managed cloud · open-source agent · Apache 2.0

Connect AI to
your servers.

SentinelX lets Claude, ChatGPT and other AI tools manage your Linux servers via the Model Context Protocol. One command on each host, OAuth via Google, and a dashboard that shows your whole fleet in one place — without configuring DNS, certificates, or an identity provider.

↓ Start free ↗ See dashboard ↗ GitHub

# one-line install on your Linux server $ curl -fsSL https://get.sentinelx.app | sudo bash # the installer asks for an enrollment token # get one at https://mcp.sentinelx.app — sign in with Google, # click "+ Enroll a new host", paste the token. Done.

60s

to install

multi

host fleet

OAuth

via Google

Apache

open agent

// how it works

An agent on each host. A hub that handles the rest.

The hub at mcp.sentinelx.app handles OAuth, identity, and the MCP protocol. The agent on your server only opens an outbound connection to the hub — no inbound ports, no public DNS for your host, no certificates to manage.

# architecture (cloud-managed) Claude / ChatGPT / Cursor │ │ HTTPS + OAuth (Google sign-in) ▼ mcp.sentinelx.app ← managed hub: OAuth, MCP, dashboard │ │ WebSocket (outbound from agent) ▼ sentinelx-cloud-core ← agent on your Linux server │ ├─ exec allowlisted commands only ├─ edit structured file edits, no shell quoting ├─ script_run temp bash / python3 scripts ├─ service registered service actions ├─ upload file upload (simple + chunked) └─ playbooks multi-step recipes the LLM can run # your servers never expose an inbound port to the internet.

01 — INSTALL

One command, one minute

Run the installer on your Linux server. It creates a system user, installs the agent under /opt/sentinelx-cloud-core, registers a systemd service, and connects to the hub.

02 — ENROLL

Sign in with Google

Visit mcp.sentinelx.app, sign in with Google, click Enroll a new host, and paste the token the installer asks for. Your server appears in the dashboard within seconds.

03 — DASHBOARD

See your fleet

The dashboard lists every enrolled server with a status dot, hostname, agent version, and last-seen time. Label hosts, kick stale sessions, or unenroll — all from the browser.

04 — USE IT

From any AI client

Add mcp.sentinelx.app as an MCP connector in Claude or ChatGPT. The AI sees your hosts, can target them by name, and only runs operations the agent's allowlist permits.

// security model

Least privilege, by design.

Every security decision in SentinelX is intentional and explicit. The agent is open source — you can audit exactly what runs on your server.

🔒

Command allowlist

The agent only runs commands explicitly listed in its policy. Anything not in the allowlist is rejected before execution. Servers, paths and arguments are validated against the policy too.

👤

Isolated service user

The agent runs as a dedicated sentinelx system user with no login shell. Its sudoers rule is scoped to the exact commands the policy permits.

🎟

OAuth via Google

The hub authenticates you via Google sign-in. Each session is a JWT with explicit scopes. The agent only accepts connections from the hub, signed with your account's identity.

🔑

Outbound only

The agent opens an outbound WebSocket to mcp.sentinelx.app. No inbound ports, no public DNS for your host, no certificates to manage. Your firewall stays closed.

📋

Audit log

Every operation is logged on the hub with the user, host, command, output, return code, and timestamp. Blocked operations are logged too.

🧰

Open-source agent

The agent is Apache 2.0-licensed and lives at pensados/sentinelx-cloud-core. Read it, fork it, run a fork — it's yours.

// AI clients

Works with any MCP client.

SentinelX speaks the Model Context Protocol over Streamable HTTP. Connect it to Claude, ChatGPT or any MCP-compatible agent — the same hub URL works for all of them.

You sign in once with Google. From there, every AI client you connect sees the same fleet of hosts.

Claude (claude.ai, Claude Desktop, Claude Code)

ChatGPT (via Connected Apps)

Cursor, Windsurf, VS Code (MCP extension)

Any MCP-compatible agent or script

// connect Claude in 30 seconds

1. claude.ai → Settings → Connectors → Add custom connector
2. URL: https://mcp.sentinelx.app/mcp
3. Sign in with Google when prompted
4. Ask Claude: "list my hosts"

# tools the AI sees, per host

sentinel_state           # host facts
sentinel_capabilities    # what's allowed
sentinel_exec            # run an allowlisted command
sentinel_edit            # structured file edits
sentinel_script_run      # temp bash / python script
sentinel_service         # start/stop/restart/reload
sentinel_upload_file     # upload to host
sentinel_list_hosts      # multi-host fleet view
...and more — see the agent's docs
        

# open standards, no vendor lock-in

protocol      Model Context Protocol (MCP)
transport     Streamable HTTP
auth          OAuth 2.0 / OIDC + DCR
identity      Google sign-in
agent         Apache 2.0-licensed, open source
          

// self-hosted alternative

Want to run your own hub?

If you'd rather run the entire stack yourself — including the OAuth provider — there's a Docker edition that bundles agent, MCP bridge, and Keycloak in one stack. Same MCP protocol, same security model, no managed service.

SentinelX Docker self-hosted

One-line install: 4 containers (agent, MCP bridge, Keycloak, Postgres) on your own host. You bring DNS, certificates, and operational responsibility. Recommended if you want full data sovereignty or air-gapped deployments.

$ curl -fsSL https://raw.githubusercontent.com/pensados/sentinelx-docker/main/install.sh | bash

↗ sentinelx-docker ↗ Setup guide

Connect AI toyour servers.