PHPackages queopius/sentinel - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. queopius/sentinel ActiveLibrary[Security](/categories/security) queopius/sentinel ================= Queopius Sentinel — HTTP Security & HTTPS Hardening for Laravel v2.1.0(3w ago)01[6 PRs](https://github.com/Queopius/sentinel/pulls)MITPHPPHP ^8.2CI passing Since Feb 22Pushed 1w agoCompare [ Source](https://github.com/Queopius/sentinel)[ Packagist](https://packagist.org/packages/queopius/sentinel)[ Docs](https://github.com/queopius/sentinel)[ Fund](https://github.com/queopius/sentinel)[ RSS](/packages/queopius-sentinel/feed)WikiDiscussions main Synced 1w ago READMEChangelog (2)Dependencies (9)Versions (12)Used By (0) Queopius Sentinel — HTTP Security & HTTPS Hardening for Laravel =================================================================== [](#queopius-sentinel--http-security--https-hardening-for-laravel) [![Queopius Sentinel logo](https://raw.githubusercontent.com/queopius/sentinel/main/.github/assets/logo-queopius-sentinel.png)](https://raw.githubusercontent.com/queopius/sentinel/main/.github/assets/logo-queopius-sentinel.png) [![CI](https://camo.githubusercontent.com/1674a81bfdf74788ed4cd7f245cd140abe2a5bec1705bd223a7b9626f97e7216/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f7175656f706975732f73656e74696e656c2f63692e796d6c3f6272616e63683d6d61696e266c6162656c3d6369)](https://github.com/queopius/sentinel/actions/workflows/ci.yml) [![Docs Build](https://camo.githubusercontent.com/bb923c9d2af999c100e3222c24d2bf84fbd8b07ae9006415f2e22516b50a9d75/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f7175656f706975732f73656e74696e656c2f646f63732e796d6c3f6272616e63683d6d61696e266c6162656c3d646f6373)](https://github.com/queopius/sentinel/actions/workflows/docs.yml) [![Latest Version](https://camo.githubusercontent.com/9ab393f6e48ed3788d9793873e9b1e4b34084755abf09b1edc2ecb58cd4521d3/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f7175656f706975732f73656e74696e656c)](https://packagist.org/packages/queopius/sentinel) [![Total Downloads](https://camo.githubusercontent.com/070bd6dd608461bb698a1bd95222fc77318855c045d7d6ee839bab9be3bbbd6e/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f7175656f706975732f73656e74696e656c)](https://packagist.org/packages/queopius/sentinel) [![License](https://camo.githubusercontent.com/f8df3091bbe1149f398a5369b2c39e896766f9f6efba3477c63e9b4aa940ef14/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d677265656e)](LICENSE) [![Docs License](https://camo.githubusercontent.com/e1f407f7179e5de41135fd52d5242afebecae490f984de85a455d4abcc81d650/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f646f63732532306c6963656e73652d43432532304259253230342e302d6c6967687467726579)](https://creativecommons.org/licenses/by/4.0/) Queopius Sentinel is a production-ready Laravel package for HTTP security hardening with great DX: - Security headers (HSTS, CSP, Referrer-Policy, and more) - HTTPS enforcement middleware - Optional dashboard UI for audit/inspection - Dashboard metrics with CSP-safe native charts and hardening plan - Optional CSP reports endpoint + storage - Security audit, endpoint scan, and report pruning commands - Publishable views for full UI customization Why Queopius Sentinel --------------------- [](#why-queopius-sentinel) - Safe-by-default with preset support - Progressive rollout path (CSP report-only first) - Works as reusable package and monorepo local package - Built for Laravel 11, 12, and 13 Versioning and Laravel compatibility ------------------------------------ [](#versioning-and-laravel-compatibility) Queopius Sentinel follows **SemVer** for package versions. - `MAJOR`: breaking changes - `MINOR`: new features, backward compatible - `PATCH`: fixes and internal improvements ### Compatibility matrix [](#compatibility-matrix) Sentinel versionLaravelPHPStatus`2.x``11.x`, `12.x``8.2`, `8.3`, `8.4`Active`2.x``13.x``8.3`, `8.4`ActiveComposer constraints (current): - `illuminate/*`: `^11.0|^12.0|^13.0` - `php`: `^8.2` Laravel 13 requires PHP `^8.3`, so PHP 8.2 support applies to Laravel 11 and 12 only. ### Support policy [](#support-policy) - Only actively maintained major versions receive fixes/features. - Security fixes are prioritized for the latest maintained major. - When a Laravel major reaches end-of-life, support can be dropped in the next Sentinel major. ### Upgrade guidance [](#upgrade-guidance) - Use a stable constraint in host apps: `composer require queopius/sentinel:^2.0` - Read release notes before any major upgrade (`1.x` -> `2.x`). - Run: `php artisan sentinel:audit` after upgrades to validate effective runtime security. Quick start in 5 minutes ------------------------ [](#quick-start-in-5-minutes) 1. Install package: ``` composer require queopius/sentinel ``` 2. Run installer: ``` php artisan sentinel:install --with-views ``` 3. Migrate (for CSP reports table): ``` php artisan migrate ``` 4. Add middleware aliases/global as needed (see below). 5. Run audit: ``` php artisan sentinel:audit ``` Installation and publish ------------------------ [](#installation-and-publish) ``` php artisan vendor:publish --tag=sentinel-config php artisan vendor:publish --tag=sentinel-views php artisan vendor:publish --tag=sentinel-migrations ``` Middleware registration (Laravel 11/12/13) ------------------------------------------ [](#middleware-registration-laravel-111213) Add aliases/global middleware in `bootstrap/app.php`: ``` ->withMiddleware(function (Middleware $middleware): void { $middleware->alias([ 'sentinel.headers' => \Queopius\Sentinel\Http\Middleware\AddSecurityHeaders::class, 'sentinel.https' => \Queopius\Sentinel\Http\Middleware\EnforceHttps::class, ]); // Optional global $middleware->append(\Queopius\Sentinel\Http\Middleware\EnforceHttps::class); $middleware->append(\Queopius\Sentinel\Http\Middleware\AddSecurityHeaders::class); }) ``` Config basics ------------- [](#config-basics) Config file: `config/sentinel.php` Key areas: - `preset`: baseline config (`web_compatible`, `api_strict`) - `headers.*`: security headers setup - `https.*`: redirect + force scheme - `ui.*`: optional dashboard - `csp_reports.*`: endpoint + DB storage - `audit.*`: warnings and probe behavior - `health_endpoint.*`: optional JSON endpoint Dashboard UI ------------ [](#dashboard-ui) Enable in config: ``` 'ui' => [ 'enabled' => true, 'path' => 'sentinel', 'middleware' => ['web', 'auth'], 'require_ability' => 'viewSentinelDashboard', 'theme' => 'light', // light|dark|auto ] ``` Then open `/sentinel`. ### Dashboard access control (recommended) [](#dashboard-access-control-recommended) - Keep `ui.middleware` with `auth` (default in package). - Set `ui.require_ability` and define the Gate in your app: ``` Gate::define('viewSentinelDashboard', fn ($user) => $user->hasRole('super_admin')); ``` With Spatie Permission you can map it to a permission: ``` Gate::define('viewSentinelDashboard', fn ($user) => $user->can('sentinel.view')); ``` Dashboard endpoint scan extras: - Dynamic paths filter via `scan_paths` query/form - Export scan results: - `/sentinel?export=endpoints&format=json` - `/sentinel?export=endpoints&format=csv` CSP reports ----------- [](#csp-reports) Enable: ``` 'csp_reports' => [ 'enabled' => true, 'route_path' => 'sentinel/csp-reports', 'store_database' => true, ] ``` Use report-only initially, inspect reports, then enforce. Commands -------- [](#commands) - `php artisan sentinel:install [--with-views] [--force]` - `php artisan sentinel:audit [--format=table|json|csv]` - `php artisan sentinel:scan [--json] [--paths=/,/login,/api]` - `php artisan sentinel:prune-reports [--days=30]` Recommended rollout path (safe adoption) ---------------------------------------- [](#recommended-rollout-path-safe-adoption) 1. Start with preset `web_compatible` 2. Keep CSP in `report_only` 3. Observe dashboard + reports 4. Tighten CSP directives and remove `unsafe-inline` 5. Enable HTTPS redirect and HSTS in production Reverse proxy notes ------------------- [](#reverse-proxy-notes) If app is behind Cloudflare / ALB / Nginx proxy, ensure Laravel trusted proxies are correctly configured so `Request::isSecure()` is reliable. Local HTTPS test (production-like) ---------------------------------- [](#local-https-test-production-like) For monorepo host apps: ``` ./scripts/generate-local-https-cert.sh ./vendor/bin/sail up -d --build ``` Set in host `.env`: ``` APP_URL=https://your-app.test:8443 ``` Then run: ``` ./vendor/bin/sail artisan optimize:clear ``` Open: - `https://your-app.test:8443` - `https://your-app.test:8443/sentinel` Full trust instructions are in `docs/guides/local-https.md`. Publishable views ----------------- [](#publishable-views) Views namespace: `sentinel`. You can override UI templates by publishing views: ``` php artisan vendor:publish --tag=sentinel-views ``` Output path: `resources/views/vendor/sentinel` Local development in a Laravel app (monorepo) --------------------------------------------- [](#local-development-in-a-laravel-app-monorepo) Host app `composer.json`: ``` { "repositories": [ { "type": "path", "url": "packages/queopius/sentinel", "options": { "symlink": true } } ], "require": { "queopius/sentinel": "^2.0" } } ``` Then: ``` composer require queopius/sentinel:^2.0 php artisan sentinel:install --with-views php artisan migrate php artisan sentinel:audit php artisan sentinel:scan ``` Package tests ------------- [](#package-tests) Inside package directory: ``` composer install vendor/bin/phpunit vendor/bin/pint --test vendor/bin/phpstan analyse ``` Docs ---- [](#docs) See `docs/` for architecture, config reference, CSP reporting, dashboard and roadmap. Release-hardening checklist: `docs/production-readiness.md`. Community and governance ------------------------ [](#community-and-governance) - Contribution guide: `CONTRIBUTING.md` - Security policy: `SECURITY.md` - Release + Packagist automation: `docs/guides/release-and-packagist.md` Licensing --------- [](#licensing) - Code: **MIT** (see `LICENSE`). - Documentation and guides: **Creative Commons Attribution 4.0 International (CC BY 4.0)**. ### Read the Docs [](#read-the-docs) This package includes: - `.readthedocs.yaml` - `mkdocs.yml` - `docs/requirements.txt` Local docs preview: ``` cd packages/queopius/sentinel python3 -m venv .venv source .venv/bin/activate pip install -r docs/requirements.txt mkdocs serve ``` Local strict build: ``` mkdocs build --strict ``` GitHub Actions docs workflow: - validates docs on PR/push via `mkdocs build --strict` - optional Read the Docs trigger on push to `main` Required repository secrets for RTD trigger: - `RTD_TOKEN`: Read the Docs API token - `RTD_PROJECT`: Read the Docs project slug (example: `queopiussentinel`) ### Branding and badges notes [](#branding-and-badges-notes) - Logo placeholder path in this README: - `.github/assets/logo-queopius-sentinel.png` - If repository owner/name changes, update badge URLs accordingly. - If Read the Docs project slug changes, update: - `https://readthedocs.org/projects//badge/?version=latest` ### Health Score 41 — FairBetter than 87% of packages Maintenance96 Actively maintained with recent releases Popularity2 Limited adoption so far Community6 Small or concentrated contributor base Maturity53 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~20 days Total 5 Last Release 25d ago Major Versions v1.0.1 → v2.0.02026-05-14 ### Community Maintainers ![](https://www.gravatar.com/avatar/705823f06e0ae77ff24aa3e623ccf4e9f6e5439bcdd858be95ade5017f497338?d=identicon)[Queopius](/maintainers/Queopius) --- Top Contributors [![Queopius](https://avatars.githubusercontent.com/u/10995315?v=4)](https://github.com/Queopius "Queopius (16 commits)") --- Tags httpslaravelsecurityheaderscsphsts ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StyleLaravel Pint Type Coverage Yes ### Embed Badge ![Health badge](/badges/queopius-sentinel/health.svg) ``` [![Health](https://phpackages.com/badges/queopius-sentinel/health.svg)](https://phpackages.com/packages/queopius-sentinel) ``` ### Alternatives [psalm/plugin-laravel Psalm plugin for Laravel 3325.1M337](/packages/psalm-plugin-laravel)[laravel/cashier Laravel Cashier provides an expressive, fluent interface to Stripe's subscription billing services. 2.5k28.4M134](/packages/laravel-cashier)[laravel/mcp Rapidly build MCP servers for your Laravel applications. 76318.2M110](/packages/laravel-mcp)[laravel/pulse Laravel Pulse is a real-time application performance monitoring tool and dashboard for your Laravel application. 1.7k14.1M120](/packages/laravel-pulse)[roots/acorn Framework for Roots WordPress projects built with Laravel components. 9732.3M121](/packages/roots-acorn)[moonshine/moonshine Laravel administration panel 1.3k239.9k72](/packages/moonshine-moonshine) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)