Skip to content

Hard Limits

These are deliberate non-goals. They define what Sagittarius is not, and why.

No Active Response

Sagittarius is a sensing, analysis, reporting, and alerting platform. It does not take autonomous remediation actions. It may surface STIG-based recommendations, but it does not execute them. The analyst decides what to do with findings.

This is intentional. Active response in a threat hunting tool creates blast radius problems — especially on a distributed platform with sensors across multiple network segments. That capability belongs in a separate, explicitly-scoped tool.

Not Forensically Sound

The system does not maintain a cryptographically-signed global evidence ledger. Logs are not immutable. Artifacts captured during a hunt cannot be used as court-admissible evidence without additional chain-of-custody controls.

This may change in a future phase, but it is not the current design goal. Sagittarius is an analyst's tool, not an evidence preservation system.

No Identity and Access Management at Scale

There is no multi-user credential management, no RBAC, no audit trail tied to user identity across nodes. Single-analyst or small-team operation is the current design target.

No Resilience in Disconnected/Degraded Environments (DIL)

The current design assumes a stable management backplane. It does not address:

  • Bandwidth prioritization — how Edge nodes behave on unstable or low-bandwidth links (e.g., prioritizing high-fidelity alerts over raw PCAP when the link is saturated).
  • State reconciliation — how the Core handles gaps in telemetry when an Edge node goes offline and reconnects with backlogged data.

These are real operational concerns for certain deployment contexts. They are tracked for future phases, not the current design.

Why document this

Hard limits are as important as capabilities. A tool that tries to solve every problem solves none of them well. These boundaries exist to keep the architecture focused and the codebase maintainable as the project scales.

If a use case falls outside these limits, it belongs in a different tool — or a future phase with a clearly scoped design decision behind it.