Summary
A multi-tenant HTTP wrapper around SentinelOne's purple-mcp server that lets a single container serve multiple organizations by accepting credentials as request headers instead of environment variables. Built for the Wyre MCP gateway, it lazily spawns isolated purple-mcp child processes per tenant pair of API token and base URL, proxies requests through, and evicts idle tenants after 15 minutes. If you're running a gateway that needs to fan out SentinelOne MCP calls across different customer accounts without spinning up dedicated containers for each, this handles the plumbing. Expects x-purplemcp-token and x-purplemcp-base-url headers on every request and exposes the standard purple-mcp capabilities for threat hunting and endpoint management.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
sentinelone-mcp
Multitenant Streamable HTTP wrapper for sentinel-one/purple-mcp, built so the wyre-technology MCP gateway can forward per-tenant SentinelOne credentials as HTTP headers.
Why
purple-mcp is a great first-party MCP server, but it reads its SentinelOne console token + URL from environment variables at process startup, which makes it single-tenant per container. Our gateway is multi-tenant: every request carries the calling org's credentials as HTTP headers, and the vendor container has to translate those headers into something the upstream understands.
This image bundles purple-mcp plus a small Node/Fastify proxy. The proxy:
- Listens on
:8080withPOST /mcpandGET /health. - Reads
x-purplemcp-tokenandx-purplemcp-base-urlfrom each incoming request. - Lazily spawns one
purple-mcp --mode streamable-httpchild per(token, base-url)tenant on a private loopback port, with the right env vars set. - Proxies the request body to that child and streams the response back.
- Evicts idle children after 60 minutes (
IDLE_EVICT_MS).
The result is a single container that the gateway can talk to like any other vendor MCP server.
Configuration
| Env var | Default | Notes |
|---|---|---|
PORT | 8080 | Public listen port. |
PURPLE_MCP_DIR | /opt/purple-mcp | Where purple-mcp source + venv live. |
PURPLE_MCP_PYTHON | /opt/purple-mcp/.venv/bin/python | Python interpreter from the upstream venv. |
IDLE_EVICT_MS | 3600000 | Idle tenant timeout (60 min). Longer keeps children warm and avoids repeated cold starts. |
SPAWN_READY_TIMEOUT_MS | 30000 | How long to wait for a child to start serving HTTP. |
LOG_LEVEL | info | Fastify log level. |
Request headers
The gateway must forward these headers on every /mcp request:
| Header | SentinelOne credential |
|---|---|
x-purplemcp-token | PURPLEMCP_CONSOLE_TOKEN (Account- or Site-level service user token) |
x-purplemcp-base-url | PURPLEMCP_CONSOLE_BASE_URL (e.g. https://yourtenant.sentinelone.net) |
Build
docker build -t ghcr.io/wyre-technology/sentinelone-mcp:latest .
License
Apache-2.0. The bundled purple-mcp is MIT-licensed by SentinelOne.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
PORTdefault: 8080Public listen port for the proxy (POST /mcp, GET /health)
IDLE_EVICT_MSdefault: 900000Idle tenant timeout before a purple-mcp child is evicted (ms)
SPAWN_READY_TIMEOUT_MSdefault: 30000How long to wait for a spawned child to start serving HTTP (ms)
LOG_LEVELdefault: infoFastify log level: debug, info, warn, error
Registryactive
Packageghcr.io/wyre-technology/sentinelone-mcp:v1.0.0
TransportSTDIO
UpdatedJun 2, 2026