MAHORAGA-Next SENTINEL

Desktop and Android control app for operating a deployed MAHORAGA-Next Worker.

What Sentinel Does

Sentinel is the operational control panel for a remote MAHORAGA-Next agent. It connects to your Worker using MAHORAGA_API_TOKEN, then lets you monitor account state, positions, signals, logs, runtime config, source credentials, and trade-review exports.

Windows desktop app built with Electron
Android shell built with Capacitor
Browser dashboard for local or hosted use
GitHub Release based update checks for packaged Sentinel apps

Install

Platform	Artifact	Notes
Windows	`MAHORAGA-Next.SENTINEL-*-x64-setup.exe`	Recommended. Used by the in-app updater.
Windows portable	`MAHORAGA-Next.SENTINEL-*-x64-portable.exe`	Manual launch, not the primary updater target.
Android	`MAHORAGA-Next.SENTINEL-*-android.apk`	Published only when Android signing secrets are configured.

Current release: Sentinel v1.0.0.

First Connection

Deploy the Worker with Alpaca, LLM, D1, KV, R2, and authentication secrets configured.
Open Sentinel.
Enter the public Worker URL, for example https://mahoraga-next.example.workers.dev.
Enter the same token stored in MAHORAGA_API_TOKEN.
Open Settings to configure source credentials and risk parameters.

Runtime Configuration

Sentinel writes runtime config through /agent/config. This is the preferred place to manage settings that change during operation.

Trading limits: max positions, max position value, risk per trade, entry gates
Crypto trading: enabled flag, symbols, max crypto position value, take-profit and stop-loss
LLM routing: provider, research model, analyst model, OpenAI-compatible base URL
Source credentials: Twitter/X cookie accounts, Reddit cookie accounts, Reddit user-agent, Alpha Vantage API key
Notifications: Discord webhook test and daily report options

Source Credential Tests

Twitter/X and Reddit support multiple cookie accounts. Sentinel rotates accounts during gatherer execution and includes connection tests in Settings.

Cookie-based access is best treated as operationally fragile. Use multiple accounts, keep cookies fresh, and watch source logs in trade-review exports.

Updates

Packaged apps check GitHub Releases for non-draft, non-prerelease tags named sentinel-vX.Y.Z.

Windows selects the setup executable.
Android selects the APK.
The app compares the release tag version with the installed app version.
If a newer version is found, Sentinel downloads the artifact and opens the platform installer.

Android updates require the new APK to be signed with the same signing key as the installed app.

Release Workflow

The GitHub Actions workflow runs when a sentinel-v* tag is pushed. It verifies dashboard/package.json, builds Windows artifacts, optionally builds Android APK, generates a changelog, and publishes the release.

cd dashboard
npm version 1.0.1 --no-git-tag-version
cd ..
git add dashboard/package.json dashboard/package-lock.json dashboard/android/app/build.gradle
git commit -m "Bump Sentinel to 1.0.1"
git tag sentinel-v1.0.1
git push origin main sentinel-v1.0.1

Android Signing Secrets

Set these GitHub Secrets to publish updateable Android APKs:

Secret	Description
`SENTINEL_ANDROID_KEYSTORE_BASE64`	Base64-encoded release keystore file
`SENTINEL_ANDROID_KEYSTORE_PASSWORD`	Keystore password
`SENTINEL_ANDROID_KEY_ALIAS`	Release key alias
`SENTINEL_ANDROID_KEY_PASSWORD`	Release key password

base64 -w 0 sentinel-release.jks

Local Android Build

cd dashboard
npm install --no-save @capacitor/core@^7 @capacitor/cli@^7 @capacitor/android@^7
npm run android:sync
cd android
./gradlew assembleDebug