SentinelAI MCP Server

SentinelAI MCP Server

Enables secure enterprise AI agents to access internal tools like GitHub, Gmail, Calendar, file systems, databases, and knowledge bases through the Model Context Protocol, with built-in security, audit, and observability.

Category
Visit Server

README

<div align="center">

๐Ÿ›ก๏ธ SentinelAI

Secure Enterprise AI Workspace

A self-hostable AI agent platform that securely connects employees to their internal knowledge, source code, email, calendar, and operational tools โ€” built on the Model Context Protocol (MCP).

<br>

Open in GitHub Codespaces

<br>

tests codeql last commit code size top language stars

python next fastapi mcp tailwind docker k8s license

Live Demo (Codespaces) ยท Architecture ยท Features ยท Quick Start ยท Security ยท SECURITY.md

</div>


๐Ÿš€ Try it in 30 seconds โ€” no install needed

Open in GitHub Codespaces

Click the badge โ†’ wait ~30 sec for setup โ†’ frontend opens automatically. Log in with alice / sentinel-demo.

Codespaces gives you a full cloud VS Code with both servers running and ports forwarded. Free 60 hours/month on personal GitHub accounts.

<details> <summary><b>๐Ÿ“ธ Click to preview what you'll see</b></summary>

Page Description
๐Ÿ” Login JWT-secured sign-in with bcrypt password verification
๐Ÿ’ฌ Chat Multi-turn conversation, agent tool calls visualized in real time
๐Ÿ“„ Documents Drag-and-drop ingestion into the RAG knowledge base
โš™๏ธ Settings Live status of every MCP connector (live / mock / demo)
๐Ÿ” Tool Trace Expand any agent response to see exactly which tools fired, with arguments + results + latency

</details>


๐Ÿ’ก What is SentinelAI?

Imagine one chat interface where an employee asks "Did anyone email about last week's incident, and is there a related GitHub issue?" โ€” and the AI agent figures out which internal tools to query (Gmail + GitHub), runs them in parallel, and returns a single grounded answer with citations.

That's SentinelAI. It's not a ChatGPT wrapper โ€” it's the AI platform layer that companies actually need: one agent, your data, your auth, your audit trail.

Why MCP?

The Model Context Protocol is the emerging standard for plugging tools into AI agents. Build a Gmail tool once as an MCP server and it works in Claude Desktop, Cursor, SentinelAI, and any future MCP-aware client. Without MCP, every integration is custom glue. With MCP, build once, use everywhere.


๐Ÿ—๏ธ Architecture

flowchart TD
    User([๐Ÿ‘ค User])
    UI[Next.js 14 Frontend<br/>Tailwind + shadcn/ui]
    API[FastAPI Gateway<br/>JWT + CORS + Rate Limit]
    Auth[Auth Layer<br/>JWT โ€ข RBAC โ€ข Bcrypt โ€ข Audit Log]
    RAG[RAG Engine<br/>Chroma / PGVector + Citations]
    Agent[Agent Orchestrator<br/>Planner โ€ข Retry โ€ข Tool Traces]
    LLM[(LLM Provider<br/>Anthropic / OpenAI)]
    MCP[MCP Server<br/>FastMCP]

    GitHub[GitHub<br/>4 tools]
    Gmail[Gmail<br/>3 tools]
    Cal[Calendar<br/>3 tools]
    FS[File System<br/>3 tools]
    DB[(PostgreSQL<br/>2 tools)]
    KB[Knowledge Base<br/>RAG tool]

    User --> UI
    UI --> API
    API --> Auth
    API --> RAG
    API --> Agent
    Agent --> LLM
    Agent --> MCP
    MCP --> GitHub
    MCP --> Gmail
    MCP --> Cal
    MCP --> FS
    MCP --> DB
    MCP --> KB
    RAG --> KB

    classDef gateway fill:#3b82f6,stroke:#1e40af,color:#fff
    classDef security fill:#ef4444,stroke:#991b1b,color:#fff
    classDef ai fill:#8b5cf6,stroke:#5b21b6,color:#fff
    classDef tool fill:#22c55e,stroke:#15803d,color:#fff
    class API,UI gateway
    class Auth security
    class Agent,RAG,LLM,MCP ai
    class GitHub,Gmail,Cal,FS,DB,KB tool

โœจ Features

<details open> <summary><b>Core AI</b> โ€” Click to expand each section</summary>

Core AI

  • Conversational enterprise assistant with multi-turn memory (SQLite-backed, session-isolated)
  • RAG over enterprise documents (Markdown + PDF) with smart heading-aware chunking
  • Citations on every retrieved answer
  • Provider-agnostic LLM layer (swap Anthropic โ†” OpenAI via env var)
  • Multi-step planning: decomposes complex queries into sub-tasks

</details>

<details> <summary><b>๐Ÿ”Œ MCP Connectors (18 tools across 7 servers)</b></summary>

Connector Tools
GitHub search_issues, create_issue, comment_on_issue, search_code
Gmail search, get_thread, draft_reply
Calendar list_events, create_event, check_availability
File System list_files, read_file, search (sandboxed)
PostgreSQL query (read-only SELECT), describe_schema
Knowledge Base query_knowledge_base (RAG)
System echo, current_time

</details>

<details> <summary><b>๐Ÿ›ก๏ธ Security</b></summary>

  • JWT access + refresh tokens with cryptographic signature verification
  • Role-based access control (admin / user / viewer)
  • Bcrypt password hashing
  • Password policy: โ‰ฅ8 chars, letter + digit/special required, common-password blocklist
  • Rate limiting: /auth/login 10/min, /auth/register 5/min, global 100/min per IP
  • Token revocation on logout (defense against stolen tokens)
  • HTTP security headers on every response: HSTS, CSP, X-Frame-Options DENY, X-Content-Type-Options nosniff, Referrer-Policy, Permissions-Policy
  • Sandboxed file system access (path-traversal protection)
  • Read-only SQL enforcement on database queries
  • Human-approval gate on destructive actions (create_issue, send_email)
  • Audit log of every authenticated action (timestamped, IP-tracked)
  • CodeQL SAST scanning on every push (Python + TypeScript)
  • Dependabot auto-updates for outdated dependencies
  • Full vulnerability disclosure process โ€” see SECURITY.md

</details>

<details> <summary><b>๐Ÿค– Agentic, ๐Ÿ“š Enterprise, ๐Ÿ“Š Observability, ๐Ÿงช Evaluation, ๐Ÿšข Deployment</b></summary>

Agentic

  • Tool calling with retry + exponential backoff on failure
  • Structured tool-call traces for every conversation
  • Pluggable LLM provider abstraction
  • Stateless or stateful operation

Enterprise

  • Document ingestion (Markdown, PDF, plain text)
  • Semantic search via sentence-transformers + Chroma/PGVector
  • Document versioning by content hash
  • Connector mock-mode for demos without real OAuth

Observability

  • Structured JSON logging (structlog)
  • Prometheus metrics: request latency, tool call counts, LLM latency, RAG queries, auth events
  • Request ID propagation for distributed tracing
  • /metrics endpoint ready for Prometheus scraping

Evaluation

  • Eval dataset with expected tool calls and golden answers
  • Tool-call correctness scoring
  • Keyword grounding metrics
  • LLM-as-judge for answer quality

Deployment

  • Docker images for backend + frontend
  • Docker Compose for full local stack (Postgres + pgvector + Prometheus + Grafana)
  • Kubernetes manifests for production deploy
  • GitHub Actions CI runs tests on every push

</details>

๐Ÿš€ Quick Start

1. Clone & install

git clone https://github.com/virinchisai/sentinel-ai.git
cd sentinel-ai
python3.12 -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
cd frontend && npm install && cd ..

2. Configure

cp .env.example .env
# edit .env: add ANTHROPIC_API_KEY or OPENAI_API_KEY

3. Ingest sample knowledge base

python -m backend.rag.ingest

4. Run

# terminal 1: backend
uvicorn backend.api.main:app --reload

# terminal 2: frontend
cd frontend && npm run dev

Visit http://localhost:3000, register an account, and start chatting.

๐Ÿ“‚ Repository Tour

sentinel-ai/
โ”œโ”€โ”€ backend/
โ”‚   โ”œโ”€โ”€ api/             # FastAPI gateway: chat, auth, documents, admin routes
โ”‚   โ”œโ”€โ”€ auth/            # JWT, RBAC, bcrypt, audit log (SQLAlchemy)
โ”‚   โ”œโ”€โ”€ agents/          # LLM provider abstraction, MCP client, orchestrator, planner
โ”‚   โ”œโ”€โ”€ rag/             # Chunking, PDF parsing, Chroma / PGVector stores, retriever
โ”‚   โ”œโ”€โ”€ mcp_server/      # FastMCP server with 18 tools across 7 connectors
โ”‚   โ”œโ”€โ”€ observability/   # structlog, Prometheus metrics, request tracing
โ”‚   โ””โ”€โ”€ tests/           # pytest suite
โ”œโ”€โ”€ frontend/            # Next.js 14 + Tailwind: login, chat, documents, settings
โ”œโ”€โ”€ evaluation/          # Eval dataset, runner, report
โ”œโ”€โ”€ docker/              # Dockerfile.backend, Dockerfile.frontend, docker-compose.yml
โ”œโ”€โ”€ kubernetes/          # Production K8s manifests
โ”œโ”€โ”€ .github/
โ”‚   โ”œโ”€โ”€ workflows/       # test.yml + codeql.yml (SAST)
โ”‚   โ””โ”€โ”€ dependabot.yml   # Weekly dep updates
โ””โ”€โ”€ SECURITY.md          # Vulnerability disclosure + threat model

๐Ÿงช Testing

Local

pytest backend/tests -v       # 20 tests including 16 security regression tests
cd frontend && npm run build  # frontend

The security suite (backend/tests/test_security.py) proves every protection stays on:

  • Password policy (length, common-password blocklist, character classes)
  • JWT signature verification + type-mismatch rejection
  • RBAC permission checks per role
  • SQL injection blocking (DROP / DELETE / INSERT rejected)
  • Path-traversal blocking on filesystem connector

On GitHub

Three workflows run on every push and PR:

  • tests โ€” pytest on Python 3.11 + 3.12, MCP smoke test (asserts โ‰ฅ18 tools register), frontend lint + build
  • CodeQL โ€” SAST for Python + TypeScript with the security-and-quality query suite
  • Dependabot โ€” weekly PRs for outdated pip / npm / GitHub Actions dependencies

You can also click "Run workflow" from the Actions tab to trigger a manual run.

๐Ÿšข Production Deployment

docker compose -f docker/docker-compose.yml up

Boots the full stack: Postgres+pgvector, FastAPI backend, Next.js frontend, Prometheus, and Grafana with pre-provisioned dashboards.

For Kubernetes, apply kubernetes/*.yaml.

๐Ÿ›ก๏ธ Security

SentinelAI is built defense-in-depth. Every protection has a regression test so disabling one breaks CI.

Threat Mitigation
Brute-force login Rate limit (10/min) + bcrypt slow hash
Password stuffing Common-password blocklist + minimum entropy policy
Token theft Short access-token expiry + revocation list + HSTS
XSS / Clickjacking CSP default-src 'none', X-Frame-Options: DENY
SQL injection Parameterized queries + SELECT-only enforcement
Path traversal Resolved-path containment in FileSystem connector
Prompt injection โ†’ destructive action Human-approval gate, audit logging
Vulnerable dependencies Dependabot weekly + CodeQL on every push

See SECURITY.md for the full threat model and the private vulnerability-reporting process.

The repo's Security tab surfaces CodeQL findings, Dependabot alerts, and the published security policy.

๐Ÿ’ผ Why this matters

Most "AI app" portfolio projects are thin ChatGPT wrappers. SentinelAI is the entire enterprise AI platform stack โ€” auth, RBAC, multi-tool agents, RAG with citations, observability, evaluation, deployment โ€” built on the modern protocol (MCP) that Anthropic, OpenAI, and the broader ecosystem are converging on. It demonstrates the full skill set required for Applied AI Engineering, AI Platform Engineering, and Forward-Deployed Engineering roles at frontier AI companies.

<details> <summary><b>๐Ÿ“‹ Resume bullet (copy-paste ready)</b></summary>

Designed and shipped a secure enterprise AI workspace implementing the Model Context Protocol (MCP) to orchestrate AI agents across GitHub, Gmail, Calendar, PostgreSQL, sandboxed FS, and an enterprise knowledge base. Engineered a FastAPI gateway with JWT auth, RBAC, audit logging, rate limiting, HSTS/CSP headers, and token revocation, a multi-step planner-driven agent loop, a citation-aware RAG pipeline (Chroma / PGVector), Prometheus observability, a Next.js 14 frontend, a 20-test pytest suite (16 dedicated security regressions), CodeQL + Dependabot in CI, and Docker / Kubernetes deployment.

</details>

๐Ÿ“ˆ Star History

Star History Chart

๐Ÿ“œ License

MIT โ€” see LICENSE.


<div align="center">

Built by Virinchi Sai Athmakuri ยท LinkedIn ยท Email

โญ Star this repo if you find it useful!

</div>

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured