u/CarolusX74

I've been leaning on Claude Code for a lot of Android work lately and it's solid for boilerplate, Compose components, and refactors. But there are still areas where I end up turning it off and just doing things myself, Gradle config debugging especially, and anything involving custom Views.

Curious where others have landed. What parts of your Android workflow are you still doing fully by hand, and why?

Hi all 👋

Sharing a project I've been building for the last several months. Looking for feedback specifically on the design choices, there are a few that go against the obvious approach and I'd love to know if I missed something.

What it does

SentinelX is an MCP server that lets an LLM (Claude.ai, ChatGPT, anything MCP-compatible) operate Linux servers, not by giving it a shell, but by exposing a constrained set of tools that the LLM composes into useful work.

The agent runs on each host you want to manage. A central hub aggregates connections from all your hosts and exposes them as a single MCP connector to the LLM.

Design decisions worth discussing

1. Explicit allowlist over capability sandboxing

Each host has a config that lists exactly which commands the agent will execute. Not "exec arbitrary shell" with a deny list — an actual allowlist of command prefixes. Adding a new command is a deliberate edit to the config.

Tradeoff: more friction when you need to add something.
Benefit: the threat surface is the allowlist itself, which fits in your head and version-controls cleanly.

2. Outbound-only WebSocket from agent to hub

No agent ever accepts inbound connections. The agent opens a WebSocket to the hub and that's the only network primitive.

Tradeoff: requires a hub. Benefit: works behind NAT/firewall without any port forwarding, and there's no inbound attack surface to harden.

3. Service control in tiers (read-only / conservative / operational)

Services declared in the config get a tier:

- read-only: status, is-active, is-enabled

- conservative: + restart, reload (no stop)

- operational: + start, stop

ssh and the agent itself stay read-only by default

the LLM can never accidentally lock you out.

4. Per-tool annotations beyond readOnlyHint/destructiveHint

The MCP spec gives us the standard hints. SentinelX adds a few extras in the tool metadata (e.g., "requires_sudo", "stateful") that the host's config exposes per command.

LLMs can use them or ignore them, but they're there for tools that want richer context.

5. Audit log lives in the hub, not the agent

Every tool call is logged with user, host, tool, params (sanitized), result. Centralized, so I can review activity across the fleet without scraping individual hosts.

Status

Running on 4 hosts in production (one VPS, two homelab boxes, one WSL2). Apache 2.0 for the agent and the protocol. Hub is closed-source for now, it's mostly Keycloak + routing, not the interesting part.

Submitted to the Anthropic and OpenAI directories; both reviews in progress.

Links

- Repo: github.com/pensados/sentinelx-cloud-core

- Threat model: SECURITY.md in that repo

- Landing: sentinelx.app

- Story version on Medium (less technical, more "scratching my own itch"): https://carolusx.medium.com/how-i-accidentally-built-an-mcp-server-for-my-linux-servers-11a288feb899

Feedback I'd find genuinely useful

- Anyone building similar "operate remote resources" MCPs hitting the same auth/policy/audit problems? How did you solve them?

- Is the allowlist approach too restrictive in practice? Should I add an "ask-the-user" tier for commands?

- Does the hub model make sense, or would you rather see the agent expose MCP directly per host?

Happy to answer anything else.

https://preview.redd.it/ktyxk2cxxe0h1.png?width=1618&format=png&auto=webp&s=2ce999b14a07c91b224264fefc5194501360361b

A few weeks ago I posted about SentinelX, an MCP server for managing your own Linux infrastructure with Claude/ChatGPT.

The main feedback was that setup was too involved. Fixed that.

Now it's one line:

>curl -fsSL https://raw.githubusercontent.com/pensados/sentinelx-docker/main/install.sh | bash

The installer asks 3 questions (exec mode, auth, domain), builds the Docker stack, configures Keycloak for OAuth, and prints the exact credentials to paste into Claude. Full uninstall also one command.

The screenshot shows it in action — asking Claude to restart nginx and confirm it's running. It reloads the service, then delivers a clean status summary: active, PID, workers, config check, memory.

repo: github.com/pensados/sentinelx-docker
web: sentinelx.pensa.ar

screenshot