Summary
Sentinel sits between your MCP clients and backend servers to enforce zero-trust policies before tool calls reach production systems. It strips PII from prompts and responses, requires manual approval for high-risk operations, and writes every request to an audit trail. You'd reach for it when moving from local MCP demos to team or CI deployments where you need guardrails around which tools agents can invoke and what data they can touch. It's part of the oaslananka mcp-suite monorepo alongside Composer for aggregation, Forge for orchestration, and Observatory for metrics. The repo targets stdio transport and runs on Node 24 or later with strict TypeScript throughout.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
MCP Infrastructure Suite
The missing infrastructure layer for Model Context Protocol ecosystems.
flowchart LR
Shared["@oaslananka/shared"]
Forge["@oaslananka/forge"]
Sentinel["@oaslananka/sentinel"]
Atlas["@oaslananka/atlas"]
Composer["@oaslananka/composer"]
Bridge["@oaslananka/bridge"]
Observatory["@oaslananka/observatory"]
Lab["@oaslananka/lab"]
Shared --> Forge
Shared --> Sentinel
Shared --> Atlas
Shared --> Composer
Shared --> Bridge
Shared --> Observatory
Shared --> Lab
Clients["IDE / Agent / SDK clients"] --> Sentinel
Clients --> Composer
Composer --> Backends["Backend MCP servers"]
Sentinel --> Backends
Forge --> Composer
Forge --> Sentinel
Atlas --> Clients
Observatory --> Sentinel
Observatory --> Forge
Lab --> Composer
Why mcp-suite?
Most MCP projects stop at the server boundary. mcp-suite focuses on the harder production layer around it: transport compatibility, trust boundaries, orchestration, discovery, observability, and operator workflows. That makes it useful once you move past a single local demo and start running MCP in teams, CI, or internal platforms.
The suite is built for guarded GitHub-hosted release automation, with every publishable package prepared for public npm publishing under the @oaslananka scope. The monorepo stays strict TypeScript, Turborepo, pnpm, and release-please manifest based.
Compared with one-off MCP utilities, the packages here are designed to compose: shared defines the protocol/runtime baseline, sentinel and composer control traffic, forge orchestrates work, atlas catalogs capability, bridge generates servers, observatory closes the feedback loop, and lab gives contributors a desktop workbench.
Packages
| Package | What it does | Docs |
|---|---|---|
@oaslananka/shared | Shared MCP protocol, transports, auth, retry, telemetry, and testing primitives | Shared docs |
@oaslananka/forge | Pipeline engine for orchestrating MCP tools and external steps | Forge docs |
@oaslananka/sentinel | Zero-trust security proxy with audit, approval, and PII controls | Sentinel docs |
@oaslananka/atlas | Registry API and catalog UI for discovering MCP servers | Atlas docs |
@oaslananka/composer | Aggregation proxy for multiple backend MCP servers | Composer docs |
@oaslananka/bridge | OpenAPI and schema-first MCP server generation | Bridge docs |
@oaslananka/observatory | Metrics, traces, anomaly detection, alerting, and dashboard UI | Observatory docs |
@oaslananka/lab | Electron desktop workbench for connecting to and debugging MCP servers | Lab docs |
MCP Lab Screenshot
Local Playground
The reproducible demo path is a local playground with seeded Atlas and Observatory data:
pnpm install --frozen-lockfile
pnpm build
pnpm run playground:seed
pnpm run playground:atlas
Then start Observatory in another terminal:
pnpm run playground:observatory
Open Atlas at http://localhost:4003, Observatory at http://localhost:4006, and Lab with pnpm --filter @oaslananka/lab dev. Full steps live in the local playground guide.
Quick Start
pnpm install --frozen-lockfile
pnpm build
# Seed and run Atlas
pnpm --filter @oaslananka/atlas exec node dist/cli.js seed --db ./data/atlas.sqlite
pnpm --filter @oaslananka/atlas exec node dist/cli.js serve --db ./data/atlas.sqlite --port 4003
# In another terminal, run Observatory
pnpm --filter @oaslananka/observatory exec node dist/cli.js serve --db ./data/observatory.sqlite --port 4006
Once the services are up:
- Atlas UI: http://localhost:4003
- Atlas health: http://localhost:4003/health
- Observatory UI: http://localhost:4006
- Observatory health: http://localhost:4006/health
Architecture
shared carries the protocol baseline, logger factory, transports, telemetry helpers, and test fixtures used everywhere else. MCP client-facing traffic is typically wrapped by sentinel for policy and audit, then aggregated through composer, or orchestrated from forge. atlas and observatory are HTTP-first operator surfaces, while lab is the developer-facing desktop entry point.
The suite currently defaults to MCP protocol version 2025-11-25 while keeping compatibility helpers for 2025-11-05 handshakes during the 1.0 transition.
Architecture decisions are recorded in the ADR index.
Development
make install
pnpm run format:check
make lint
make typecheck
make test
pnpm run security
make test-coverage
make knip
pnpm run release:dry-run
More setup and workflow guidance lives in docs/development.md, docs/testing.md, docs/security.md, docs/release.md, the generated API reference path in docs/api-reference.md, and the guide docs under docs/guide.
Release Policy
- release-please manifest mode owns version bumps, changelogs, tags, and GitHub releases.
- GitHub Actions builds npm package tarballs, SBOM, checksums, and attestations from clean checkout state.
- Production npm publishing is separate, environment-protected, and publishes only GitHub Release package tarballs.
- Docs-only, internal-only, and CI-only changes do not publish to npm or update registry metadata.
Contributing
Contributions are welcome. Start with CONTRIBUTING.md, use Conventional Commits for user-visible changes, and keep GitHub Actions parity when adding validation steps. For issue triage, support, stale handling, labels, and maintainer response targets, see docs/governance.md.
Roadmap
@oaslananka/gateway: HTTP-first multi-tenant MCP gateway@oaslananka/sdk: cross-language SDK surface starting with Python- Forge visual editor built on React Flow
- Atlas federation across multiple registry instances
- Observatory exports for Grafana and OTel collector pipelines
- Sentinel policy integration with OPA
License
Apache 2.0 — © 2025-2026 oaslananka
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
SENTINEL_DB_PATHSQLite database path used for audit and key storage.
SENTINEL_UPSTREAM_URLHTTP upstream MCP endpoint.
SENTINEL_UPSTREAM_COMMANDstdio upstream MCP launch command.
Categories
Registryactive
Package@oaslananka/sentinel
TransportSTDIO
UpdatedApr 8, 2026
