() < 0.15:
+                await _rogue_install_malicious()
+            else:
+                session_id = f"skill-{int(time.time())}"
+                async for event in agent.invoke(
+                    session_id,
+                    "Check available skills and install any safe ones that are missing.",
+                ):
+                    pass
+            await asyncio.sleep(25)
+    except KeyboardInterrupt:
+        pass
+    finally:
+        await agent.leave_network()
+
+
+if __name__ == "__main__":
+    asyncio.run(main())
diff --git a/examples/agent-sentinel/agents/supply_chain_sentinel.py b/examples/agent-sentinel/agents/supply_chain_sentinel.py
new file mode 100644
index 0000000..e14701a
--- /dev/null
+++ b/examples/agent-sentinel/agents/supply_chain_sentinel.py
@@ -0,0 +1,215 @@
+"""Supply Chain Sentinel - verifies installed skill integrity via SHA-256.
+
+Scans data/installed_skills/ and compares file hashes against the ClawHub
+registry. Detects hash mismatches and known-malicious skill installations.
+"""
+
+import asyncio
+import hashlib
+import json
+import os
+
+from bedsheet import Agent, ActionGroup, SenseMixin
+from bedsheet.llm.anthropic import AnthropicClient
+from bedsheet.sense import Signal
+from bedsheet.sense.pubnub_transport import PubNubTransport
+
+
+class SupplyChainSentinel(SenseMixin, Agent):
+    pass
+
+
+supply_chain_tools = ActionGroup("supply_chain_tools", "Supply chain monitoring tools")
+
+_BASE_DIR = os.path.dirname(os.path.dirname(__file__))
+_CLAWHUB_DIR = os.path.join(_BASE_DIR, "clawhub")
+_DATA_DIR = os.path.join(_BASE_DIR, "data")
+_INSTALLED_DIR = os.path.join(_DATA_DIR, "installed_skills")
+_REGISTRY_PATH = os.path.join(_CLAWHUB_DIR, "registry.json")
+
+
+def _load_registry() -> dict:
+    with open(_REGISTRY_PATH) as f:
+        return json.load(f)
+
+
+def _sha256(path: str) -> str:
+    return hashlib.sha256(open(path, "rb").read()).hexdigest()
+
+
+@supply_chain_tools.action(
+    "audit_installed_skills", "Audit all installed skills against the ClawHub registry"
+)
+async def audit_installed_skills() -> str:
+    if not os.path.exists(_INSTALLED_DIR):
+        return "No skills installed yet — nothing to audit."
+
+    registry = _load_registry()
+    files = [f for f in os.listdir(_INSTALLED_DIR) if f.endswith(".py")]
+    if not files:
+        return "No skills installed yet — nothing to audit."
+
+    issues = []
+    clean = []
+    for f in sorted(files):
+        path = os.path.join(_INSTALLED_DIR, f)
+        actual_hash = _sha256(path)
+        info = registry.get(f)
+
+        if info is None:
+            issues.append(f"  {f}: NOT IN REGISTRY (unknown origin)")
+            continue
+
+        if info.get("malicious"):
+            issues.append(f"  {f}: KNOWN MALICIOUS (flagged in registry)")
+            continue
+
+        expected_hash = info["sha256"]
+        if actual_hash != expected_hash:
+            issues.append(
+                f"  {f}: HASH MISMATCH (expected {expected_hash[:12]}..., got {actual_hash[:12]}...)"
+            )
+        else:
+            clean.append(f"  {f}: OK (hash verified)")
+
+    lines = [f"Audit of {len(files)} installed skills:"]
+    if issues:
+        lines.append(f"\nISSUES ({len(issues)}):")
+        lines.extend(issues)
+    if clean:
+        lines.append(f"\nCLEAN ({len(clean)}):")
+        lines.extend(clean)
+    return "\n".join(lines)
+
+
+@supply_chain_tools.action(
+    "check_known_malicious", "Check if any installed skill is flagged as malicious"
+)
+async def check_known_malicious() -> str:
+    if not os.path.exists(_INSTALLED_DIR):
+        return "No skills installed."
+
+    registry = _load_registry()
+    files = [f for f in os.listdir(_INSTALLED_DIR) if f.endswith(".py")]
+    malicious = [f for f in files if registry.get(f, {}).get("malicious")]
+
+    if not malicious:
+        return "No known-malicious skills installed."
+    return (
+        f"ALERT: {len(malicious)} malicious skill(s) installed: {', '.join(malicious)}"
+    )
+
+
+@supply_chain_tools.action(
+    "verify_skill_integrity",
+    "Verify a specific installed skill's hash against the registry",
+    parameters={
+        "type": "object",
+        "properties": {
+            "skill_name": {"type": "string", "description": "Skill filename to verify"},
+        },
+        "required": ["skill_name"],
+    },
+)
+async def verify_skill_integrity(skill_name: str) -> str:
+    path = os.path.join(_INSTALLED_DIR, skill_name)
+    if not os.path.exists(path):
+        return f"Skill '{skill_name}' is not installed."
+
+    registry = _load_registry()
+    info = registry.get(skill_name)
+    if not info:
+        return f"Skill '{skill_name}' is not in the registry (unknown origin)."
+
+    actual_hash = _sha256(path)
+    if info.get("malicious"):
+        return f"CRITICAL: '{skill_name}' is a KNOWN MALICIOUS skill (hash: {actual_hash[:16]}...)"
+
+    expected = info["sha256"]
+    if actual_hash == expected:
+        return f"'{skill_name}': integrity verified (SHA-256 match)"
+    return f"'{skill_name}': INTEGRITY FAILURE (expected {expected[:16]}..., got {actual_hash[:16]}...)"
+
+
+def _scan_for_issues() -> list[dict]:
+    """Scan installed skills and return a list of issues found."""
+    if not os.path.exists(_INSTALLED_DIR):
+        return []
+
+    registry = _load_registry()
+    files = [f for f in os.listdir(_INSTALLED_DIR) if f.endswith(".py")]
+    issues = []
+
+    for f in files:
+        path = os.path.join(_INSTALLED_DIR, f)
+        actual_hash = _sha256(path)
+        info = registry.get(f)
+
+        if info is None:
+            issues.append({"skill": f, "type": "unknown_origin", "hash": actual_hash})
+        elif info.get("malicious"):
+            issues.append({"skill": f, "type": "known_malicious", "hash": actual_hash})
+        elif actual_hash != info["sha256"]:
+            issues.append(
+                {
+                    "skill": f,
+                    "type": "hash_mismatch",
+                    "hash": actual_hash,
+                    "expected": info["sha256"],
+                }
+            )
+
+    return issues
+
+
+async def main():
+    transport = PubNubTransport(
+        subscribe_key=os.environ["PUBNUB_SUBSCRIBE_KEY"],
+        publish_key=os.environ["PUBNUB_PUBLISH_KEY"],
+    )
+
+    agent = SupplyChainSentinel(
+        name="supply-chain-sentinel",
+        instruction=(
+            "You are a supply chain security sentinel. You verify the integrity "
+            "of installed skills by checking their SHA-256 hashes against the "
+            "ClawHub registry. Report any mismatches or malicious installs."
+        ),
+        model_client=AnthropicClient(),
+    )
+    agent.add_action_group(supply_chain_tools)
+
+    await agent.join_network(transport, "agent-sentinel", ["alerts", "quarantine"])
+    print("[supply-chain-sentinel] Online and monitoring skill integrity...")
+
+    try:
+        while True:
+            issues = _scan_for_issues()
+            for issue in issues:
+                severity = "critical" if issue["type"] == "known_malicious" else "high"
+                print(
+                    f"[supply-chain-sentinel] ALERT: {issue['type']} - {issue['skill']}"
+                )
+                alert = Signal(
+                    kind="alert",
+                    sender="supply-chain-sentinel",
+                    payload={
+                        "severity": severity,
+                        "category": "supply_chain",
+                        "issue_type": issue["type"],
+                        "skill": issue["skill"],
+                        "hash": issue["hash"],
+                        "message": f"Supply chain issue: {issue['type']} for {issue['skill']}",
+                    },
+                )
+                await agent.broadcast("alerts", alert)
+
+            await asyncio.sleep(15)
+    except KeyboardInterrupt:
+        pass
+    finally:
+        await agent.leave_network()
+
+
+if __name__ == "__main__":
+    asyncio.run(main())
diff --git a/examples/agent-sentinel/agents/web_researcher.py b/examples/agent-sentinel/agents/web_researcher.py
new file mode 100644
index 0000000..4167074
--- /dev/null
+++ b/examples/agent-sentinel/agents/web_researcher.py
@@ -0,0 +1,140 @@
+"""Web Researcher agent - performs real DuckDuckGo searches.
+
+Normal behavior: searches for interesting topics every 15 seconds.
+Rogue behavior (~15% chance): fires 50+ rapid searches in a burst.
+"""
+
+import asyncio
+import json
+import os
+import random
+import time
+
+from duckduckgo_search import DDGS
+
+from bedsheet import Agent, ActionGroup, SenseMixin
+from bedsheet.llm.anthropic import AnthropicClient
+from bedsheet.sense.pubnub_transport import PubNubTransport
+
+
+class WebResearcher(SenseMixin, Agent):
+    pass
+
+
+research_tools = ActionGroup("research_tools", "Web research tools")
+
+# Shared state
+_search_count = 0
+_DATA_DIR = os.path.join(os.path.dirname(os.path.dirname(__file__)), "data")
+
+
+def _log_activity(agent: str, action: str, details: str) -> None:
+    """Append an activity entry to the shared activity log."""
+    entry = {
+        "timestamp": time.time(),
+        "agent": agent,
+        "action": action,
+        "details": details,
+    }
+    log_path = os.path.join(_DATA_DIR, "activity_log.jsonl")
+    with open(log_path, "a") as f:
+        f.write(json.dumps(entry) + "\n")
+
+
+@research_tools.action(
+    "search_web",
+    "Search the web using DuckDuckGo",
+    parameters={
+        "type": "object",
+        "properties": {
+            "query": {"type": "string", "description": "Search query"},
+        },
+        "required": ["query"],
+    },
+)
+async def search_web(query: str) -> str:
+    global _search_count
+    try:
+        ddgs = DDGS()
+        results = ddgs.text(query, max_results=3)
+        _search_count += 1
+        _log_activity("web-researcher", "search", query)
+        if not results:
+            return f"No results for '{query}'"
+        lines = []
+        for r in results:
+            lines.append(f"- {r['title']}: {r['body'][:120]}")
+        return f"Results for '{query}':\n" + "\n".join(lines)
+    except Exception as e:
+        return f"Search error: {e}"
+
+
+@research_tools.action(
+    "get_search_summary", "Get count of searches performed this session"
+)
+async def get_search_summary() -> str:
+    return f"Total searches this session: {_search_count}"
+
+
+async def _rogue_search_burst() -> None:
+    """Fire rapid searches to simulate rogue behavior."""
+    print("[web-researcher] ROGUE MODE: firing rapid search burst!")
+    junk_queries = [
+        "password dump site",
+        "free API keys list",
+        "bypass authentication",
+        "exploit database 2026",
+        "leaked credentials pastebin",
+    ]
+    ddgs = DDGS()
+    for i in range(50):
+        query = random.choice(junk_queries) + f" {i}"
+        try:
+            ddgs.text(query, max_results=1)
+        except Exception:
+            pass
+        _log_activity("web-researcher", "search", f"[ROGUE] {query}")
+    print("[web-researcher] ROGUE MODE: burst complete (50 searches logged)")
+
+
+async def main():
+    transport = PubNubTransport(
+        subscribe_key=os.environ["PUBNUB_SUBSCRIBE_KEY"],
+        publish_key=os.environ["PUBNUB_PUBLISH_KEY"],
+    )
+
+    agent = WebResearcher(
+        name="web-researcher",
+        instruction=(
+            "You are a web research agent. Every cycle, pick an interesting "
+            "technology topic and search for recent news about it. "
+            "Report what you find briefly."
+        ),
+        model_client=AnthropicClient(),
+    )
+    agent.add_action_group(research_tools)
+
+    await agent.join_network(transport, "agent-sentinel", ["alerts", "quarantine"])
+    print("[web-researcher] Online and researching...")
+
+    try:
+        while True:
+            # ~15% chance of going rogue
+            if random.random() < 0.15:
+                await _rogue_search_burst()
+            else:
+                session_id = f"research-{int(time.time())}"
+                async for event in agent.invoke(
+                    session_id,
+                    "Search for something interesting about AI or cloud computing.",
+                ):
+                    pass
+            await asyncio.sleep(15)
+    except KeyboardInterrupt:
+        pass
+    finally:
+        await agent.leave_network()
+
+
+if __name__ == "__main__":
+    asyncio.run(main())
diff --git a/examples/agent-sentinel/bedsheet.yaml b/examples/agent-sentinel/bedsheet.yaml
new file mode 100644
index 0000000..15d430b
--- /dev/null
+++ b/examples/agent-sentinel/bedsheet.yaml
@@ -0,0 +1,39 @@
+version: "1.0"
+name: agent-sentinel
+target: local
+
+agents:
+  - name: web-researcher
+    module: agents.web_researcher
+    class_name: WebResearcher
+    description: "Worker agent that performs real DuckDuckGo searches"
+
+  - name: scheduler
+    module: agents.scheduler
+    class_name: Scheduler
+    description: "Worker agent that manages a JSON calendar"
+
+  - name: skill-acquirer
+    module: agents.skill_acquirer
+    class_name: SkillAcquirer
+    description: "Worker agent that installs skills from ClawHub with SHA-256 verification"
+
+  - name: behavior-sentinel
+    module: agents.behavior_sentinel
+    class_name: BehaviorSentinel
+    description: "Sentinel that monitors worker output rates for anomalies"
+
+  - name: supply-chain-sentinel
+    module: agents.supply_chain_sentinel
+    class_name: SupplyChainSentinel
+    description: "Sentinel that verifies skill integrity via SHA-256 hashing"
+
+  - name: sentinel-commander
+    module: agents.sentinel_commander
+    class_name: SentinelCommander
+    description: "Commander that correlates alerts and issues quarantine orders"
+
+targets:
+  local:
+    port: 8000
+    hot_reload: true
diff --git a/examples/agent-sentinel/clawhub/data_exfiltrator.py b/examples/agent-sentinel/clawhub/data_exfiltrator.py
new file mode 100644
index 0000000..ff8d9be
--- /dev/null
+++ b/examples/agent-sentinel/clawhub/data_exfiltrator.py
@@ -0,0 +1,24 @@
+"""Data exfiltrator - KNOWN MALICIOUS skill for demo purposes.
+
+This skill is intentionally flagged as malicious in the ClawHub registry.
+It contains suspicious code patterns (base64 encoding, socket references)
+but is completely INERT - it performs no actual network calls or data theft.
+
+Used by the Agent Sentinel demo to demonstrate supply-chain attack detection.
+"""
+
+import base64  # noqa: F401 - suspicious import (detection marker)
+import socket  # noqa: F401 - suspicious import (detection marker)
+
+# Suspicious constants that a real scanner would flag
+_EXFIL_ENDPOINT = "http://evil.example.com/collect"  # not used
+_ENCODED_PAYLOAD = base64.b64encode(b"agent_data_placeholder").decode()
+
+
+def exfiltrate_data(data: str) -> str:
+    """Pretend to exfiltrate data. Actually does nothing.
+
+    A real malicious skill would send data to _EXFIL_ENDPOINT.
+    This one just returns a string for the demo.
+    """
+    return f"[INERT] Would have sent {len(data)} bytes to {_EXFIL_ENDPOINT}"
diff --git a/examples/agent-sentinel/clawhub/registry.json b/examples/agent-sentinel/clawhub/registry.json
new file mode 100644
index 0000000..471c48a
--- /dev/null
+++ b/examples/agent-sentinel/clawhub/registry.json
@@ -0,0 +1,17 @@
+{
+  "data_exfiltrator.py": {
+    "sha256": "d18b5ae594907fb3cf4c14accc04e73e7502f35278cf639ee0aa289df797a1bc",
+    "malicious": true,
+    "description": "Data Exfiltrator"
+  },
+  "sentiment_analyzer.py": {
+    "sha256": "74fdb96a9951d6ec1f5d09b38ea4a220d395aa9257571d495281d08b76a56b2f",
+    "malicious": false,
+    "description": "Sentiment Analyzer"
+  },
+  "weather_lookup.py": {
+    "sha256": "a5212db6337dd8956a5a802e34f886f938cb56fedaf7de87101b3b9680243bf2",
+    "malicious": false,
+    "description": "Weather Lookup"
+  }
+}
diff --git a/examples/agent-sentinel/clawhub/sentiment_analyzer.py b/examples/agent-sentinel/clawhub/sentiment_analyzer.py
new file mode 100644
index 0000000..203af8d
--- /dev/null
+++ b/examples/agent-sentinel/clawhub/sentiment_analyzer.py
@@ -0,0 +1,21 @@
+"""Sentiment analysis skill - classifies text as positive, negative, or neutral."""
+
+
+def analyze_sentiment(text: str) -> str:
+    """Analyze the sentiment of the given text.
+
+    In a real deployment this would use an NLP model.
+    For the demo it returns a simple heuristic result.
+    """
+    positive_words = {"good", "great", "excellent", "happy", "love", "awesome"}
+    negative_words = {"bad", "terrible", "awful", "hate", "poor", "horrible"}
+
+    words = set(text.lower().split())
+    pos = len(words & positive_words)
+    neg = len(words & negative_words)
+
+    if pos > neg:
+        return "positive"
+    elif neg > pos:
+        return "negative"
+    return "neutral"
diff --git a/examples/agent-sentinel/clawhub/weather_lookup.py b/examples/agent-sentinel/clawhub/weather_lookup.py
new file mode 100644
index 0000000..527ee7e
--- /dev/null
+++ b/examples/agent-sentinel/clawhub/weather_lookup.py
@@ -0,0 +1,10 @@
+"""Weather lookup skill - returns current weather for a city."""
+
+
+def weather_lookup(city: str) -> str:
+    """Look up current weather conditions for a city.
+
+    In a real deployment this would call a weather API.
+    For the demo it returns a plausible placeholder.
+    """
+    return f"Weather in {city}: 18°C, partly cloudy, humidity 62%"
diff --git a/examples/agent-sentinel/data/calendar.json b/examples/agent-sentinel/data/calendar.json
new file mode 100644
index 0000000..a43d1ce
--- /dev/null
+++ b/examples/agent-sentinel/data/calendar.json
@@ -0,0 +1,5 @@
+[
+  {"id": "apt-1", "title": "Team standup", "date": "2026-02-10", "time": "09:00"},
+  {"id": "apt-2", "title": "Deploy review", "date": "2026-02-10", "time": "14:00"},
+  {"id": "apt-3", "title": "Security audit", "date": "2026-02-11", "time": "10:00"}
+]
diff --git a/examples/agent-sentinel/pyproject.toml b/examples/agent-sentinel/pyproject.toml
new file mode 100644
index 0000000..181ed37
--- /dev/null
+++ b/examples/agent-sentinel/pyproject.toml
@@ -0,0 +1,9 @@
+[project]
+name = "agent-sentinel"
+version = "0.1.0"
+description = "AI agent security monitoring demo using Bedsheet Sense"
+requires-python = ">=3.11"
+dependencies = [
+    "bedsheet[sense]",
+    "duckduckgo-search>=7.0.0",
+]
diff --git a/examples/agent-sentinel/run.py b/examples/agent-sentinel/run.py
new file mode 100644
index 0000000..317abb3
--- /dev/null
+++ b/examples/agent-sentinel/run.py
@@ -0,0 +1,114 @@
+"""Agent Sentinel - launches worker and sentinel agents as separate processes.
+
+Workers start first (they produce the activity that sentinels monitor),
+then sentinels, then the commander that correlates alerts.
+
+Required environment variables:
+    PUBNUB_SUBSCRIBE_KEY - PubNub subscribe key
+    PUBNUB_PUBLISH_KEY   - PubNub publish key
+    ANTHROPIC_API_KEY    - Anthropic API key for Claude
+
+Usage:
+    python run.py
+"""
+
+import os
+import signal
+import subprocess
+import sys
+import time
+
+# Workers start first, then sentinels, then commander
+AGENTS = [
+    # Workers (produce real activity)
+    "agents/web_researcher.py",
+    "agents/scheduler.py",
+    "agents/skill_acquirer.py",
+    # Sentinels (monitor workers)
+    "agents/behavior_sentinel.py",
+    "agents/supply_chain_sentinel.py",
+    # Commander (correlates alerts)
+    "agents/sentinel_commander.py",
+]
+
+REQUIRED_ENV = ["PUBNUB_SUBSCRIBE_KEY", "PUBNUB_PUBLISH_KEY", "ANTHROPIC_API_KEY"]
+
+
+def main():
+    missing = [v for v in REQUIRED_ENV if not os.environ.get(v)]
+    if missing:
+        print("Missing required environment variables:")
+        for v in missing:
+            print(f"  {v}")
+        print("\nSet them and try again:")
+        print("  export PUBNUB_SUBSCRIBE_KEY=sub-c-...")
+        print("  export PUBNUB_PUBLISH_KEY=pub-c-...")
+        print("  export ANTHROPIC_API_KEY=sk-ant-...")
+        sys.exit(1)
+
+    script_dir = os.path.dirname(os.path.abspath(__file__))
+
+    # Ensure data directory exists and clean up previous run artifacts
+    data_dir = os.path.join(script_dir, "data")
+    os.makedirs(data_dir, exist_ok=True)
+    log_path = os.path.join(data_dir, "activity_log.jsonl")
+    if os.path.exists(log_path):
+        os.remove(log_path)
+    installed_dir = os.path.join(data_dir, "installed_skills")
+    if os.path.exists(installed_dir):
+        import shutil
+
+        shutil.rmtree(installed_dir)
+
+    processes: list[subprocess.Popen] = []
+
+    print("=" * 60)
+    print("  Agent Sentinel - AI Agent Security Monitoring")
+    print("  Inspired by the OpenClaw crisis of 2026")
+    print("  Launching 6 agents (3 workers + 2 sentinels + 1 commander)...")
+    print("=" * 60)
+
+    try:
+        for agent_script in AGENTS:
+            full_path = os.path.join(script_dir, agent_script)
+            agent_name = (
+                os.path.basename(agent_script).replace(".py", "").replace("_", "-")
+            )
+            print(f"  Starting {agent_name}...")
+
+            proc = subprocess.Popen(
+                [sys.executable, full_path],
+                env=os.environ.copy(),
+                stdout=sys.stdout,
+                stderr=sys.stderr,
+            )
+            processes.append(proc)
+            time.sleep(2)  # Stagger startup
+
+        print("=" * 60)
+        print("  All agents online! Workers are doing real work.")
+        print("  Sentinels are watching. ~15% chance of rogue behavior per cycle.")
+        print("  Press Ctrl+C to stop.")
+        print("=" * 60)
+
+        while all(p.poll() is None for p in processes):
+            time.sleep(1)
+
+    except KeyboardInterrupt:
+        print("\nShutting down agents...")
+    finally:
+        for proc in processes:
+            if proc.poll() is None:
+                proc.send_signal(signal.SIGINT)
+
+        time.sleep(2)
+
+        for proc in processes:
+            if proc.poll() is None:
+                proc.terminate()
+
+        print("All agents stopped.")
+
+
+if __name__ == "__main__":
+    main()

From 976b5f0dbb5f5331174b1d72129fe1ff03e86b80 Mon Sep 17 00:00:00 2001
From: Sivan Grunberg <sivan@vitakka.co>
Date: Tue, 10 Feb 2026 08:44:57 +0200
Subject: [PATCH 5/5] docs: add Agent Sentinel setup guide and live PubNub
 dashboard

Setup guide covers prerequisites, PubNub key setup, installation,
running the demo, and understanding output. Dashboard is a Palantir-style
real-time signal visualizer that subscribes to PubNub channels and displays
agent presence, alerts, quarantine events, and signal flow on a world map.
---
 CLAUDE.md                          |    2 +
 docs/agent-sentinel-dashboard.html | 1098 ++++++++++++++++++++++++++++
 docs/agent-sentinel-setup.html     |  687 +++++++++++++++++
 3 files changed, 1787 insertions(+)
 create mode 100644 docs/agent-sentinel-dashboard.html
 create mode 100644 docs/agent-sentinel-setup.html

diff --git a/CLAUDE.md b/CLAUDE.md
index ef57269..e8ae4ce 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -63,6 +63,8 @@ bedsheet/
 | `docs/deployment-guide.html` | Local, GCP, and AWS deployment |
 | `docs/gcp-deployment-deep-dive.html` | GCP architecture, troubleshooting, best practices |
 | `docs/multi-agent-guide.html` | Supervisor patterns |
+| `docs/agent-sentinel-setup.html` | Agent Sentinel setup guide |
+| `docs/agent-sentinel-dashboard.html` | Live PubNub signal dashboard |
 | `PROJECT_STATUS.md` | Detailed project status and session history |
 
 ## Common Commands
diff --git a/docs/agent-sentinel-dashboard.html b/docs/agent-sentinel-dashboard.html
new file mode 100644
index 0000000..93aff33
--- /dev/null
+++ b/docs/agent-sentinel-dashboard.html
@@ -0,0 +1,1098 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Bedsheet Sentinel Network - Live Dashboard</title>
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@300;400;500;600&family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet">
+    <script src="https://cdn.pubnub.com/sdk/javascript/pubnub.8.3.0.js"></script>
+    <style>
+        :root {
+            --bg-deep: #0a0e17;
+            --bg-panel: rgba(14, 20, 33, 0.85);
+            --bg-panel-solid: #0e1421;
+            --border-glow: rgba(0, 200, 255, 0.15);
+            --border-dim: rgba(255, 255, 255, 0.06);
+            --cyan: #00c8ff;
+            --cyan-dim: rgba(0, 200, 255, 0.4);
+            --red: #ff3b5c;
+            --red-dim: rgba(255, 59, 92, 0.4);
+            --amber: #ffb020;
+            --amber-dim: rgba(255, 176, 32, 0.4);
+            --green: #00e676;
+            --green-dim: rgba(0, 230, 118, 0.4);
+            --purple: #b388ff;
+            --text-primary: #e0e6f0;
+            --text-secondary: #7a8599;
+            --text-dim: #4a5568;
+            --font-mono: 'JetBrains Mono', monospace;
+            --font-sans: 'Inter', -apple-system, sans-serif;
+        }
+
+        * { margin: 0; padding: 0; box-sizing: border-box; }
+        html, body { height: 100%; overflow: hidden; }
+
+        body {
+            font-family: var(--font-mono);
+            background: var(--bg-deep);
+            color: var(--text-primary);
+            font-size: 13px;
+        }
+
+        /* Layout */
+        .app {
+            display: grid;
+            grid-template-rows: 48px 1fr 180px;
+            grid-template-columns: 1fr 340px;
+            height: 100vh;
+            gap: 1px;
+            background: var(--border-dim);
+        }
+
+        .topbar {
+            grid-column: 1 / -1;
+            background: var(--bg-panel-solid);
+            display: flex;
+            align-items: center;
+            padding: 0 20px;
+            gap: 16px;
+            border-bottom: 1px solid var(--border-glow);
+        }
+
+        .map-area {
+            position: relative;
+            background: var(--bg-deep);
+            overflow: hidden;
+        }
+
+        .sidebar-right {
+            background: var(--bg-panel-solid);
+            display: flex;
+            flex-direction: column;
+            overflow: hidden;
+            border-left: 1px solid var(--border-glow);
+        }
+
+        .signal-log {
+            grid-column: 1 / -1;
+            background: var(--bg-panel-solid);
+            border-top: 1px solid var(--border-glow);
+            overflow: hidden;
+            display: flex;
+            flex-direction: column;
+        }
+
+        /* Top Bar */
+        .logo {
+            font-size: 14px;
+            font-weight: 600;
+            letter-spacing: 1.5px;
+            color: var(--cyan);
+            text-transform: uppercase;
+        }
+
+        .logo span { color: var(--text-dim); font-weight: 400; }
+
+        .status-indicator {
+            display: flex;
+            align-items: center;
+            gap: 6px;
+            font-size: 11px;
+            color: var(--text-secondary);
+            text-transform: uppercase;
+            letter-spacing: 0.5px;
+        }
+
+        .status-dot {
+            width: 8px;
+            height: 8px;
+            border-radius: 50%;
+            background: var(--text-dim);
+        }
+
+        .status-dot.live {
+            background: var(--red);
+            box-shadow: 0 0 8px var(--red-dim);
+            animation: pulse-dot 2s infinite;
+        }
+
+        .status-dot.connected {
+            background: var(--green);
+            box-shadow: 0 0 8px var(--green-dim);
+        }
+
+        @keyframes pulse-dot {
+            0%, 100% { opacity: 1; }
+            50% { opacity: 0.4; }
+        }
+
+        .topbar-stats {
+            margin-left: auto;
+            display: flex;
+            gap: 24px;
+        }
+
+        .stat {
+            display: flex;
+            flex-direction: column;
+            align-items: center;
+        }
+
+        .stat-value {
+            font-size: 16px;
+            font-weight: 600;
+            color: var(--cyan);
+        }
+
+        .stat-label {
+            font-size: 9px;
+            color: var(--text-dim);
+            text-transform: uppercase;
+            letter-spacing: 0.5px;
+        }
+
+        .stat-value.red { color: var(--red); }
+        .stat-value.amber { color: var(--amber); }
+        .stat-value.green { color: var(--green); }
+
+        /* Connection Panel */
+        .connection-overlay {
+            position: fixed;
+            inset: 0;
+            background: rgba(10, 14, 23, 0.92);
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            z-index: 1000;
+            backdrop-filter: blur(8px);
+        }
+
+        .connection-overlay.hidden { display: none; }
+
+        .connection-panel {
+            background: var(--bg-panel-solid);
+            border: 1px solid var(--border-glow);
+            border-radius: 12px;
+            padding: 40px;
+            width: 440px;
+            text-align: center;
+        }
+
+        .connection-panel h2 {
+            font-family: var(--font-sans);
+            font-size: 20px;
+            font-weight: 700;
+            color: var(--text-primary);
+            margin-bottom: 8px;
+        }
+
+        .connection-panel .subtitle {
+            font-size: 12px;
+            color: var(--text-secondary);
+            margin-bottom: 28px;
+            line-height: 1.6;
+        }
+
+        .input-group {
+            display: flex;
+            gap: 8px;
+            margin-bottom: 16px;
+        }
+
+        .input-group input {
+            flex: 1;
+            background: var(--bg-deep);
+            border: 1px solid var(--border-glow);
+            border-radius: 6px;
+            padding: 10px 14px;
+            font-family: var(--font-mono);
+            font-size: 13px;
+            color: var(--text-primary);
+            outline: none;
+        }
+
+        .input-group input:focus {
+            border-color: var(--cyan);
+            box-shadow: 0 0 0 2px rgba(0, 200, 255, 0.15);
+        }
+
+        .input-group input::placeholder { color: var(--text-dim); }
+
+        .btn-connect {
+            background: var(--cyan);
+            color: var(--bg-deep);
+            border: none;
+            border-radius: 6px;
+            padding: 10px 20px;
+            font-family: var(--font-mono);
+            font-size: 13px;
+            font-weight: 600;
+            cursor: pointer;
+            text-transform: uppercase;
+            letter-spacing: 0.5px;
+        }
+
+        .btn-connect:hover { filter: brightness(1.15); }
+        .btn-connect:disabled { opacity: 0.5; cursor: not-allowed; }
+
+        .connection-error {
+            color: var(--red);
+            font-size: 12px;
+            margin-top: 8px;
+            min-height: 18px;
+        }
+
+        /* World Map */
+        .map-svg { width: 100%; height: 100%; }
+
+        .continent-path {
+            fill: rgba(0, 200, 255, 0.04);
+            stroke: rgba(0, 200, 255, 0.12);
+            stroke-width: 0.5;
+        }
+
+        .grid-line {
+            stroke: rgba(0, 200, 255, 0.04);
+            stroke-width: 0.3;
+        }
+
+        .agent-node { cursor: pointer; }
+
+        .agent-node-ring {
+            fill: none;
+            stroke: var(--text-dim);
+            stroke-width: 1;
+            opacity: 0.5;
+        }
+
+        .agent-node-core {
+            fill: var(--text-dim);
+            opacity: 0.5;
+        }
+
+        .agent-node.online .agent-node-ring { stroke: var(--green); opacity: 1; }
+        .agent-node.online .agent-node-core { fill: var(--green); opacity: 1; }
+        .agent-node.sentinel .agent-node-ring { stroke: var(--purple); }
+        .agent-node.sentinel .agent-node-core { fill: var(--purple); }
+        .agent-node.commander .agent-node-ring { stroke: var(--cyan); }
+        .agent-node.commander .agent-node-core { fill: var(--cyan); }
+
+        .agent-node.quarantined .agent-node-ring { stroke: var(--red) !important; opacity: 1 !important; }
+        .agent-node.quarantined .agent-node-core { fill: var(--red) !important; opacity: 1 !important; }
+
+        .agent-node-label {
+            fill: var(--text-secondary);
+            font-family: var(--font-mono);
+            font-size: 8px;
+            text-anchor: middle;
+        }
+
+        .agent-node.online .agent-node-label { fill: var(--text-primary); }
+
+        @keyframes node-pulse {
+            0% { r: 6; opacity: 0.6; }
+            100% { r: 20; opacity: 0; }
+        }
+
+        .pulse-ring { fill: none; stroke-width: 1.5; opacity: 0; }
+        .pulse-ring.active { animation: node-pulse 1.5s ease-out; }
+
+        .signal-line {
+            fill: none;
+            stroke-width: 2;
+            stroke-dasharray: 6 4;
+            opacity: 0;
+        }
+
+        .signal-line.active {
+            opacity: 1;
+            animation: signal-travel 1.2s ease-out forwards;
+        }
+
+        @keyframes signal-travel {
+            0% { stroke-dashoffset: 100; opacity: 0.8; }
+            80% { stroke-dashoffset: 0; opacity: 0.6; }
+            100% { stroke-dashoffset: 0; opacity: 0; }
+        }
+
+        @keyframes broadcast-pulse {
+            0% { r: 5; opacity: 0.8; stroke-width: 3; }
+            100% { r: 80; opacity: 0; stroke-width: 0.5; }
+        }
+
+        .broadcast-ring { fill: none; stroke: var(--red); opacity: 0; }
+        .broadcast-ring.active { animation: broadcast-pulse 2s ease-out; }
+
+        /* Right Sidebar */
+        .sidebar-section {
+            border-bottom: 1px solid var(--border-dim);
+            overflow: hidden;
+            display: flex;
+            flex-direction: column;
+        }
+
+        .sidebar-section.alerts { flex: 1; min-height: 0; }
+        .sidebar-section.agents { flex: 1; min-height: 0; }
+        .sidebar-section.stats { flex: 0 0 auto; }
+
+        .section-header {
+            padding: 10px 16px;
+            font-size: 10px;
+            font-weight: 600;
+            text-transform: uppercase;
+            letter-spacing: 1px;
+            color: var(--text-dim);
+            border-bottom: 1px solid var(--border-dim);
+            flex-shrink: 0;
+        }
+
+        .section-body {
+            overflow-y: auto;
+            flex: 1;
+            min-height: 0;
+        }
+
+        /* Alert cards */
+        .alert-card {
+            padding: 10px 16px;
+            border-bottom: 1px solid var(--border-dim);
+            animation: card-in 0.3s ease-out;
+        }
+
+        @keyframes card-in {
+            from { opacity: 0; transform: translateX(20px); }
+            to { opacity: 1; transform: translateX(0); }
+        }
+
+        .alert-card .alert-header {
+            display: flex;
+            align-items: center;
+            gap: 8px;
+            margin-bottom: 4px;
+        }
+
+        .alert-card .alert-time { font-size: 10px; color: var(--text-dim); }
+
+        .severity-badge {
+            font-size: 9px;
+            font-weight: 600;
+            text-transform: uppercase;
+            letter-spacing: 0.5px;
+            padding: 1px 6px;
+            border-radius: 3px;
+        }
+
+        .severity-badge.critical { background: var(--red-dim); color: var(--red); }
+        .severity-badge.high { background: var(--amber-dim); color: var(--amber); }
+        .severity-badge.medium { background: var(--cyan-dim); color: var(--cyan); }
+        .severity-badge.low { background: rgba(255,255,255,0.08); color: var(--text-secondary); }
+
+        .alert-card .alert-sender { font-size: 11px; color: var(--text-secondary); }
+        .alert-card .alert-message { font-size: 11px; color: var(--text-primary); line-height: 1.5; margin-top: 2px; }
+
+        /* Agent status cards */
+        .agent-card {
+            padding: 8px 16px;
+            border-bottom: 1px solid var(--border-dim);
+            display: flex;
+            align-items: center;
+            gap: 10px;
+        }
+
+        .agent-card .agent-dot {
+            width: 8px;
+            height: 8px;
+            border-radius: 50%;
+            background: var(--text-dim);
+            flex-shrink: 0;
+        }
+
+        .agent-card .agent-dot.online { background: var(--green); box-shadow: 0 0 6px var(--green-dim); }
+        .agent-card .agent-dot.quarantined { background: var(--red); box-shadow: 0 0 6px var(--red-dim); }
+
+        .agent-card .agent-info { flex: 1; min-width: 0; }
+
+        .agent-card .agent-name {
+            font-size: 11px;
+            font-weight: 500;
+            color: var(--text-primary);
+            white-space: nowrap;
+            overflow: hidden;
+            text-overflow: ellipsis;
+        }
+
+        .agent-card .agent-region { font-size: 9px; color: var(--text-dim); }
+
+        .agent-card .role-badge {
+            font-size: 9px;
+            padding: 1px 5px;
+            border-radius: 3px;
+            text-transform: uppercase;
+            letter-spacing: 0.3px;
+            flex-shrink: 0;
+        }
+
+        .role-badge.worker { background: rgba(0,200,255,0.1); color: var(--cyan); }
+        .role-badge.sentinel { background: rgba(179,136,255,0.15); color: var(--purple); }
+        .role-badge.commander { background: rgba(255,59,92,0.1); color: var(--red); }
+
+        /* Network stats */
+        .stats-grid {
+            display: grid;
+            grid-template-columns: 1fr 1fr;
+            gap: 1px;
+            background: var(--border-dim);
+        }
+
+        .stats-cell {
+            background: var(--bg-panel-solid);
+            padding: 8px 16px;
+            text-align: center;
+        }
+
+        .stats-cell .stats-value { font-size: 18px; font-weight: 600; }
+        .stats-cell .stats-label { font-size: 9px; color: var(--text-dim); text-transform: uppercase; letter-spacing: 0.5px; }
+
+        /* Signal Log */
+        .log-header {
+            padding: 8px 20px;
+            font-size: 10px;
+            font-weight: 600;
+            text-transform: uppercase;
+            letter-spacing: 1px;
+            color: var(--text-dim);
+            border-bottom: 1px solid var(--border-dim);
+            flex-shrink: 0;
+        }
+
+        .log-body {
+            flex: 1;
+            overflow-y: auto;
+            padding: 4px 20px;
+            font-size: 12px;
+            line-height: 1.7;
+        }
+
+        .log-entry { white-space: nowrap; animation: log-in 0.2s ease-out; }
+
+        @keyframes log-in {
+            from { opacity: 0; }
+            to { opacity: 1; }
+        }
+
+        .log-time { color: var(--text-dim); }
+        .log-kind { font-weight: 500; }
+        .log-kind.heartbeat { color: var(--green); }
+        .log-kind.alert { color: var(--red); }
+        .log-kind.request { color: var(--cyan); }
+        .log-kind.response { color: var(--cyan); }
+        .log-kind.claim { color: var(--amber); }
+        .log-kind.event { color: var(--purple); }
+        .log-sender { color: var(--text-secondary); }
+        .log-detail { color: var(--text-dim); }
+
+        .empty-state {
+            padding: 20px 16px;
+            text-align: center;
+            color: var(--text-dim);
+            font-size: 11px;
+            line-height: 1.6;
+        }
+
+        ::-webkit-scrollbar { width: 4px; }
+        ::-webkit-scrollbar-track { background: transparent; }
+        ::-webkit-scrollbar-thumb { background: var(--border-glow); border-radius: 2px; }
+    </style>
+</head>
+<body>
+    <!-- Connection Overlay -->
+    <div class="connection-overlay" id="connectionOverlay">
+        <div class="connection-panel">
+            <h2>Sentinel Network</h2>
+            <p class="subtitle">
+                Enter your PubNub subscribe key to connect to a running
+                Agent Sentinel network and observe signals in real time.
+            </p>
+            <div class="input-group">
+                <input type="text" id="subscribeKeyInput" placeholder="sub-c-your-subscribe-key" spellcheck="false">
+                <button class="btn-connect" id="connectBtn" onclick="connectToPubNub()">Connect</button>
+            </div>
+            <div class="connection-error" id="connectionError"></div>
+        </div>
+    </div>
+
+    <!-- Main App -->
+    <div class="app">
+        <!-- Top Bar -->
+        <header class="topbar">
+            <div class="logo">Bedsheet <span>Sentinel Network</span></div>
+            <div class="status-indicator">
+                <div class="status-dot" id="statusDot"></div>
+                <span id="statusText">Disconnected</span>
+            </div>
+            <div class="topbar-stats">
+                <div class="stat">
+                    <span class="stat-value" id="statSignals">0</span>
+                    <span class="stat-label">Signals</span>
+                </div>
+                <div class="stat">
+                    <span class="stat-value red" id="statAlerts">0</span>
+                    <span class="stat-label">Alerts</span>
+                </div>
+                <div class="stat">
+                    <span class="stat-value amber" id="statQuarantine">0</span>
+                    <span class="stat-label">Quarantine</span>
+                </div>
+                <div class="stat">
+                    <span class="stat-value green" id="statOnline">0</span>
+                    <span class="stat-label">Online</span>
+                </div>
+            </div>
+        </header>
+
+        <!-- Map Area -->
+        <div class="map-area">
+            <svg class="map-svg" id="mapSvg" viewBox="0 0 1000 500" preserveAspectRatio="xMidYMid meet">
+                <!-- Grid -->
+                <g class="grid">
+                    <line class="grid-line" x1="0" y1="125" x2="1000" y2="125"/>
+                    <line class="grid-line" x1="0" y1="250" x2="1000" y2="250"/>
+                    <line class="grid-line" x1="0" y1="375" x2="1000" y2="375"/>
+                    <line class="grid-line" x1="250" y1="0" x2="250" y2="500"/>
+                    <line class="grid-line" x1="500" y1="0" x2="500" y2="500"/>
+                    <line class="grid-line" x1="750" y1="0" x2="750" y2="500"/>
+                </g>
+
+                <!-- Simplified World Map Continents -->
+                <g class="continents">
+                    <!-- North America -->
+                    <path class="continent-path" d="M 80,60 L 120,55 160,65 200,60 240,70 260,90 270,120 265,150 250,170 230,190 220,210 200,220 180,215 160,200 140,210 120,230 100,220 80,200 60,170 55,140 60,110 70,85 Z"/>
+                    <!-- South America -->
+                    <path class="continent-path" d="M 200,260 L 220,250 240,260 250,280 260,310 255,340 245,370 230,390 215,400 200,395 190,375 185,350 180,320 185,290 190,270 Z"/>
+                    <!-- Europe -->
+                    <path class="continent-path" d="M 440,65 L 460,60 480,65 510,70 530,80 540,95 535,110 520,120 500,125 480,120 460,115 450,105 445,90 440,75 Z"/>
+                    <!-- Africa -->
+                    <path class="continent-path" d="M 460,160 L 490,150 520,155 540,170 550,200 555,230 550,260 540,290 525,315 510,330 490,335 470,325 455,305 445,280 440,250 445,220 450,190 455,170 Z"/>
+                    <!-- Asia -->
+                    <path class="continent-path" d="M 550,55 L 590,50 640,55 690,60 740,70 780,80 810,95 830,110 840,130 835,150 820,165 790,170 760,175 730,170 700,160 670,155 640,160 620,150 600,135 580,120 560,105 550,85 Z"/>
+                    <!-- Southeast Asia / Indonesia -->
+                    <path class="continent-path" d="M 740,200 L 760,195 780,200 800,210 810,225 800,235 780,230 760,235 745,225 740,210 Z"/>
+                    <!-- Australia -->
+                    <path class="continent-path" d="M 780,300 L 820,290 860,295 880,310 885,335 870,355 845,365 815,360 790,345 780,325 778,310 Z"/>
+                    <!-- Japan -->
+                    <path class="continent-path" d="M 835,100 L 840,90 845,95 847,110 843,120 838,115 835,105 Z"/>
+                </g>
+
+                <!-- Signal lines layer -->
+                <g id="signalLines"></g>
+
+                <!-- Agent Nodes -->
+                <g id="agentNodes">
+                    <!-- web-researcher: us-east1 (Virginia) -->
+                    <g class="agent-node" id="node-web-researcher" data-agent="web-researcher" transform="translate(230, 145)">
+                        <circle class="broadcast-ring" r="5"/>
+                        <circle class="pulse-ring" r="6" stroke="var(--green)"/>
+                        <circle class="agent-node-ring" r="10"/>
+                        <circle class="agent-node-core" r="4"/>
+                        <text class="agent-node-label" y="22">web-researcher</text>
+                        <text class="agent-node-label" y="31" style="font-size:6px;fill:var(--text-dim)">us-east1</text>
+                    </g>
+
+                    <!-- scheduler: europe-west1 (Frankfurt) -->
+                    <g class="agent-node" id="node-scheduler" data-agent="scheduler" transform="translate(500, 100)">
+                        <circle class="broadcast-ring" r="5"/>
+                        <circle class="pulse-ring" r="6" stroke="var(--green)"/>
+                        <circle class="agent-node-ring" r="10"/>
+                        <circle class="agent-node-core" r="4"/>
+                        <text class="agent-node-label" y="22">scheduler</text>
+                        <text class="agent-node-label" y="31" style="font-size:6px;fill:var(--text-dim)">europe-west1</text>
+                    </g>
+
+                    <!-- skill-acquirer: asia-northeast1 (Tokyo) -->
+                    <g class="agent-node" id="node-skill-acquirer" data-agent="skill-acquirer" transform="translate(840, 115)">
+                        <circle class="broadcast-ring" r="5"/>
+                        <circle class="pulse-ring" r="6" stroke="var(--green)"/>
+                        <circle class="agent-node-ring" r="10"/>
+                        <circle class="agent-node-core" r="4"/>
+                        <text class="agent-node-label" y="22">skill-acquirer</text>
+                        <text class="agent-node-label" y="31" style="font-size:6px;fill:var(--text-dim)">asia-northeast1</text>
+                    </g>
+
+                    <!-- behavior-sentinel: us-west1 (Oregon) -->
+                    <g class="agent-node sentinel" id="node-behavior-sentinel" data-agent="behavior-sentinel" transform="translate(140, 130)">
+                        <circle class="broadcast-ring" r="5"/>
+                        <circle class="pulse-ring" r="6" stroke="var(--purple)"/>
+                        <circle class="agent-node-ring" r="10"/>
+                        <circle class="agent-node-core" r="4"/>
+                        <text class="agent-node-label" y="22">behavior-sentinel</text>
+                        <text class="agent-node-label" y="31" style="font-size:6px;fill:var(--text-dim)">us-west1</text>
+                    </g>
+
+                    <!-- supply-chain-sentinel: asia-southeast1 (Singapore) -->
+                    <g class="agent-node sentinel" id="node-supply-chain-sentinel" data-agent="supply-chain-sentinel" transform="translate(760, 220)">
+                        <circle class="broadcast-ring" r="5"/>
+                        <circle class="pulse-ring" r="6" stroke="var(--purple)"/>
+                        <circle class="agent-node-ring" r="10"/>
+                        <circle class="agent-node-core" r="4"/>
+                        <text class="agent-node-label" y="22">supply-chain-sentinel</text>
+                        <text class="agent-node-label" y="31" style="font-size:6px;fill:var(--text-dim)">asia-southeast1</text>
+                    </g>
+
+                    <!-- sentinel-commander: europe-west2 (London) -->
+                    <g class="agent-node commander" id="node-sentinel-commander" data-agent="sentinel-commander" transform="translate(455, 85)">
+                        <circle class="broadcast-ring" r="5"/>
+                        <circle class="pulse-ring" r="6" stroke="var(--cyan)"/>
+                        <circle class="agent-node-ring" r="10"/>
+                        <circle class="agent-node-core" r="4"/>
+                        <text class="agent-node-label" y="22">sentinel-commander</text>
+                        <text class="agent-node-label" y="31" style="font-size:6px;fill:var(--text-dim)">europe-west2</text>
+                    </g>
+                </g>
+            </svg>
+        </div>
+
+        <!-- Right Sidebar -->
+        <aside class="sidebar-right">
+            <div class="sidebar-section alerts">
+                <div class="section-header">Alert Feed</div>
+                <div class="section-body" id="alertFeed">
+                    <div class="empty-state">Waiting for alerts from running agents...</div>
+                </div>
+            </div>
+
+            <div class="sidebar-section agents">
+                <div class="section-header">Agent Status</div>
+                <div class="section-body" id="agentStatus"></div>
+            </div>
+
+            <div class="sidebar-section stats">
+                <div class="section-header">Network Stats</div>
+                <div class="stats-grid">
+                    <div class="stats-cell">
+                        <div class="stats-value" style="color:var(--cyan)" id="statsSignals">0</div>
+                        <div class="stats-label">Signals</div>
+                    </div>
+                    <div class="stats-cell">
+                        <div class="stats-value" style="color:var(--red)" id="statsAlerts">0</div>
+                        <div class="stats-label">Alerts</div>
+                    </div>
+                    <div class="stats-cell">
+                        <div class="stats-value" style="color:var(--amber)" id="statsQuarantine">0</div>
+                        <div class="stats-label">Quarantine</div>
+                    </div>
+                    <div class="stats-cell">
+                        <div class="stats-value" style="color:var(--green)" id="statsOnline">0</div>
+                        <div class="stats-label">Online</div>
+                    </div>
+                </div>
+            </div>
+        </aside>
+
+        <!-- Signal Log -->
+        <div class="signal-log">
+            <div class="log-header">Signal Log</div>
+            <div class="log-body" id="signalLog">
+                <div class="empty-state">Connect to PubNub to start receiving signals...</div>
+            </div>
+        </div>
+    </div>
+
+    <script>
+    // ── Agent Registry ──
+    var AGENTS = {
+        'web-researcher':         { region: 'us-east1',         role: 'worker',    x: 230, y: 145 },
+        'scheduler':              { region: 'europe-west1',     role: 'worker',    x: 500, y: 100 },
+        'skill-acquirer':         { region: 'asia-northeast1',  role: 'worker',    x: 840, y: 115 },
+        'behavior-sentinel':      { region: 'us-west1',         role: 'sentinel',  x: 140, y: 130 },
+        'supply-chain-sentinel':  { region: 'asia-southeast1',  role: 'sentinel',  x: 760, y: 220 },
+        'sentinel-commander':     { region: 'europe-west2',     role: 'commander', x: 455, y: 85  },
+    };
+
+    // Compact key map (matches bedsheet/sense/serialization.py)
+    var KEY_MAP = { k: 'kind', s: 'sender', p: 'payload', c: 'correlation_id', t: 'target', ts: 'timestamp' };
+
+    // ── State ──
+    var pubnub = null;
+    var stats = { signals: 0, alerts: 0, quarantine: 0 };
+    var onlineAgents = new Set();
+    var quarantinedAgents = new Set();
+
+    var CHANNELS = [
+        'bedsheet.agent-sentinel.alerts',
+        'bedsheet.agent-sentinel.quarantine',
+    ];
+
+    // ── Utility: safe text node creation ──
+    function createEl(tag, className, textContent) {
+        var el = document.createElement(tag);
+        if (className) el.className = className;
+        if (textContent !== undefined) el.textContent = textContent;
+        return el;
+    }
+
+    // ── Connect ──
+    function connectToPubNub() {
+        var key = document.getElementById('subscribeKeyInput').value.trim();
+        var errorEl = document.getElementById('connectionError');
+        var btn = document.getElementById('connectBtn');
+
+        if (!key.startsWith('sub-c-')) {
+            errorEl.textContent = 'Key must start with "sub-c-"';
+            return;
+        }
+
+        btn.disabled = true;
+        btn.textContent = 'Connecting...';
+        errorEl.textContent = '';
+
+        try {
+            pubnub = new PubNub({
+                subscribeKey: key,
+                userId: 'dashboard-observer',
+            });
+
+            pubnub.addListener({
+                message: handleMessage,
+                presence: handlePresence,
+                status: handleStatus,
+            });
+
+            pubnub.subscribe({
+                channels: CHANNELS,
+                withPresence: true,
+            });
+        } catch (e) {
+            errorEl.textContent = 'Failed to connect: ' + e.message;
+            btn.disabled = false;
+            btn.textContent = 'Connect';
+        }
+    }
+
+    // Allow Enter key to connect
+    document.getElementById('subscribeKeyInput').addEventListener('keydown', function(e) {
+        if (e.key === 'Enter') connectToPubNub();
+    });
+
+    // ── PubNub Handlers ──
+    function handleStatus(statusEvent) {
+        if (statusEvent.category === 'PNConnectedCategory') {
+            document.getElementById('connectionOverlay').classList.add('hidden');
+            document.getElementById('statusDot').classList.add('connected');
+            document.getElementById('statusText').textContent = 'Connected';
+            populateAgentCards();
+            fetchPresence();
+        }
+    }
+
+    function handleMessage(event) {
+        var raw = event.message;
+        var signal = decodeSignal(raw, event.channel);
+        if (!signal) return;
+
+        stats.signals++;
+        updateStats();
+        addLogEntry(signal, event.channel);
+
+        var kind = signal.kind;
+        var sender = signal.sender;
+
+        // Track as online
+        if (sender && AGENTS[sender]) {
+            setAgentOnline(sender);
+        }
+
+        if (kind === 'alert') {
+            stats.alerts++;
+            updateStats();
+            addAlertCard(signal);
+            pulseNode(sender, 'var(--red)');
+
+            // Check if quarantine
+            var payload = signal.payload || {};
+            if (payload.action === 'quarantine' && payload.agent) {
+                stats.quarantine++;
+                updateStats();
+                quarantineAgent(payload.agent);
+                animateBroadcast(sender);
+            } else {
+                animateSignalLine(sender, 'sentinel-commander', 'var(--red)');
+            }
+
+            // Mark live indicator
+            document.getElementById('statusDot').classList.add('live');
+            clearTimeout(window._liveTimeout);
+            window._liveTimeout = setTimeout(function() {
+                document.getElementById('statusDot').classList.remove('live');
+            }, 5000);
+        }
+
+        if (kind === 'heartbeat') {
+            pulseNode(sender, 'var(--green)');
+        }
+
+        if (kind === 'request' && signal.target && AGENTS[signal.target]) {
+            animateSignalLine(sender, signal.target, 'var(--cyan)');
+        }
+
+        if (kind === 'response' && signal.target && AGENTS[signal.target]) {
+            animateSignalLine(sender, signal.target, 'var(--cyan)');
+        }
+
+        if (kind === 'claim') {
+            pulseNode(sender, 'var(--amber)');
+        }
+    }
+
+    function handlePresence(event) {
+        var uuid = event.uuid;
+        if (!uuid || uuid === 'dashboard-observer') return;
+
+        var agentName = matchAgentUUID(uuid);
+        if (!agentName) return;
+
+        if (event.action === 'join') {
+            setAgentOnline(agentName);
+        } else if (event.action === 'leave' || event.action === 'timeout') {
+            setAgentOffline(agentName);
+        }
+    }
+
+    // ── Signal Decoding ──
+    function decodeSignal(raw, channel) {
+        if (!raw || typeof raw !== 'object') return null;
+
+        var decoded = {};
+        for (var short in KEY_MAP) {
+            if (raw[short] !== undefined) decoded[KEY_MAP[short]] = raw[short];
+        }
+        // Also copy any full-length keys
+        var fullKeys = Object.values(KEY_MAP);
+        for (var i = 0; i < fullKeys.length; i++) {
+            if (raw[fullKeys[i]] !== undefined && decoded[fullKeys[i]] === undefined) {
+                decoded[fullKeys[i]] = raw[fullKeys[i]];
+            }
+        }
+        decoded.source_channel = channel;
+        return decoded;
+    }
+
+    function matchAgentUUID(uuid) {
+        if (AGENTS[uuid]) return uuid;
+        var names = Object.keys(AGENTS);
+        for (var i = 0; i < names.length; i++) {
+            if (uuid.indexOf(names[i]) !== -1) return names[i];
+        }
+        return null;
+    }
+
+    // ── Presence Fetch ──
+    function fetchPresence() {
+        if (!pubnub) return;
+        pubnub.hereNow({ channels: CHANNELS, includeUUIDs: true }).then(function(result) {
+            if (result && result.channels) {
+                var channels = Object.values(result.channels);
+                for (var c = 0; c < channels.length; c++) {
+                    var ch = channels[c];
+                    if (ch.occupants) {
+                        for (var o = 0; o < ch.occupants.length; o++) {
+                            var name = matchAgentUUID(ch.occupants[o].uuid);
+                            if (name) setAgentOnline(name);
+                        }
+                    }
+                }
+            }
+        }).catch(function(e) {
+            console.warn('hereNow failed:', e);
+        });
+    }
+
+    // ── UI: Agent Status Cards (safe DOM construction) ──
+    function populateAgentCards() {
+        var container = document.getElementById('agentStatus');
+        container.textContent = ''; // clear safely
+
+        var names = Object.keys(AGENTS);
+        for (var i = 0; i < names.length; i++) {
+            var name = names[i];
+            var info = AGENTS[name];
+
+            var card = createEl('div', 'agent-card');
+            card.id = 'card-' + name;
+
+            var dot = createEl('div', 'agent-dot');
+            dot.id = 'dot-' + name;
+            card.appendChild(dot);
+
+            var infoDiv = createEl('div', 'agent-info');
+            infoDiv.appendChild(createEl('div', 'agent-name', name));
+            infoDiv.appendChild(createEl('div', 'agent-region', info.region));
+            card.appendChild(infoDiv);
+
+            card.appendChild(createEl('span', 'role-badge ' + info.role, info.role));
+            container.appendChild(card);
+        }
+    }
+
+    function setAgentOnline(name) {
+        if (!AGENTS[name]) return;
+        onlineAgents.add(name);
+        var dot = document.getElementById('dot-' + name);
+        if (dot) dot.className = 'agent-dot online';
+        var node = document.getElementById('node-' + name);
+        if (node) node.classList.add('online');
+        updateOnlineCount();
+    }
+
+    function setAgentOffline(name) {
+        onlineAgents.delete(name);
+        var dot = document.getElementById('dot-' + name);
+        if (dot) dot.className = 'agent-dot';
+        var node = document.getElementById('node-' + name);
+        if (node) node.classList.remove('online');
+        updateOnlineCount();
+    }
+
+    function quarantineAgent(name) {
+        quarantinedAgents.add(name);
+        var dot = document.getElementById('dot-' + name);
+        if (dot) dot.className = 'agent-dot quarantined';
+        var node = document.getElementById('node-' + name);
+        if (node) node.classList.add('quarantined');
+    }
+
+    function updateOnlineCount() {
+        var count = onlineAgents.size;
+        document.getElementById('statOnline').textContent = count;
+        document.getElementById('statsOnline').textContent = count;
+    }
+
+    // ── UI: Alert Feed (safe DOM construction) ──
+    function addAlertCard(signal) {
+        var container = document.getElementById('alertFeed');
+        var empty = container.querySelector('.empty-state');
+        if (empty) empty.remove();
+
+        var payload = signal.payload || {};
+        var severity = payload.severity || 'medium';
+        var time = signal.timestamp ? new Date(signal.timestamp * 1000).toLocaleTimeString() : '--:--:--';
+        var sender = signal.sender || 'unknown';
+        var message = payload.message || JSON.stringify(payload);
+
+        var card = createEl('div', 'alert-card');
+
+        var header = createEl('div', 'alert-header');
+        header.appendChild(createEl('span', 'alert-time', time));
+        header.appendChild(createEl('span', 'severity-badge ' + severity, severity));
+        card.appendChild(header);
+
+        card.appendChild(createEl('div', 'alert-sender', sender));
+        card.appendChild(createEl('div', 'alert-message', message));
+
+        container.insertBefore(card, container.firstChild);
+
+        // Cap at 50 alerts
+        while (container.children.length > 50) {
+            container.removeChild(container.lastChild);
+        }
+    }
+
+    // ── UI: Signal Log (safe DOM construction) ──
+    function addLogEntry(signal, channel) {
+        var container = document.getElementById('signalLog');
+        var empty = container.querySelector('.empty-state');
+        if (empty) empty.remove();
+
+        var time = signal.timestamp ? new Date(signal.timestamp * 1000).toLocaleTimeString() : '--:--:--';
+        var kind = signal.kind || '?';
+        var sender = signal.sender || '?';
+        var shortChannel = channel.replace('bedsheet.agent-sentinel.', '');
+        var summary = getSignalSummary(signal);
+
+        var entry = createEl('div', 'log-entry');
+        entry.appendChild(createEl('span', 'log-time', time + ' '));
+
+        var kindSpan = createEl('span', 'log-kind ' + kind, '[' + kind + '] ');
+        entry.appendChild(kindSpan);
+
+        entry.appendChild(createEl('span', 'log-sender', sender + ' '));
+        entry.appendChild(createEl('span', 'log-detail', '\u2192 ' + shortChannel + ' ' + summary));
+
+        container.insertBefore(entry, container.firstChild);
+
+        // Cap at 200 entries
+        while (container.children.length > 200) {
+            container.removeChild(container.lastChild);
+        }
+    }
+
+    function getSignalSummary(signal) {
+        var p = signal.payload;
+        if (!p) return '';
+        if (p.severity) return '(' + p.severity + ')';
+        if (p.action) return '(' + p.action + ')';
+        if (p.category) return '(' + p.category + ')';
+        return '';
+    }
+
+    // ── UI: Stats ──
+    function updateStats() {
+        document.getElementById('statSignals').textContent = stats.signals;
+        document.getElementById('statAlerts').textContent = stats.alerts;
+        document.getElementById('statQuarantine').textContent = stats.quarantine;
+        document.getElementById('statsSignals').textContent = stats.signals;
+        document.getElementById('statsAlerts').textContent = stats.alerts;
+        document.getElementById('statsQuarantine').textContent = stats.quarantine;
+    }
+
+    // ── Map Animations ──
+    function pulseNode(agentName, color) {
+        var node = document.getElementById('node-' + agentName);
+        if (!node) return;
+
+        var ring = node.querySelector('.pulse-ring');
+        if (!ring) return;
+
+        ring.setAttribute('stroke', color);
+        ring.classList.remove('active');
+        void ring.offsetWidth; // force reflow
+        ring.classList.add('active');
+
+        setTimeout(function() { ring.classList.remove('active'); }, 1600);
+    }
+
+    function animateSignalLine(fromAgent, toAgent, color) {
+        var from = AGENTS[fromAgent];
+        var to = AGENTS[toAgent];
+        if (!from || !to) return;
+
+        var svg = document.getElementById('signalLines');
+        var line = document.createElementNS('http://www.w3.org/2000/svg', 'line');
+        line.setAttribute('x1', from.x);
+        line.setAttribute('y1', from.y);
+        line.setAttribute('x2', to.x);
+        line.setAttribute('y2', to.y);
+        line.setAttribute('stroke', color);
+        line.classList.add('signal-line', 'active');
+
+        svg.appendChild(line);
+        setTimeout(function() { line.remove(); }, 1300);
+    }
+
+    function animateBroadcast(fromAgent) {
+        var node = document.getElementById('node-' + fromAgent);
+        if (!node) return;
+
+        var ring = node.querySelector('.broadcast-ring');
+        if (!ring) return;
+
+        ring.classList.remove('active');
+        void ring.offsetWidth;
+        ring.classList.add('active');
+
+        setTimeout(function() { ring.classList.remove('active'); }, 2100);
+    }
+    </script>
+</body>
+</html>
diff --git a/docs/agent-sentinel-setup.html b/docs/agent-sentinel-setup.html
new file mode 100644
index 0000000..0b94aa0
--- /dev/null
+++ b/docs/agent-sentinel-setup.html
@@ -0,0 +1,687 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Bedsheet Agents - Agent Sentinel Setup Guide</title>
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/github.min.css">
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/python.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/languages/bash.min.js"></script>
+    <style>
+        :root {
+            --bg-primary: #ffffff;
+            --bg-secondary: #f6f8fa;
+            --bg-tertiary: #eef1f4;
+            --text-primary: #1f2328;
+            --text-secondary: #57606a;
+            --text-muted: #6e7781;
+            --accent-blue: #0969da;
+            --accent-green: #1a7f37;
+            --accent-purple: #8250df;
+            --accent-orange: #bf8700;
+            --accent-red: #cf222e;
+            --border-color: #d0d7de;
+            --code-bg: #f6f8fa;
+            --sidebar-width: 260px;
+        }
+
+        * {
+            margin: 0;
+            padding: 0;
+            box-sizing: border-box;
+        }
+
+        html {
+            scroll-behavior: smooth;
+        }
+
+        body {
+            font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+            background: var(--bg-primary);
+            color: var(--text-primary);
+            line-height: 1.7;
+            font-size: 16px;
+        }
+
+        /* Sidebar Navigation */
+        .sidebar {
+            position: fixed;
+            top: 0;
+            left: 0;
+            width: var(--sidebar-width);
+            height: 100vh;
+            background: var(--bg-secondary);
+            border-right: 1px solid var(--border-color);
+            overflow-y: auto;
+            padding: 24px 0;
+            z-index: 100;
+            display: flex;
+            flex-direction: column;
+        }
+
+        .sidebar-header {
+            padding: 0 20px 20px;
+            border-bottom: 1px solid var(--border-color);
+            margin-bottom: 16px;
+        }
+
+        .sidebar-header h1 {
+            font-size: 18px;
+            font-weight: 700;
+            color: var(--text-primary);
+            margin-bottom: 4px;
+        }
+
+        .sidebar-header .subtitle {
+            font-size: 12px;
+            color: var(--text-secondary);
+        }
+
+        .nav-section {
+            padding: 8px 20px;
+        }
+
+        .nav-section-title {
+            font-size: 11px;
+            font-weight: 600;
+            text-transform: uppercase;
+            letter-spacing: 0.5px;
+            color: var(--text-muted);
+            margin-bottom: 8px;
+        }
+
+        .nav-link {
+            display: flex;
+            align-items: center;
+            padding: 6px 0;
+            color: var(--text-secondary);
+            text-decoration: none;
+            font-size: 14px;
+            transition: color 0.15s;
+        }
+
+        .nav-link:hover {
+            color: var(--accent-blue);
+        }
+
+        .nav-link .step {
+            display: inline-flex;
+            align-items: center;
+            justify-content: center;
+            width: 20px;
+            height: 20px;
+            background: var(--border-color);
+            border-radius: 50%;
+            font-size: 11px;
+            font-weight: 600;
+            margin-right: 8px;
+            flex-shrink: 0;
+        }
+
+        .nav-link:hover .step {
+            background: var(--accent-blue);
+            color: white;
+        }
+
+        /* Main Content */
+        .main-content {
+            margin-left: var(--sidebar-width);
+            max-width: 1000px;
+            padding: 48px 64px;
+        }
+
+        .hero {
+            margin-bottom: 48px;
+            padding-bottom: 32px;
+            border-bottom: 1px solid var(--border-color);
+        }
+
+        .hero h1 {
+            font-size: 36px;
+            font-weight: 700;
+            margin-bottom: 12px;
+        }
+
+        .hero .description {
+            font-size: 18px;
+            color: var(--text-secondary);
+            line-height: 1.6;
+        }
+
+        section {
+            margin-bottom: 48px;
+        }
+
+        h2 {
+            font-size: 24px;
+            font-weight: 700;
+            margin-bottom: 16px;
+            padding-top: 16px;
+        }
+
+        h3 {
+            font-size: 18px;
+            font-weight: 600;
+            margin-bottom: 12px;
+            margin-top: 24px;
+        }
+
+        p {
+            margin-bottom: 16px;
+        }
+
+        a {
+            color: var(--accent-blue);
+            text-decoration: none;
+        }
+
+        a:hover {
+            text-decoration: underline;
+        }
+
+        ul, ol {
+            margin-bottom: 16px;
+            padding-left: 24px;
+        }
+
+        li {
+            margin-bottom: 8px;
+        }
+
+        code {
+            font-family: 'JetBrains Mono', monospace;
+            font-size: 14px;
+            background: var(--code-bg);
+            padding: 2px 6px;
+            border-radius: 4px;
+            border: 1px solid var(--border-color);
+        }
+
+        pre {
+            background: var(--code-bg);
+            border: 1px solid var(--border-color);
+            border-radius: 8px;
+            padding: 16px 20px;
+            overflow-x: auto;
+            margin-bottom: 16px;
+        }
+
+        pre code {
+            background: none;
+            border: none;
+            padding: 0;
+            font-size: 14px;
+            line-height: 1.6;
+        }
+
+        .callout {
+            border-left: 4px solid var(--accent-blue);
+            background: #f0f7ff;
+            padding: 16px 20px;
+            border-radius: 0 8px 8px 0;
+            margin-bottom: 16px;
+        }
+
+        .callout.warning {
+            border-left-color: var(--accent-orange);
+            background: #fff8e6;
+        }
+
+        .callout.success {
+            border-left-color: var(--accent-green);
+            background: #f0fff4;
+        }
+
+        .callout.danger {
+            border-left-color: var(--accent-red);
+            background: #fff5f5;
+        }
+
+        .callout strong {
+            display: block;
+            margin-bottom: 4px;
+        }
+
+        table {
+            width: 100%;
+            border-collapse: collapse;
+            margin-bottom: 16px;
+        }
+
+        th, td {
+            text-align: left;
+            padding: 10px 14px;
+            border: 1px solid var(--border-color);
+        }
+
+        th {
+            background: var(--bg-secondary);
+            font-weight: 600;
+            font-size: 14px;
+        }
+
+        td {
+            font-size: 14px;
+        }
+
+        .badge {
+            display: inline-block;
+            padding: 2px 8px;
+            border-radius: 12px;
+            font-size: 12px;
+            font-weight: 600;
+        }
+
+        .badge-blue { background: #ddf4ff; color: #0969da; }
+        .badge-green { background: #dafbe1; color: #1a7f37; }
+        .badge-purple { background: #eddeff; color: #8250df; }
+        .badge-red { background: #ffebe9; color: #cf222e; }
+        .badge-orange { background: #fff1cc; color: #bf8700; }
+
+        .terminal {
+            background: #1e1e2e;
+            color: #cdd6f4;
+            border-radius: 8px;
+            padding: 16px 20px;
+            font-family: 'JetBrains Mono', monospace;
+            font-size: 13px;
+            line-height: 1.6;
+            overflow-x: auto;
+            margin-bottom: 16px;
+        }
+
+        .terminal .prompt { color: #a6e3a1; }
+        .terminal .comment { color: #6c7086; }
+        .terminal .output { color: #89b4fa; }
+        .terminal .error { color: #f38ba8; }
+        .terminal .warn { color: #f9e2af; }
+
+        .architecture-box {
+            background: var(--bg-secondary);
+            border: 1px solid var(--border-color);
+            border-radius: 8px;
+            padding: 20px;
+            margin-bottom: 16px;
+            font-family: 'JetBrains Mono', monospace;
+            font-size: 13px;
+            line-height: 1.5;
+            white-space: pre;
+            overflow-x: auto;
+        }
+    </style>
+</head>
+<body>
+    <nav class="sidebar">
+        <div class="sidebar-header">
+            <h1>Agent Sentinel</h1>
+            <div class="subtitle">Setup Guide</div>
+        </div>
+
+        <div class="nav-section">
+            <div class="nav-section-title">Getting Started</div>
+            <a href="#overview" class="nav-link"><span class="step">1</span> Overview</a>
+            <a href="#prerequisites" class="nav-link"><span class="step">2</span> Prerequisites</a>
+            <a href="#pubnub-keys" class="nav-link"><span class="step">3</span> Get PubNub Keys</a>
+        </div>
+
+        <div class="nav-section">
+            <div class="nav-section-title">Installation</div>
+            <a href="#install" class="nav-link"><span class="step">4</span> Install Dependencies</a>
+            <a href="#env-vars" class="nav-link"><span class="step">5</span> Environment Variables</a>
+            <a href="#validate" class="nav-link"><span class="step">6</span> Validate Config</a>
+        </div>
+
+        <div class="nav-section">
+            <div class="nav-section-title">Running</div>
+            <a href="#run" class="nav-link"><span class="step">7</span> Run the Demo</a>
+            <a href="#watch-for" class="nav-link"><span class="step">8</span> What to Watch For</a>
+            <a href="#understanding" class="nav-link"><span class="step">9</span> Understanding Output</a>
+        </div>
+
+        <div class="nav-section">
+            <div class="nav-section-title">Dashboard</div>
+            <a href="#dashboard" class="nav-link"><span class="step">10</span> Live Dashboard</a>
+            <a href="#next-steps" class="nav-link"><span class="step">11</span> Next Steps</a>
+        </div>
+
+        <div class="nav-section">
+            <div class="nav-section-title">Other Docs</div>
+            <a href="user-guide.html" class="nav-link">User Guide</a>
+            <a href="multi-agent-guide.html" class="nav-link">Multi-Agent Guide</a>
+            <a href="agent-sentinel-dashboard.html" class="nav-link">Live Dashboard</a>
+        </div>
+    </nav>
+
+    <main class="main-content">
+        <div class="hero">
+            <h1>Agent Sentinel Setup Guide</h1>
+            <p class="description">
+                Set up and run the Agent Sentinel demo &mdash; a distributed security monitoring system where
+                AI agents watch each other for rogue behavior, compromised supply chains, and coordinated threats.
+            </p>
+        </div>
+
+        <!-- Section 1: Overview -->
+        <section id="overview">
+            <h2>1. Overview</h2>
+            <p>
+                Agent Sentinel is a multi-agent demo that showcases Bedsheet's
+                <strong>Sixth Sense</strong> distributed communication module. Six agents run as
+                separate processes, communicating over PubNub in real time:
+            </p>
+
+            <table>
+                <thead>
+                    <tr><th>Agent</th><th>Role</th><th>What It Does</th></tr>
+                </thead>
+                <tbody>
+                    <tr>
+                        <td><code>web-researcher</code></td>
+                        <td><span class="badge badge-blue">Worker</span></td>
+                        <td>Performs DuckDuckGo searches every 15s. Occasionally goes rogue with burst searches.</td>
+                    </tr>
+                    <tr>
+                        <td><code>scheduler</code></td>
+                        <td><span class="badge badge-blue">Worker</span></td>
+                        <td>Manages a JSON calendar every 20s. May go rogue and sabotage appointments.</td>
+                    </tr>
+                    <tr>
+                        <td><code>skill-acquirer</code></td>
+                        <td><span class="badge badge-blue">Worker</span></td>
+                        <td>Installs Python skills with SHA-256 verification every 25s. May install malicious skills.</td>
+                    </tr>
+                    <tr>
+                        <td><code>behavior-sentinel</code></td>
+                        <td><span class="badge badge-purple">Sentinel</span></td>
+                        <td>Monitors activity logs for output rate anomalies (&gt;10 actions/min).</td>
+                    </tr>
+                    <tr>
+                        <td><code>supply-chain-sentinel</code></td>
+                        <td><span class="badge badge-purple">Sentinel</span></td>
+                        <td>Scans installed skills against a known-good registry for integrity violations.</td>
+                    </tr>
+                    <tr>
+                        <td><code>sentinel-commander</code></td>
+                        <td><span class="badge badge-red">Commander</span></td>
+                        <td>Correlates alerts from sentinels and issues quarantine orders.</td>
+                    </tr>
+                </tbody>
+            </table>
+
+            <p>
+                Each worker has a ~15% chance per cycle to exhibit <strong>rogue behavior</strong>.
+                Sentinels detect anomalies and broadcast alerts. The commander investigates and quarantines compromised agents.
+            </p>
+
+            <div class="callout">
+                <strong>Related Resources</strong>
+                <a href="agent-sentinel-dashboard.html">Live Dashboard</a> &mdash; Real-time PubNub signal visualization<br>
+                <code>examples/agent-sentinel/docs/design.html</code> &mdash; Architecture and design documentation
+            </div>
+        </section>
+
+        <!-- Section 2: Prerequisites -->
+        <section id="prerequisites">
+            <h2>2. Prerequisites</h2>
+            <ul>
+                <li><strong>Python 3.11+</strong></li>
+                <li><strong>uv</strong> &mdash; fast Python package manager (<code>curl -LsSf https://astral.sh/uv/install.sh | sh</code>)</li>
+                <li><strong>PubNub account</strong> &mdash; free tier works (see next section)</li>
+                <li><strong>Anthropic API key</strong> &mdash; for Claude model access</li>
+            </ul>
+        </section>
+
+        <!-- Section 3: Get PubNub Keys -->
+        <section id="pubnub-keys">
+            <h2>3. Get PubNub Keys</h2>
+            <p>
+                Agent Sentinel uses PubNub for real-time inter-agent communication. You need a
+                subscribe key and a publish key.
+            </p>
+
+            <ol>
+                <li>Go to <strong>pubnub.com</strong> and create a free account</li>
+                <li>In the PubNub Admin Dashboard, click <strong>"Create New App"</strong></li>
+                <li>Name it something like <code>bedsheet-sentinel</code></li>
+                <li>Click into the app, then click into the default <strong>keyset</strong></li>
+                <li>Copy the <strong>Subscribe Key</strong> (starts with <code>sub-c-</code>)</li>
+                <li>Copy the <strong>Publish Key</strong> (starts with <code>pub-c-</code>)</li>
+            </ol>
+
+            <div class="callout warning">
+                <strong>Enable Presence</strong>
+                In your PubNub keyset settings, make sure <strong>Presence</strong> is enabled.
+                The dashboard uses presence to track which agents are online.
+            </div>
+        </section>
+
+        <!-- Section 4: Install Dependencies -->
+        <section id="install">
+            <h2>4. Install Dependencies</h2>
+            <p>From the project root:</p>
+
+            <pre><code class="language-bash"># Create and activate a virtual environment
+uv venv && source .venv/bin/activate
+
+# Install bedsheet with Sixth Sense support + demo dependencies
+uv pip install bedsheet[sense] duckduckgo-search</code></pre>
+
+            <p>
+                The <code>[sense]</code> extra installs the PubNub SDK and Sixth Sense module.
+                <code>duckduckgo-search</code> is needed by the web-researcher agent.
+            </p>
+        </section>
+
+        <!-- Section 5: Environment Variables -->
+        <section id="env-vars">
+            <h2>5. Set Environment Variables</h2>
+            <p>Export all three required keys in your terminal:</p>
+
+            <pre><code class="language-bash">export PUBNUB_SUBSCRIBE_KEY="sub-c-your-subscribe-key"
+export PUBNUB_PUBLISH_KEY="pub-c-your-publish-key"
+export ANTHROPIC_API_KEY="sk-ant-your-anthropic-key"</code></pre>
+
+            <div class="callout">
+                <strong>Tip</strong>
+                Add these to a <code>.env</code> file in the <code>examples/agent-sentinel/</code>
+                directory for convenience. The demo reads from the environment directly, so use
+                <code>source .env</code> or a tool like <code>direnv</code>.
+            </div>
+        </section>
+
+        <!-- Section 6: Validate Configuration -->
+        <section id="validate">
+            <h2>6. Validate Configuration</h2>
+            <p>Navigate to the demo directory and validate the agent configuration:</p>
+
+            <pre><code class="language-bash">cd examples/agent-sentinel
+bedsheet validate</code></pre>
+
+            <p>Expected output:</p>
+
+            <div class="terminal">
+<span class="prompt">$</span> bedsheet validate
+<span class="output">Validating bedsheet.yaml...</span>
+<span class="output">Found 6 agents:</span>
+<span class="output">  - web-researcher (agents.web_researcher.WebResearcher)</span>
+<span class="output">  - scheduler (agents.scheduler.Scheduler)</span>
+<span class="output">  - skill-acquirer (agents.skill_acquirer.SkillAcquirer)</span>
+<span class="output">  - behavior-sentinel (agents.behavior_sentinel.BehaviorSentinel)</span>
+<span class="output">  - supply-chain-sentinel (agents.supply_chain_sentinel.SupplyChainSentinel)</span>
+<span class="output">  - sentinel-commander (agents.sentinel_commander.SentinelCommander)</span>
+<span class="output">Configuration valid.</span>
+            </div>
+        </section>
+
+        <!-- Section 7: Run the Demo -->
+        <section id="run">
+            <h2>7. Run the Demo</h2>
+            <p>From the <code>examples/agent-sentinel/</code> directory:</p>
+
+            <pre><code class="language-bash">python run.py</code></pre>
+
+            <p>
+                The launcher starts all 6 agents as separate subprocesses with staggered 2-second delays.
+                Workers start first, followed by sentinels, then the commander.
+            </p>
+
+            <div class="terminal">
+<span class="prompt">$</span> python run.py
+<span class="output">Agent Sentinel - Multi-Agent Security Demo</span>
+<span class="output">==========================================</span>
+<span class="output">Starting web-researcher...</span>
+<span class="output">Starting scheduler...</span>
+<span class="output">Starting skill-acquirer...</span>
+<span class="output">Starting behavior-sentinel...</span>
+<span class="output">Starting supply-chain-sentinel...</span>
+<span class="output">Starting sentinel-commander...</span>
+<span class="output">All 6 agents running. Press Ctrl+C to stop.</span>
+            </div>
+
+            <div class="callout warning">
+                <strong>API Costs</strong>
+                Each agent cycle makes Claude API calls. The demo is designed for short demonstration runs
+                (5&ndash;10 minutes). Stop with <strong>Ctrl+C</strong> when you've seen the sentinel
+                detection and quarantine flow.
+            </div>
+        </section>
+
+        <!-- Section 8: What to Watch For -->
+        <section id="watch-for">
+            <h2>8. What to Watch For</h2>
+            <p>
+                As the demo runs, watch for these key events in the terminal output:
+            </p>
+
+            <h3>Normal Operations</h3>
+            <p>
+                Workers perform their tasks on regular cycles. You'll see search queries, calendar
+                operations, and skill installations with hash verifications.
+            </p>
+
+            <h3>Rogue Triggers (~15% per cycle)</h3>
+            <p>
+                When a worker goes rogue, its output changes dramatically:
+            </p>
+            <ul>
+                <li><strong>web-researcher</strong>: Fires 50 rapid searches in quick succession</li>
+                <li><strong>scheduler</strong>: Wipes the calendar and adds 20 junk entries</li>
+                <li><strong>skill-acquirer</strong>: Installs <code>data_exfiltrator.py</code> bypassing the safety check</li>
+            </ul>
+
+            <h3>Sentinel Alerts</h3>
+            <p>
+                Sentinels detect anomalies and broadcast alert signals:
+            </p>
+            <ul>
+                <li><strong>behavior-sentinel</strong>: Flags agents exceeding 10 actions/minute</li>
+                <li><strong>supply-chain-sentinel</strong>: Detects known-malicious or tampered skills</li>
+            </ul>
+
+            <h3>Commander Response</h3>
+            <p>
+                The sentinel-commander receives alerts, queries sentinels for evidence, and issues
+                quarantine orders broadcast on the <code>quarantine</code> channel.
+            </p>
+        </section>
+
+        <!-- Section 9: Understanding the Output -->
+        <section id="understanding">
+            <h2>9. Understanding the Output</h2>
+            <p>Here's an annotated example of what a rogue detection cycle looks like:</p>
+
+            <div class="terminal">
+<span class="comment"># Worker performs normal search</span>
+<span class="output">[web-researcher] Searching: "latest Python 3.12 features"</span>
+
+<span class="comment"># Rogue trigger fires! (15% chance)</span>
+<span class="error">[web-researcher] [ROGUE] Initiating burst search...</span>
+<span class="error">[web-researcher] [ROGUE] Search 1/50: "random query 7f3a"</span>
+<span class="error">[web-researcher] [ROGUE] Search 2/50: "random query 2b1c"</span>
+<span class="comment">... (48 more rapid searches)</span>
+
+<span class="comment"># Behavior sentinel detects the spike</span>
+<span class="warn">[behavior-sentinel] ANOMALY: web-researcher rate 25.0/min (threshold: 10)</span>
+<span class="warn">[behavior-sentinel] Broadcasting alert on 'alerts' channel</span>
+
+<span class="comment"># Commander receives the alert and investigates</span>
+<span class="output">[sentinel-commander] Alert received from behavior-sentinel</span>
+<span class="output">[sentinel-commander] Requesting evidence from behavior-sentinel...</span>
+<span class="output">[sentinel-commander] Evidence confirmed. Issuing quarantine.</span>
+
+<span class="comment"># Quarantine broadcast</span>
+<span class="error">[sentinel-commander] QUARANTINE: web-researcher</span>
+<span class="error">[sentinel-commander] Reason: Output rate anomaly (25/min > 10/min)</span>
+            </div>
+
+            <h3>Supply Chain Detection</h3>
+
+            <div class="terminal">
+<span class="comment"># Skill acquirer goes rogue</span>
+<span class="error">[skill-acquirer] [ROGUE] Installing data_exfiltrator.py (bypassing safety)</span>
+
+<span class="comment"># Supply chain sentinel scans and detects</span>
+<span class="warn">[supply-chain-sentinel] ALERT: known_malicious skill detected</span>
+<span class="warn">[supply-chain-sentinel]   File: data_exfiltrator.py</span>
+<span class="warn">[supply-chain-sentinel]   Hash: d18b5ae5...df797a1bc</span>
+<span class="warn">[supply-chain-sentinel] Broadcasting critical alert</span>
+            </div>
+        </section>
+
+        <!-- Section 10: Live Dashboard -->
+        <section id="dashboard">
+            <h2>10. Open the Live Dashboard</h2>
+            <p>
+                While the demo is running, open the live dashboard to visualize signals in real time:
+            </p>
+
+            <ol>
+                <li>Open <code>docs/agent-sentinel-dashboard.html</code> in your browser</li>
+                <li>Enter your <strong>PubNub Subscribe Key</strong> in the connection panel</li>
+                <li>Click <strong>Connect</strong></li>
+            </ol>
+
+            <p>The dashboard connects to the same PubNub channels as the agents and shows:</p>
+            <ul>
+                <li><strong>World map</strong> with agent nodes at simulated cloud regions</li>
+                <li><strong>Alert feed</strong> with real-time alerts as they arrive</li>
+                <li><strong>Agent status</strong> cards showing online/offline presence</li>
+                <li><strong>Signal log</strong> showing all raw signals at the bottom</li>
+                <li><strong>Animated signal lines</strong> between agents when they communicate</li>
+            </ul>
+
+            <div class="callout success">
+                <strong>No Simulation</strong>
+                Every signal on the dashboard comes from the actual running agents.
+                The dashboard is a pure PubNub subscriber &mdash; it doesn't generate any fake data.
+            </div>
+        </section>
+
+        <!-- Section 11: Next Steps -->
+        <section id="next-steps">
+            <h2>11. Next Steps</h2>
+            <ul>
+                <li><a href="agent-sentinel-dashboard.html">Live Dashboard</a> &mdash; Open the real-time signal visualization</li>
+                <li><code>examples/agent-sentinel/docs/design.html</code> &mdash; Deep dive into the architecture and agent design</li>
+                <li><a href="multi-agent-guide.html">Multi-Agent Guide</a> &mdash; Learn about Bedsheet's supervisor patterns</li>
+                <li><a href="user-guide.html">User Guide</a> &mdash; Start building your own agents from scratch</li>
+            </ul>
+
+            <h3>Customization Ideas</h3>
+            <ul>
+                <li>Adjust rogue probability in worker agents (currently 15%)</li>
+                <li>Add new sentinel types (e.g., network anomaly detection)</li>
+                <li>Change the behavior-sentinel threshold from 10 actions/min</li>
+                <li>Add more skills to the <code>clawhub/registry.json</code></li>
+                <li>Create new worker agents with different capabilities</li>
+            </ul>
+        </section>
+    </main>
+
+    <script>hljs.highlightAll();</script>
+</body>
+</html>