Sentinel is an open-source CLI tool for Webpack Module Federation. It catches singleton dependency conflicts in CI/CD pipelines — before they silently break production.
$ npx mfe-sentinel init
The Problem
Micro-Frontend teams ship independently — and that independence breeds invisible dependency conflicts that only explode at runtime.
Host loads React 17. Remote expects React 18. Both are marked singleton: true. The app silently breaks — no build error, no type error.
Team A upgrades a shared library. Teams B, C, D find out when their micro-frontends start throwing runtime errors in staging — or production.
Standard linters and type checkers don't understand Module Federation contracts. Broken deployments pass CI and reach end users.
When a remote MFE breaks the host, engineers must manually redeploy — a process that takes hours and impacts SLAs in Enterprise environments.
How It Works
Install with npx mfe-sentinel — scan, check, and init are available now. Observability and Governance layers are on the roadmap.
CLI parses module-federation.config.js and package.json and generates a typed SentinelManifest — a JSON snapshot of your MFE contract.
SemVer-aware engine compares two manifests. Major singleton conflict → exit code 1, blocking the pipeline. Minor mismatches are logged as warnings.
A lightweight browser agent will intercept runtime federation errors and stream anonymised telemetry to the Sentinel backend via sendBeacon().
Dynamic Manifest Resolution via CDN edge — Sentinel will swap the remoteEntry.js pointer to the last stable build hash without a host rebuild.
Features
Green tags are available today in the open-source CLI. Yellow and purple tags mark the roadmap.
Strict Major / Minor / Patch comparison of singleton shared dependencies. Detects breaking changes before deployment.
Parses real module-federation.config.js files to produce structured, typed JSON manifests. Supports object and array shared formats.
Drop-in step for GitHub Actions, GitLab CI, or any pipeline. Returns exit code 1 on critical conflicts to block broken deployments automatically.
A <5 KB runtime script to capture ScriptExternalLoadError, measure remote chunk load times, and batch telemetry via sendBeacon().
Force-directed graph (React Flow / D3) to visualise the full MFE cluster. Planned colour coding: red nodes = conflicts, yellow = outdated minor versions.
Extending the manifest parser to cover Vite Module Federation and Single-SPA configurations, not just Webpack.
Dynamic Manifest Resolution via CDN — Sentinel will swap the remoteEntry.js pointer in milliseconds without requiring a host rebuild or new deployment.
Transitive dependency conflicts resolved via shortest-path graph queries across the full MFE cluster. Designed to scale to thousands of deployments per day.
LLM-driven semantic diffing of AST trees to predict runtime collisions that standard SemVer checks cannot detect.
Architecture
The current MVP runs entirely as a local CLI. The backend and governance layer are designed and specced — development starts in Phase 2.
┌──────────────── CI/CD Pipeline (v0.1 — available now) ──────────────────── │ │ MFE "checkout" build │ │ │ ▼ │ mfe-sentinel scan ──► manifest.sentinel.json (local file) │ │ │ ▼ │ mfe-sentinel check ──► PASS (deploy) │ WARN (log) │ FAIL → exit 1 │ ▲ │ │ reads local remote-manifest.json └────────────────────┼────────────────────────────────────────────────────── │ ┌────────────────────┴────────────────────────────────────────────────────── │ Sentinel Backend ◌ Designed · Development starts Phase 2 │ │ API Gateway ◄── sentinel check (cloud mode, future) │ │ │ ├──► Kafka / SQS async CI validation queue │ ├──► Neo4j Graph DB MFE dependency graph, shortest-path checks │ └──► ClickHouse runtime telemetry, time-series ingestion │ │ Dashboard ◄──── React Flow / D3 visualisation of MFE cluster │ CDN Edge ◄──── Dynamic Manifest Resolution + one-click rollback └───────────────────────────────────────────────────────────────────────────
Full schema — Graph DB node/edge model, validation algorithm, and scalability design — documented in the Technical Specification →
Pricing
The CLI is free and open source forever. Cloud and Enterprise tiers are in development — join the waitlist to get early access and shape the roadmap.
The CLI is on npm. Run npx mfe-sentinel init in your project — then tell us what you need next.