UEDF Sentinel v5.0 is currently in pre-production hardening. A structural
security audit was completed on 2026-05-21 — see
SECURITY-AUDIT-2026-05-21.md for the
full report.
This system MUST NOT be deployed to production until all Critical and High findings are resolved.
Only main is supported. The develop branch may contain unreviewed work.
| Version | Supported |
|---|---|
main (latest) |
yes |
develop |
no — pre-release only |
< 5.0 |
no |
From the 2026-05-21 audit:
| # | Severity | Area | File | Status |
|---|---|---|---|---|
| 1 | Critical | Auth / secrets | modules/login.php |
open |
| 2 | Critical | Secrets mgmt | api/config.php |
open |
| 3 | Critical | DB fallback | includes/functions.php:38 |
open |
| 4 | High | CORS wildcard | api/auth.php |
open |
| 5 | High | SQL injection (raw queries) | cron/*.php, modules |
open |
| 6 | High | Session fixation | src/Auth.php |
open |
| 7 | High | Info disclosure | config/settings.php |
open |
| 8 | High | Missing security headers | api/*.php |
open |
| 9 | High | Brute-force lockout incomplete | src/Auth.php::login |
open |
Each finding has reproduction, risk, and remediation in the audit document.
If you find a security issue:
- Do not open a public issue.
- Use GitHub's private security advisory or contact via the profile.
- Include: affected version/commit, reproduction steps, impact assessment.
Expected response: 72 hours to acknowledge, 14 days for initial assessment. Critical findings get a same-week patch path.
In order:
- Remove hardcoded credentials (findings 1, 2, 3) — blocks all deployments.
- CORS allowlist + security headers (findings 4, 8) — required before any browser-accessible endpoint goes live.
- Session regeneration + brute-force enforcement (findings 6, 9) — required before opening login to non-VPN clients.
- Raw-query elimination (finding 5) — CI gate added to prevent regression.
display_errors=0in production (finding 7) — config flag.
npm auditruns in CI on every push (server/ WebSocket shim).- Dependabot is enabled for
npm,composer, andgithub-actionswith weekly cadence. - PHP composer dependencies (when added) will gate on
composer audit.
This is command and control software for a real defense force. The threat model assumes:
- Network-resident adversaries (nation-state and criminal).
- Insider risk (privileged user misuse).
- Supply-chain risk on every dependency added.
The audit document captures the structural baseline; runtime hardening (SIEM integration, anomaly detection, audit log review cadence) is a separate workstream.
Five files committed at the initial scaffolding (b79e421) carried
corrupted content — literal ECHO is on. injection from a Windows shell
capture, truncated $this-> references, broken = assignments — and
declared a Sentinel\ namespace that was never wired into
composer.json's PSR-4 autoload (UEDF\\ → src/). A repo-wide search
confirmed zero callers. They were removed entirely in the May 2026
CI honesty pass:
src/Security/CSRF.phpsrc/health.phpsrc/Auth/Authentication.phpsrc/WebSocket/Server.phpsrc/Collaboration/TeamManager.php
If real implementations are needed later, use the existing UEDF\\
namespace and follow the working neighbours (src/Auth/Session.php,
src/Auth/TokenAuth.php, src/WebSocket/RealTimeServer.php).