The starting point was simple: the OpenCart error log is a plain text file. No interface, no filtering, no history. When something breaks, the developer opens cPanel, navigates to the log, reads raw text. DevStudio already improved this by embedding a log viewer inside the admin. Sentinel started as the next logical step — catalogue the errors, show which files they come from, keep a history.
The initial concept was a separate window: read the error log on one side, edit the file on the other, without losing context.
The first version of Sentinel was a log viewer with small quality-of-life additions — copy file path, mark as seen, download recent errors as CSV. Useful, but limited in scope.
The scope changed after a conversation with a mentor. A client had suffered an attack: the store's homepage had been replaced with paid advertising — slot machines, domain sales. By examining file modification dates, it appeared the attack had happened at least 15 days before the store owner noticed. The site had been compromised for two weeks before anyone was aware.
The question followed naturally: what if Sentinel could also detect file changes — new files, modified files, deleted files — and alert the owner in real time?
Sentinel evolved from a passive log reader into an active monitoring system. Two distinct layers: error log monitoring (available in the free DevStudio release) and file integrity monitoring (a premium feature). The file integrity layer required detecting changes across the entire OpenCart file structure and delivering alerts outside the admin — because if the site is compromised, the admin may not be accessible.
This is where the complexity escalated significantly. Alerts outside the admin meant an external notification system. An external system meant a server. A server meant a licensing model. The development of Sentinel as a premium feature was inseparable from the development of RT HUB Client and the licensing infrastructure — covered in a separate article.
Error log monitoring
Sentinel scans the OpenCart error.log incrementally — storing the last read position in a cache file and only processing new entries on each cron run. Each entry is parsed by regex to extract timestamp, severity level (CRITICAL, ERROR, WARNING, INFO), file and line number. A deduplication window prevents the same error from being logged more than once within a 5-minute period.
The Sentinel dashboard is embedded inside DevStudio as an iframe. Clicking “copy path” on any error copies the file path to clipboard. Ctrl+P in the editor opens the file immediately via postMessage communication between the iframe and the parent editor. Errors can be marked as seen. Recent errors can be exported as CSV.
File integrity monitoring (Pro)
A baseline snapshot of the file structure is taken on first activation — file paths, sizes and modification timestamps. On each subsequent cron run, the current state is compared against the baseline. Three event types are detected: file modified, file created, file deleted.
When a change is detected, an alert is sent via Email and optionally via Telegram. The alert includes the file path, event type, timestamp and a diff summary where applicable. The intention is that a store owner receives a notification within minutes of an unauthorised file change — not 15 days later.
Notifications
Email alerts are sent via PHP mailer with an HTML template. Telegram notifications use the Telegram Bot API — the store owner configures a bot token and chat ID in the Sentinel settings. Alert thresholds are configurable: not every file change triggers a notification, only changes outside defined trusted paths.
A monitoring system that covers two distinct failure modes: application errors surfaced from the log, and file system changes that may indicate a compromise. Both delivered inside DevStudio with external alerting for the file integrity layer.
The file integrity baseline needs to be manually reset after legitimate deployments — otherwise every extension install or update triggers false positives. The cron-based approach means there is a detection delay equal to the cron interval. Real-time file system watching is not possible within the OpenCart extension model.
Covered in the next article — RT HUB Client and the licensing infrastructure that makes the Pro tier possible. That system took significantly longer to build than Sentinel itself.