SENTINEL — Security & Privacy Gate

Verify SENTINEL's security scanners (SCA, secrets, Semgrep MCP for SAST) are installed and reachable — a ✓/✗ table by tier (advisory; --strict to fail on a missing required tool).

Audit third-party dependencies for known vulnerabilities, unpinned versions, missing lockfiles, abandoned packages, and typosquats.

Inspect the SENTINEL plugin itself — audit skills, agents, and knowledge for drift, gaps, and duplication; produce a severity-ranked report.

Audit a codebase for PII and secrets across data, git history, source, and frontend — produces PII-REPORT.md.

Scan for committed credentials and secrets (API keys, tokens, private keys, connection strings) across the tree, git history, and build artefacts.

SENTINEL INSPECTOR — on-demand agent that audits the SENTINEL plugin it ships in (skills, agents, knowledge, commands under ${CLAUDE_PLUGIN_ROOT}). Triggered by user command only ("inspect SENTINEL" / "/sentinel:inspect"). Builds a fresh critical-analysis persona, reads every file, and produces SENTINEL_INSPECTION_REPORT.md with severity-ranked findings.

Verify that SENTINEL's security scanners are installed and reachable — SCA (npm audit, pip-audit, cargo-audit, osv-scanner), secrets (gitleaks), and the Semgrep MCP for SAST. Trigger with /sentinel:check (or "check sentinel prerequisites", "which scanners are installed?"). Runs a fast ✓/✗ probe grouped by tier. Advisory by default (SENTINEL degrades gracefully — a missing scanner narrows a lens to partial coverage, never a false PASS); pass --strict to fail on a missing required tool. Reads the canonical manifest skills/check/requirements.tsv.

Supply-chain audit of a project's third-party dependencies. Parses package manifests and lockfiles across ecosystems (npm/pnpm/yarn, pip/Poetry/uv, Go modules, Cargo, RubyGems, Maven/Gradle), then flags: known-vulnerable versions (via the ecosystem's native advisory tooling), unpinned/floating ranges, abandoned or unmaintained packages, and typosquat-shaped names. Trigger with /dependency-audit [path]. Produces findings consumable standalone or by /security-gate. Self-improving: every new ecosystem or advisory source is folded into the reference.

Automated PII (Personally Identifiable Information) and security audit across codebases. Scans data files, git history, code, and configuration for sensitive information (names, emails, phone numbers, API keys, passwords, credentials). Runs parallel audits across data, git, code, and SPA layers. Produces comprehensive PII-REPORT.md with findings, risk assessments, and recommendations. Trigger with /pii-audit [scope] where scope is: full (all systems), data (data files only), git (history only), code (source code only), spa (SPA/frontend only), or project-root for a specific directory. Default: full scan of current repository.

Focused detection of committed credentials and secrets — API keys, tokens, private keys, database connection strings, and high-entropy strings — across the working tree, git history, and build artefacts. Complements pii-audit (which targets PERSONAL data) with a CREDENTIAL lens. Trigger with /secret-scan [scope] where scope is: full (working tree + history + artefacts), tree (working tree only), history (git history only), or a path. Default: full. Shares the SENTINEL finding/report format. Produces findings consumable standalone or by the /security-gate consolidator. Self-improving: every missed token family becomes a new pattern; every false positive becomes an allowlist entry.

The consolidated pre-release security gate. Runs SENTINEL's three audits in parallel — pii-audit (personal data), secret-scan (credentials), dependency-audit (supply chain) — then merges them into a single SECURITY-REPORT.md with one overall verdict: PASS, REVIEW, or BLOCK. Trigger with /security-gate [scope]. This is the entry point the foundry plugin calls as its SECURITY station before DELIVERY when SENTINEL is installed; it is equally useful standalone before any release or open-sourcing. Degrades gracefully: if a sub-skill or its tooling is unavailable, it reports the gap rather than silently passing.

3 hooks across 1 event