@pmoses-s1/sentinelone-mcp 1.0.0 → 1.1.0

package/deploy/README.md

@@ -0,0 +1,277 @@
+# Deployment guide
+
+Three supported topologies, in order of complexity.
+
+| Topology | Who runs it | Transport | Auth | Use this when |
+|---|---|---|---|---|
+| **A. Single user, local** | One human | stdio | none | You use Claude Desktop / Claude Code / Claude Cowork on your own Mac or Linux laptop. |
+| **B. Single user, HTTP** | One human | Streamable HTTP, `127.0.0.1` only | none | You want one server you can curl, or have a non-Claude client that speaks Streamable HTTP. |
+| **C. Team, VM-hosted** | Many humans | Streamable HTTP, behind TLS | per-user bearer tokens | You want N team members to share one server with one set of SentinelOne credentials, with per-user audit and revocation. |
+
+## A. Single user, local (stdio)
+
+`curl -fsSL https://raw.githubusercontent.com/pmoses-s1/claude-skills/main/sentinelone-mcp/deploy/install.sh | bash`
+
+That runs `install.sh --user`, which:
+1. Confirms Node 18+ is present (errors out with install hints if not).
+2. Sets up a per-user npm prefix at `~/.npm-global` if one isn't configured.
+3. Installs `@pmoses-s1/sentinelone-mcp` globally for your user.
+4. Writes a credentials skeleton to `~/.config/sentinelone/credentials.json` (mode 0600).
+5. Prints the next steps.
+
+Then edit `~/.config/sentinelone/credentials.json` with your real values:
+
+```json
+{
+  "S1_CONSOLE_URL":       "https://usea1-yourorg.sentinelone.net",
+  "S1_CONSOLE_API_TOKEN": "eyJ...",
+  "S1_HEC_INGEST_URL":    "https://ingest.us1.sentinelone.net",
+  "SDL_XDR_URL":          "https://xdr.us1.sentinelone.net",
+  "SDL_LOG_READ_KEY":     "...",
+  "SDL_LOG_WRITE_KEY":    "...",
+  "SDL_CONFIG_READ_KEY":  "...",
+  "SDL_CONFIG_WRITE_KEY": "..."
+}
+```
+
+Add the server to Claude Desktop (`~/Library/Application Support/Claude/claude_desktop_config.json` on Mac, or `%APPDATA%\Claude\claude_desktop_config.json` on Windows):
+
+```json
+{
+  "mcpServers": {
+    "sentinelone-mcp": {
+      "command": "sentinelone-mcp"
+    }
+  }
+}
+```
+
+Or, equivalently, by package name without the install:
+
+```json
+{
+  "mcpServers": {
+    "sentinelone-mcp": {
+      "command": "npx",
+      "args": ["-y", "@pmoses-s1/sentinelone-mcp@1.1.0"]
+    }
+  }
+}
+```
+
+Restart Claude Desktop. The server picks credentials up from `~/.config/sentinelone/credentials.json` automatically.
+
+## B. Single user, HTTP
+
+Same `install.sh --user`, then start the server in HTTP mode:
+
+```bash
+sentinelone-mcp --transport http
+```
+
+It binds to `127.0.0.1:8765` and runs with no auth (which is fine when the bind address is loopback and you're the only user on the box). Hit it with curl:
+
+```bash
+curl -s http://127.0.0.1:8765/healthz
+# -> ok
+
+curl -s -X POST http://127.0.0.1:8765/mcp \
+  -H 'Content-Type: application/json' \
+  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' | jq '.result.tools | length'
+# -> 26
+```
+
+In Claude Cowork or any MCP client that supports remote HTTP servers, add it:
+
+```json
+{
+  "mcpServers": {
+    "sentinelone-mcp": {
+      "type": "http",
+      "url": "http://127.0.0.1:8765/mcp"
+    }
+  }
+}
+```
+
+## C. Team, VM-hosted (recommended for shared deployments)
+
+This is the topology to use when more than one person should have access to the same SentinelOne tenant through MCP, without distributing the underlying S1 service-user token.
+
+### What you'll end up with
+
+- One Linux VM, reachable on your private network (or via Tailscale, WireGuard, etc.).
+- One `mcp` system user owning `/etc/sentinelone-mcp/`.
+- One `credentials.json` containing the S1 service-user token + SDL keys. Mode 0600, never copied off the box.
+- One `bearer-tokens.json` listing per-user tokens, one per team member: `{"alice": "...", "bob": "...", "claire": "..."}`. Mode 0600. SIGHUP-reloadable.
+- One systemd service running the MCP on `127.0.0.1:8765` with auth enforced.
+- Caddy in front terminating TLS and forwarding to the backend.
+
+Team members connect from their Claude clients with their own bearer token. Audit log identifies them by name. Revocation is one file edit + `systemctl reload`.
+
+### Step-by-step
+
+1. **Provision the VM.** Anything that runs systemd is fine: Ubuntu 22.04 LTS, Debian 12, Rocky/Alma 9, etc.
+
+2. **Install Node 18+.** Pick one:
+   ```bash
+   # Ubuntu / Debian
+   curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
+   sudo apt install -y nodejs
+   ```
+   ```bash
+   # Rocky / Alma
+   curl -fsSL https://rpm.nodesource.com/setup_20.x | sudo bash -
+   sudo dnf install -y nodejs
+   ```
+
+3. **Run the installer in server mode:**
+   ```bash
+   curl -fsSL https://raw.githubusercontent.com/pmoses-s1/claude-skills/main/sentinelone-mcp/deploy/install.sh | sudo bash -s -- --server
+   ```
+   It creates the `mcp` user, drops `/etc/sentinelone-mcp/credentials.json` (placeholder) and `/etc/sentinelone-mcp/bearer-tokens.json` (one freshly-generated admin token, printed once to stdout), installs the systemd unit, and starts the service.
+
+4. **Fill in real SentinelOne credentials:**
+   ```bash
+   sudo vim /etc/sentinelone-mcp/credentials.json
+   sudo systemctl reload sentinelone-mcp
+   curl -s http://127.0.0.1:8765/healthz   # -> ok
+   ```
+
+5. **Put TLS in front with Caddy** (the recommended option):
+   ```bash
+   sudo apt install -y caddy
+   sudo cp /usr/lib/node_modules/@pmoses-s1/sentinelone-mcp/deploy/caddy/Caddyfile.example /etc/caddy/Caddyfile
+   sudo vim /etc/caddy/Caddyfile   # change mcp.s1.internal to your DNS name
+   sudo systemctl reload caddy
+   ```
+   Default Caddyfile uses `tls internal` which signs with Caddy's own CA. Distribute `/var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt` to your team for trust, or use `tls <your-email>` with a publicly resolvable hostname for Let's Encrypt.
+
+6. **Add team members.** Generate a token per person and append to the file:
+   ```bash
+   sudo bash -c 'cat > /etc/sentinelone-mcp/bearer-tokens.json' <<EOF
+   {
+     "admin": "$(openssl rand -hex 32)",
+     "alice": "$(openssl rand -hex 32)",
+     "bob":   "$(openssl rand -hex 32)",
+     "claire":"$(openssl rand -hex 32)"
+   }
+   EOF
+   sudo chmod 600 /etc/sentinelone-mcp/bearer-tokens.json
+   sudo chown mcp:mcp /etc/sentinelone-mcp/bearer-tokens.json
+   sudo systemctl reload sentinelone-mcp   # SIGHUP, no downtime
+   ```
+   Hand each person their token over a secure channel (1Password, Signal, etc.).
+
+7. **Connect from a Claude client.** Each user adds the server to their config with their personal token:
+   ```json
+   {
+     "mcpServers": {
+       "sentinelone-mcp": {
+         "type": "http",
+         "url": "https://mcp.s1.internal/mcp",
+         "headers": {
+           "Authorization": "Bearer <THEIR_PERSONAL_TOKEN>"
+         }
+       }
+     }
+   }
+   ```
+
+8. **Verify end-to-end.** From a team member's machine:
+   ```bash
+   curl -s -X POST https://mcp.s1.internal/mcp \
+     -H "Authorization: Bearer $TOKEN" \
+     -H 'Content-Type: application/json' \
+     -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' | jq '.result.tools | length'
+   # -> 26
+   ```
+
+9. **Watch the audit log.** Every authenticated request is logged with the bearer name, method, and param summary:
+   ```bash
+   sudo journalctl -u sentinelone-mcp -f | grep '\[audit\]'
+   # [audit] 2026-05-28T15:01:22.413Z | alice | tools/call | name=powerquery_run | 200 ok
+   # [audit] 2026-05-28T15:01:34.221Z | bob   | tools/list | -                  | 200 ok
+   ```
+
+## Day-2 operations
+
+### Adding a team member
+
+```bash
+sudo vim /etc/sentinelone-mcp/bearer-tokens.json   # add new {"name": "token"}
+sudo systemctl reload sentinelone-mcp              # SIGHUP, no downtime
+```
+
+### Revoking access
+
+```bash
+sudo vim /etc/sentinelone-mcp/bearer-tokens.json   # remove the entry
+sudo systemctl reload sentinelone-mcp
+```
+
+### Rotating the SentinelOne service-user token
+
+```bash
+sudo vim /etc/sentinelone-mcp/credentials.json     # paste new S1_CONSOLE_API_TOKEN
+sudo systemctl restart sentinelone-mcp             # full restart needed for creds
+```
+
+### Upgrading the MCP server
+
+```bash
+sudo npm install -g @pmoses-s1/sentinelone-mcp@<new-version>
+sudo systemctl restart sentinelone-mcp
+```
+
+### Reading the audit log
+
+The structured audit lines look like:
+
+```
+[audit] 2026-05-28T15:01:22.413Z | alice | tools/call | name=powerquery_run | 200 ok
+[audit] 2026-05-28T16:42:55.108Z | bob   | tools/list | -                  | 200 ok
+[audit] 2026-05-28T17:03:11.221Z | -     | -          | -                  | 401 unauthorized
+```
+
+Quick filters:
+
+```bash
+# everything alice did in the last hour
+sudo journalctl -u sentinelone-mcp --since="1 hour ago" | grep '\[audit\].*| alice |'
+
+# all unauthorized attempts today
+sudo journalctl -u sentinelone-mcp --since=today | grep '\[audit\].*401'
+
+# all tool calls (not just listings)
+sudo journalctl -u sentinelone-mcp -f | grep 'tools/call'
+```
+
+### Health and readiness
+
+`GET /healthz` returns `200 ok` whenever the server is accepting connections. Use it for load balancer probes and for `systemctl-aware` orchestrators:
+
+```bash
+curl -s http://127.0.0.1:8765/healthz   # behind the proxy
+curl -s https://mcp.s1.internal/healthz # in front of the proxy
+```
+
+## Troubleshooting
+
+| Symptom | Likely cause | Fix |
+|---|---|---|
+| `Connection refused` on `127.0.0.1:8765` | Service not running | `sudo systemctl status sentinelone-mcp`; check `journalctl -u sentinelone-mcp -n 50`. |
+| 401 on every request | No bearer token, or wrong one | Confirm `Authorization: Bearer <token>` is set; confirm the token is in `/etc/sentinelone-mcp/bearer-tokens.json`. |
+| `tools/call` returns `Error: connect ECONNREFUSED` to `*.sentinelone.net` | S1 creds missing or VM has no outbound to console | `curl -v https://$YOUR_CONSOLE_URL`; check `/etc/sentinelone-mcp/credentials.json`. |
+| Service starts but `Tools: 0 registered` | Code/import error | `journalctl -u sentinelone-mcp -n 100` for the import stack trace. |
+| `502 Bad Gateway` from Caddy | Backend died between Caddy reload and proxy attempt | `systemctl status sentinelone-mcp`. |
+
+## Alternative deployments
+
+These are supported but not first-class:
+
+- **Docker / docker-compose.** Not shipped in this version. The single-file Node binary doesn't need it. If you want a container, the install is `FROM node:20-alpine` + `RUN npm install -g @pmoses-s1/sentinelone-mcp@1.1.0` + `CMD ["sentinelone-mcp", "--transport", "http", "--host", "0.0.0.0"]`. Mount creds at `/etc/sentinelone-mcp/credentials.json` and tokens at `/etc/sentinelone-mcp/bearer-tokens.json`.
+
+- **External bridge (`supergateway`, `mcp-proxy`).** Pre-1.1.0 deployments used these to wrap the stdio-only server. They still work; this server's native HTTP mode is functionally equivalent and removes the extra process. Prefer native unless you have a specific reason.
+
+- **No-auth HTTP on a non-loopback bind.** Possible (set `--host 0.0.0.0` and omit `MCP_BEARER_TOKENS*`) but the server logs a loud warning at startup. Only use if the network itself is trusted (e.g. a Tailscale-only LAN where every node is authenticated upstream).

package/deploy/caddy/Caddyfile.example

@@ -0,0 +1,99 @@
+# Caddyfile for sentinelone-mcp behind TLS on a private network.
+#
+# Two adjustments before using:
+#   1. Replace mcp.s1.internal with your DNS name (or Tailscale hostname).
+#   2. Decide on a TLS strategy:
+#        tls internal      Caddy's built-in CA (good for private networks;
+#                          distribute the root cert to clients).
+#        tls <email>       Let's Encrypt over HTTP-01 (needs public DNS + port 80).
+#        tls /path/to/cert.pem /path/to/key.pem
+#                          Bring your own cert from an internal PKI.
+#
+# Why Caddy and not nginx? Caddy auto-renews certs, has zero config for SSE
+# streaming (flush_interval handled), and is one binary with no system Python
+# or Lua dependency. Equally valid alternative: nginx with the snippet at the
+# bottom of this file.
+
+mcp.s1.internal {
+    tls internal
+
+    # Strict bearer-token enforcement. The MCP server also enforces tokens
+    # when MCP_BEARER_TOKENS_FILE is set, but checking here too means we never
+    # forward unauthenticated traffic to the backend.
+    #
+    # To bypass Caddy auth (and rely solely on the MCP server's enforcement),
+    # delete the @authorized matcher and the handle blocks below, leaving only
+    # the reverse_proxy.
+    @anyAuth header_regexp Authorization "^Bearer\s+\S+$"
+
+    handle @anyAuth {
+        reverse_proxy 127.0.0.1:8765 {
+            # MCP responses are streamed; flush immediately so partial replies
+            # reach the client without sitting in a buffer.
+            flush_interval -1
+
+            # Reasonable timeouts for long-running PowerQueries (LRQ can take
+            # ~30s on heavy queries). Increase if you see 504s on big queries.
+            transport http {
+                read_timeout 90s
+                write_timeout 90s
+                response_header_timeout 30s
+            }
+        }
+    }
+
+    handle {
+        respond "unauthorized" 401 {
+            close
+        }
+    }
+
+    # Standard security headers.
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains"
+        X-Content-Type-Options "nosniff"
+        Referrer-Policy "no-referrer"
+        -Server
+    }
+
+    # Healthcheck pass-through (no auth needed on /healthz).
+    @health path /healthz /health
+    handle @health {
+        reverse_proxy 127.0.0.1:8765
+    }
+
+    # Access log to journald via systemd-journald, structured JSON.
+    log {
+        output stdout
+        format json
+        level INFO
+    }
+}
+
+# ─── nginx equivalent (commented; copy if you prefer nginx) ──────────────────
+# upstream mcp_backend {
+#     server 127.0.0.1:8765;
+#     keepalive 16;
+# }
+# server {
+#     listen 443 ssl http2;
+#     server_name mcp.s1.internal;
+#     ssl_certificate     /etc/ssl/certs/mcp.s1.internal.crt;
+#     ssl_certificate_key /etc/ssl/private/mcp.s1.internal.key;
+#
+#     location = /healthz {
+#         proxy_pass http://mcp_backend;
+#     }
+#
+#     location / {
+#         if ($http_authorization !~ "^Bearer\s+\S+$") {
+#             return 401;
+#         }
+#         proxy_pass http://mcp_backend;
+#         proxy_http_version 1.1;
+#         proxy_set_header Connection "";
+#         proxy_buffering off;
+#         proxy_read_timeout 90s;
+#         proxy_send_timeout 90s;
+#     }
+# }

package/deploy/install.sh

@@ -0,0 +1,265 @@
+#!/usr/bin/env bash
+#
+# sentinelone-mcp installer for macOS and Linux.
+#
+# Modes:
+#   --user      (default) Install for the current user only.
+#                Writes credentials to ~/.config/sentinelone/credentials.json,
+#                installs the npm package globally via the current Node toolchain.
+#
+#   --server    Linux VM deployment. Creates a system `mcp` user, installs the
+#                npm package globally, writes credentials and bearer tokens to
+#                /etc/sentinelone-mcp/, drops the systemd unit, enables and
+#                starts the service.
+#
+# Idempotent: rerunning is safe; it skips steps already completed.
+#
+# Exit codes: 0 ok, 1 generic failure, 2 unsupported platform, 3 missing prereq.
+
+set -euo pipefail
+
+# ─── helpers ─────────────────────────────────────────────────────────────────
+
+c_red()    { printf '\033[31m%s\033[0m\n' "$*"; }
+c_green()  { printf '\033[32m%s\033[0m\n' "$*"; }
+c_yellow() { printf '\033[33m%s\033[0m\n' "$*"; }
+c_bold()   { printf '\033[1m%s\033[0m\n' "$*"; }
+
+step() { c_bold ">> $*"; }
+ok()   { c_green   "   ok: $*"; }
+warn() { c_yellow  "   warn: $*"; }
+die()  { c_red     "   error: $*"; exit 1; }
+
+PKG="@pmoses-s1/sentinelone-mcp"
+MODE="user"
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --user)   MODE="user"; shift ;;
+    --server) MODE="server"; shift ;;
+    -h|--help)
+      cat <<EOF
+Usage: $0 [--user|--server]
+
+  --user      Install for current user (default).
+              Default install path on macOS: ~/.config/sentinelone/
+              Default install path on Linux: ~/.config/sentinelone/
+
+  --server    Install on a Linux VM as a shared service.
+              System path: /etc/sentinelone-mcp/
+              systemd unit: sentinelone-mcp.service
+              Requires sudo.
+
+EOF
+      exit 0 ;;
+    *) die "Unknown flag: $1 (try --help)" ;;
+  esac
+done
+
+OS="$(uname -s)"
+case "$OS" in
+  Darwin) PLATFORM="mac" ;;
+  Linux)  PLATFORM="linux" ;;
+  *) c_red "Unsupported platform: $OS"; exit 2 ;;
+esac
+
+if [[ "$MODE" == "server" && "$PLATFORM" != "linux" ]]; then
+  die "--server mode is Linux only (got $PLATFORM)"
+fi
+
+# ─── prereqs ─────────────────────────────────────────────────────────────────
+
+step "Checking prerequisites"
+
+if ! command -v node >/dev/null 2>&1; then
+  c_red   "Node.js is required but not found on PATH."
+  c_red   "Install Node 18+:"
+  c_red   "  macOS:  brew install node@20"
+  c_red   "  Linux:  curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && sudo apt install -y nodejs"
+  exit 3
+fi
+NODE_MAJOR="$(node --version | sed 's/^v\([0-9]*\).*/\1/')"
+if [[ "$NODE_MAJOR" -lt 18 ]]; then
+  die "Node $(node --version) is too old. Need Node 18+."
+fi
+ok "node $(node --version)"
+
+if ! command -v npm >/dev/null 2>&1; then
+  die "npm not found alongside node; please install Node 18+ from nodejs.org or your package manager."
+fi
+ok "npm $(npm --version)"
+
+if [[ "$MODE" == "server" ]]; then
+  if [[ "$EUID" -ne 0 ]]; then
+    die "--server mode must be run with sudo (need to create /etc/sentinelone-mcp/, system user, and systemd unit)."
+  fi
+  command -v systemctl >/dev/null 2>&1 || die "systemctl not found; this script targets systemd-based Linux."
+  ok "running as root, systemd present"
+fi
+
+# ─── install package ─────────────────────────────────────────────────────────
+
+step "Installing $PKG globally"
+if [[ "$MODE" == "server" ]]; then
+  npm install -g "$PKG" >/dev/null
+else
+  # Avoid sudo on Mac/personal Linux: use a per-user npm prefix if not already.
+  if ! npm config get prefix --location=user 2>/dev/null | grep -qE '^/'; then
+    npm config set prefix "$HOME/.npm-global"
+    case ":$PATH:" in
+      *":$HOME/.npm-global/bin:"*) ;;
+      *) warn "Add $HOME/.npm-global/bin to your PATH (currently missing)." ;;
+    esac
+  fi
+  npm install -g "$PKG" >/dev/null
+fi
+ok "$(npm ls -g --depth=0 "$PKG" 2>/dev/null | grep "$PKG" | head -1 | sed 's/.*-> //' || echo installed)"
+
+# ─── credentials skeleton ────────────────────────────────────────────────────
+
+if [[ "$MODE" == "server" ]]; then
+  CONF_DIR="/etc/sentinelone-mcp"
+  CRED_PATH="$CONF_DIR/credentials.json"
+  TOKEN_PATH="$CONF_DIR/bearer-tokens.json"
+  ENV_PATH="$CONF_DIR/server.env"
+  OWNER="mcp"
+else
+  CONF_DIR="$HOME/.config/sentinelone"
+  CRED_PATH="$CONF_DIR/credentials.json"
+  TOKEN_PATH=""
+  ENV_PATH=""
+  OWNER="$USER"
+fi
+
+step "Setting up $CONF_DIR"
+mkdir -p "$CONF_DIR"
+if [[ ! -f "$CRED_PATH" ]]; then
+  cat > "$CRED_PATH" <<'EOF'
+{
+  "S1_CONSOLE_URL":       "https://usea1-acme.sentinelone.net",
+  "S1_CONSOLE_API_TOKEN": "REPLACE_WITH_API_TOKEN",
+  "S1_HEC_INGEST_URL":    "https://ingest.us1.sentinelone.net",
+  "SDL_XDR_URL":          "https://xdr.us1.sentinelone.net",
+  "SDL_LOG_READ_KEY":     "",
+  "SDL_LOG_WRITE_KEY":    "",
+  "SDL_CONFIG_READ_KEY":  "",
+  "SDL_CONFIG_WRITE_KEY": ""
+}
+EOF
+  chmod 600 "$CRED_PATH"
+  ok "wrote $CRED_PATH (placeholder, edit before starting)"
+else
+  ok "$CRED_PATH already exists, leaving untouched"
+fi
+
+if [[ "$MODE" == "server" ]]; then
+  if ! id "$OWNER" >/dev/null 2>&1; then
+    step "Creating system user '$OWNER'"
+    useradd --system --no-create-home --shell /usr/sbin/nologin "$OWNER"
+    ok "created"
+  else
+    ok "user '$OWNER' already exists"
+  fi
+  chown -R "$OWNER":"$OWNER" "$CONF_DIR"
+  chmod 600 "$CRED_PATH"
+
+  if [[ ! -f "$TOKEN_PATH" ]]; then
+    step "Generating initial bearer token"
+    if command -v openssl >/dev/null 2>&1; then
+      TOKEN_ADMIN="$(openssl rand -hex 32)"
+    else
+      TOKEN_ADMIN="$(node -e 'console.log(require("crypto").randomBytes(32).toString("hex"))')"
+    fi
+    cat > "$TOKEN_PATH" <<EOF
+{
+  "admin": "$TOKEN_ADMIN"
+}
+EOF
+    chmod 600 "$TOKEN_PATH"
+    chown "$OWNER":"$OWNER" "$TOKEN_PATH"
+    ok "wrote $TOKEN_PATH (one initial admin token)"
+    c_yellow "   INITIAL ADMIN BEARER TOKEN:"
+    c_yellow "   $TOKEN_ADMIN"
+    c_yellow "   Save this value now; it is also stored in $TOKEN_PATH."
+  else
+    ok "$TOKEN_PATH already exists"
+  fi
+
+  if [[ ! -f "$ENV_PATH" ]]; then
+    cat > "$ENV_PATH" <<EOF
+# Environment file for sentinelone-mcp.service.
+# Adjust LOG_LEVEL or override anything here; reload with: systemctl reload sentinelone-mcp
+EOF
+    chmod 600 "$ENV_PATH"
+    chown "$OWNER":"$OWNER" "$ENV_PATH"
+    ok "wrote $ENV_PATH"
+  else
+    ok "$ENV_PATH already exists"
+  fi
+
+  step "Installing systemd unit"
+  SVC_PATH="/etc/systemd/system/sentinelone-mcp.service"
+  GLOBAL_NODE_MODULES="$(npm root -g)"
+  SCRIPT_DIR="$GLOBAL_NODE_MODULES/$PKG"
+  # Rewrite the ExecStart path to point at the resolved global install,
+  # since the bundled unit uses %h which assumes per-user install.
+  sed "s|%h/.npm-global/lib/node_modules/@pmoses-s1/sentinelone-mcp|$SCRIPT_DIR|g" \
+    "$SCRIPT_DIR/deploy/systemd/sentinelone-mcp.service" > "$SVC_PATH"
+  systemctl daemon-reload
+  systemctl enable sentinelone-mcp >/dev/null 2>&1
+  ok "wrote $SVC_PATH and enabled the service"
+
+  step "Starting the service"
+  if systemctl is-active sentinelone-mcp >/dev/null 2>&1; then
+    systemctl restart sentinelone-mcp
+    ok "restarted"
+  else
+    systemctl start sentinelone-mcp
+    ok "started"
+  fi
+  sleep 1
+  if systemctl is-active --quiet sentinelone-mcp; then
+    ok "service is active"
+  else
+    c_red "service failed to start. Recent log lines:"
+    journalctl -u sentinelone-mcp -n 30 --no-pager | sed 's/^/   /'
+    exit 1
+  fi
+fi
+
+# ─── final notes ─────────────────────────────────────────────────────────────
+
+step "Next steps"
+if [[ "$MODE" == "user" ]]; then
+  cat <<EOF
+
+   1. Edit $CRED_PATH with your real SentinelOne values.
+   2. Try the server:
+        sentinelone-mcp --version
+        sentinelone-mcp --help
+   3. Wire it into Claude Cowork / Claude Desktop / Claude Code via stdio
+      (no HTTP needed for single-user local). See deploy/README.md for the
+      exact config block.
+
+EOF
+elif [[ "$MODE" == "server" ]]; then
+  cat <<EOF
+
+   1. Edit $CRED_PATH with your real SentinelOne values, then reload:
+        sudo systemctl reload sentinelone-mcp
+   2. Verify the server is up:
+        curl -s http://127.0.0.1:8765/healthz
+   3. Put TLS in front (Caddy template at $SCRIPT_DIR/deploy/caddy/Caddyfile.example).
+   4. Add team members by editing $TOKEN_PATH and reloading:
+        echo '{"admin":"...", "alice":"...", "bob":"..."}' > $TOKEN_PATH
+        sudo systemctl reload sentinelone-mcp
+      (Reload sends SIGHUP; no connection drops.)
+   5. Tail the audit log:
+        sudo journalctl -u sentinelone-mcp -f | grep '\[audit\]'
+
+   See deploy/README.md for the full Linux VM walkthrough.
+
+EOF
+fi
+
+c_green "Done."