Config Reference¶
Main file: config/sentinel.php
Top-level keys¶
enabled: master toggle for Sentinel behavior.environments: allowed environments where Sentinel is active.exclude.paths/exclude.route_names: global exclusions.preset: baseline profile (web_compatible,api_strict, etc).strict_validation: stricter validation for malformed CSP config.
HTTPS¶
https.redirect: redirect HTTP to HTTPS.https.redirect_status:301or308.https.force_scheme: forcehttpsin URL generator.https.exclude_paths,https.exclude_route_names: bypass redirects for specific routes.https.only_in_environments: environments where redirect applies.https.trust_proxy_warning_enabled: show warning when proxy trust looks wrong.
Headers¶
headers.hsts.*headers.csp.*headers.x_content_type_options.*headers.referrer_policy.*headers.x_frame_options.*headers.permissions_policy.*headers.cross_origin.*headers.custom
CSP key points¶
headers.csp.enabledheaders.csp.report_onlyheaders.csp.report_uriheaders.csp.report_toheaders.csp.directives(array-based builder)headers.csp.nonce.*(prepared architecture)
UI Dashboard¶
ui.enabledui.pathui.middleware(recommended:['web','auth'])ui.require_ability(recommended for role/permission gate)ui.theme(light|dark|auto)ui.show_csp_reportsui.endpoint_scan.*
CSP Reports¶
csp_reports.enabledcsp_reports.route_pathcsp_reports.store_databasecsp_reports.prune_dayscsp_reports.middlewarecsp_reports.log_invalid_payloads
Audit¶
audit.enabledaudit.perform_live_probeaudit.internal_probe_pathaudit.warnings.allow_unsafe_inline_warningaudit.warnings.require_frame_ancestors_warning
Health endpoint¶
health_endpoint.enabledhealth_endpoint.pathhealth_endpoint.middleware
Views¶
views.publishableviews.namespace
Presets¶
Implemented baseline presets:
web_compatibleapi_strict
Preset works as baseline and manual config overrides it.