https://github.com/wyre-technology/sentinelone-mcp
Multitenant Streamable HTTP wrapper for sentinel-one/purple-mcp
https://github.com/wyre-technology/sentinelone-mcp
mcp msp msp-mcp security sentinelone
Last synced: 2 days ago
JSON representation
Multitenant Streamable HTTP wrapper for sentinel-one/purple-mcp
- Host: GitHub
- URL: https://github.com/wyre-technology/sentinelone-mcp
- Owner: wyre-technology
- License: apache-2.0
- Created: 2026-04-07T19:42:37.000Z (2 months ago)
- Default Branch: main
- Last Pushed: 2026-06-02T02:03:42.000Z (10 days ago)
- Last Synced: 2026-06-02T03:22:41.545Z (10 days ago)
- Topics: mcp, msp, msp-mcp, security, sentinelone
- Language: TypeScript
- Size: 244 KB
- Stars: 0
- Watchers: 0
- Forks: 3
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# sentinelone-mcp
Multitenant Streamable HTTP wrapper for [sentinel-one/purple-mcp](https://github.com/Sentinel-One/purple-mcp), built so the [wyre-technology MCP gateway](https://github.com/wyre-technology/mcp-gateway) can forward per-tenant SentinelOne credentials as HTTP headers.
## Why
`purple-mcp` is a great first-party MCP server, but it reads its SentinelOne console token + URL from environment variables at process startup, which makes it single-tenant per container. Our gateway is multi-tenant: every request carries the calling org's credentials as HTTP headers, and the vendor container has to translate those headers into something the upstream understands.
This image bundles `purple-mcp` plus a small Node/Fastify proxy. The proxy:
1. Listens on `:8080` with `POST /mcp` and `GET /health`.
2. Reads `x-purplemcp-token` and `x-purplemcp-base-url` from each incoming request.
3. Lazily spawns one `purple-mcp --mode streamable-http` child per `(token, base-url)` tenant on a private loopback port, with the right env vars set.
4. Proxies the request body to that child and streams the response back.
5. Evicts idle children after 15 minutes (`IDLE_EVICT_MS`).
The result is a single container that the gateway can talk to like any other vendor MCP server.
## Configuration
| Env var | Default | Notes |
|---|---|---|
| `PORT` | `8080` | Public listen port. |
| `PURPLE_MCP_DIR` | `/opt/purple-mcp` | Where purple-mcp source + venv live. |
| `PURPLE_MCP_PYTHON` | `/opt/purple-mcp/.venv/bin/python` | Python interpreter from the upstream venv. |
| `IDLE_EVICT_MS` | `900000` | Idle tenant timeout. |
| `SPAWN_READY_TIMEOUT_MS` | `30000` | How long to wait for a child to start serving HTTP. |
| `LOG_LEVEL` | `info` | Fastify log level. |
## Request headers
The gateway must forward these headers on every `/mcp` request:
| Header | SentinelOne credential |
|---|---|
| `x-purplemcp-token` | `PURPLEMCP_CONSOLE_TOKEN` (Account- or Site-level service user token) |
| `x-purplemcp-base-url` | `PURPLEMCP_CONSOLE_BASE_URL` (e.g. `https://yourtenant.sentinelone.net`) |
## Build
```bash
docker build -t ghcr.io/wyre-technology/sentinelone-mcp:latest .
```
## License
Apache-2.0. The bundled `purple-mcp` is MIT-licensed by SentinelOne.