PHP download

Download the PHP package queopius/sentinel without Composer

On this page you can find all versions of the php package queopius/sentinel. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download queopius/sentinel
More information about queopius/sentinel
Files in queopius/sentinel

Vendor queopius
Package sentinel
Short Description Queopius Sentinel — HTTP Security & HTTPS Hardening for Laravel
License MIT
Homepage https://github.com/queopius/sentinel

Keywords security https headers laravel csp hsts

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of queopius/sentinel

Informations about the package sentinel

Queopius Sentinel — HTTP Security & HTTPS Hardening for Laravel

Queopius Sentinel is a production-ready Laravel package for HTTP security hardening with great DX:

Security headers (HSTS, CSP, Referrer-Policy, and more)
HTTPS enforcement middleware
Optional dashboard UI for audit/inspection
Dashboard metrics with CSP-safe native charts and hardening plan
Optional CSP reports endpoint + storage
Security audit, endpoint scan, and report pruning commands
Publishable views for full UI customization

Why Queopius Sentinel

Safe-by-default with preset support
Progressive rollout path (CSP report-only first)
Works as reusable package and monorepo local package
Built for Laravel 11, 12, and 13

Versioning and Laravel compatibility

Queopius Sentinel follows SemVer for package versions.

MAJOR: breaking changes
MINOR: new features, backward compatible
PATCH: fixes and internal improvements

Compatibility matrix

Sentinel version	Laravel	PHP	Status
`2.x`	`11.x`, `12.x`	`8.2`, `8.3`, `8.4`	Active
`2.x`	`13.x`	`8.3`, `8.4`	Active

Composer constraints (current):

illuminate/*: ^11.0|^12.0|^13.0
php: ^8.2

Laravel 13 requires PHP ^8.3, so PHP 8.2 support applies to Laravel 11 and 12 only.

Support policy

Only actively maintained major versions receive fixes/features.
Security fixes are prioritized for the latest maintained major.
When a Laravel major reaches end-of-life, support can be dropped in the next Sentinel major.

Upgrade guidance

Use a stable constraint in host apps: composer require queopius/sentinel:^2.0
Read release notes before any major upgrade (1.x -> 2.x).
Run: php artisan sentinel:audit after upgrades to validate effective runtime security.

Quick start in 5 minutes

Install package:
Run installer:
Migrate (for CSP reports table):
Add middleware aliases/global as needed (see below).
Run audit:

Installation and publish

Middleware registration (Laravel 11/12/13)

Add aliases/global middleware in bootstrap/app.php:

Config basics

Config file: config/sentinel.php

Key areas:

preset: baseline config (web_compatible, api_strict)
headers.*: security headers setup
https.*: redirect + force scheme
ui.*: optional dashboard
csp_reports.*: endpoint + DB storage
audit.*: warnings and probe behavior
health_endpoint.*: optional JSON endpoint

Dashboard UI

Enable in config:

Then open /sentinel.

Dashboard access control (recommended)

Keep ui.middleware with auth (default in package).
Set ui.require_ability and define the Gate in your app:

With Spatie Permission you can map it to a permission:

Dashboard endpoint scan extras:

Dynamic paths filter via scan_paths query/form
Export scan results:
- /sentinel?export=endpoints&format=json
- /sentinel?export=endpoints&format=csv

CSP reports

Enable:

Use report-only initially, inspect reports, then enforce.

Commands

php artisan sentinel:install [--with-views] [--force]
php artisan sentinel:audit [--format=table|json|csv]
php artisan sentinel:scan [--json] [--paths=/,/login,/api]
php artisan sentinel:prune-reports [--days=30]

Recommended rollout path (safe adoption)

Start with preset web_compatible
Keep CSP in report_only
Observe dashboard + reports
Tighten CSP directives and remove unsafe-inline
Enable HTTPS redirect and HSTS in production

Reverse proxy notes

If app is behind Cloudflare / ALB / Nginx proxy, ensure Laravel trusted proxies are correctly configured so Request::isSecure() is reliable.

Local HTTPS test (production-like)

For monorepo host apps:

Set in host .env:

Then run:

Open:

https://your-app.test:8443
https://your-app.test:8443/sentinel

Full trust instructions are in docs/guides/local-https.md.

Publishable views

Views namespace: sentinel.

You can override UI templates by publishing views:

Output path: resources/views/vendor/sentinel

Local development in a Laravel app (monorepo)

Host app composer.json:

Then:

Package tests

Inside package directory:

Docs

See docs/ for architecture, config reference, CSP reporting, dashboard and roadmap.

Release-hardening checklist: docs/production-readiness.md.

Community and governance

Contribution guide: CONTRIBUTING.md
Security policy: SECURITY.md
Release + Packagist automation: docs/guides/release-and-packagist.md

Licensing

Code: MIT (see LICENSE).
Documentation and guides: Creative Commons Attribution 4.0 International (CC BY 4.0).

Read the Docs

This package includes:

.readthedocs.yaml
mkdocs.yml
docs/requirements.txt

Local docs preview:

Local strict build:

GitHub Actions docs workflow:

validates docs on PR/push via mkdocs build --strict
optional Read the Docs trigger on push to main

Required repository secrets for RTD trigger:

RTD_TOKEN: Read the Docs API token
RTD_PROJECT: Read the Docs project slug (example: queopiussentinel)

Branding and badges notes

Logo placeholder path in this README:
- .github/assets/logo-queopius-sentinel.png
If repository owner/name changes, update badge URLs accordingly.
If Read the Docs project slug changes, update:
- https://readthedocs.org/projects/<slug>/badge/?version=latest

All versions of sentinel with dependencies

PHP Build Version

Package Version

Version v2.1.0 Release 15. May 2026
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of sentinel from vendor queopius

Requires php Version ^8.2
illuminate/contracts Version ^11.0|^12.0|^13.0
illuminate/http Version ^11.0|^12.0|^13.0
illuminate/routing Version ^11.0|^12.0|^13.0
illuminate/support Version ^11.0|^12.0|^13.0
illuminate/view Version ^11.0|^12.0|^13.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package queopius/sentinel contains the following files

Loading the files please wait ...