The Physical Sentinel: Designing an Isolated Approval Terminal for Hostile CI/CD Environments

Hardware-Rooted Intent Verification as a Trust Boundary Introduction: Why CI/CD Approval Must Leave the Laptop Modern CI/CD approval flows run on developer laptops. This is a structural error. Developer machines are: complex extensible convenience-optimized compromise-prone Any system that relies on the same machine to both: display what is being approved and cryptographically authorize it …has already collapsed its trust boundary. This article explores the design principles behind a Physically Isolated Approval Terminal — the Physical Sentinel — and explains why hardware-rooted approval is a necessary primitive in hostile CI/CD environments. The Shared Trust Domain Problem Most modern approval flows operate inside a single trust domain. That same machine handles: request creation UI display cryptographic signing metadata transmission That seems convenient. It is also dangerous. Because once malware controls this domain, it may be able to manipulate: what the human sees what the hardwa