v1.0.0 — Release

MXE Command Center

Orchestrate remote servers with cryptographic authority. Ed25519-signed command execution, real-time telemetry, and AI-powered triage — from a single desktop pane.

Download How It Works

Features

Security-first remote orchestration, built for operators who don't compromise.

🔒

Ed25519 Signed Commands

Every command sent to a Satellite is cryptographically signed. The edge worker verifies the signature before executing — no trust assumptions, no MITM risk.

🛰️

Rust Satellites

Memory-safe edge workers with 28-pattern command blocklists, 15s execution timeouts, WebSocket rate limiting, and OOM-proof frame size caps.

🧠

AI Triage

Critical log entries are intercepted and evaluated by an LLM for automated remediation. Secrets are scrubbed before reaching the model.

📡

Real-Time Telemetry

Live CPU and memory stats streamed every 5 seconds from every connected Satellite via authenticated WebSocket portals.

🚀

One-Click Deploy

SSH bootstrapper builds the Satellite, uploads via SCP, launches with nohup, and captures the pairing code — all from the GUI.

🔄

OTA Satellite Updates

Push binary updates to remote Satellites over the authenticated Portal channel. No manual SSH required after initial deployment.

Architecture

Three components cooperate to provide secure, resilient remote orchestration.

System Topology

graph TB subgraph Hub["Hub (Electron Desktop)"] Renderer["React Renderer
Dashboard, Logs, Triage"] Main["Main Process
Encrypted Store, API Keys"] Renderer -- "contextBridge IPC" --> Main end subgraph VPS1["VPS 1"] Sat1["Satellite (Rust)
Port 9077"] Commander["Commander
(Claude CLI)"] end subgraph VPS2["VPS 2"] Sat2["Satellite (Rust)
Port 9077"] end Main -- "WSS Portal
Ed25519 Signed JSON-RPC" --> Sat1 Main -- "WSS Portal
Ed25519 Signed JSON-RPC" --> Sat2 Commander -. "orchestrates" .-> Sat1 Sat1 -- "Stats + Logs" --> Main Sat2 -- "Stats + Logs" --> Main

Ed25519 Pairing Handshake

sequenceDiagram participant Hub as Hub (Electron) participant Sat as Satellite (Rust) Note over Sat: Generates Ed25519 keypair
Generates 6-digit pairing code
Generates auth token Hub->>Sat: WebSocket connect (ws://host:9077) Hub->>Sat: mxe.pair { pairingCode, hubPublicKey } alt Invalid Code Sat-->>Hub: error: "Invalid pairing code" else Valid Code Note over Sat: Stores Hub public key
Signs proof with NaCl crypto_sign Sat-->>Hub: result: { satellitePublicKey, authToken, signature } Note over Hub: Verifies NaCl combined signature
Stores satellite key + token
Portal is PAIRED loop Every 5 seconds Sat-->>Hub: mxe.stats { cpu, memoryUsed, status } end loop Every 30 seconds Hub->>Sat: mxe.ping Sat-->>Hub: mxe.pong end Hub->>Sat: signed { payload: base64(sig + JSON), publicKey } Note over Sat: Verify sender == registered Hub
NaCl crypto_sign_open
Blocklist check
Execute with 15s timeout Sat-->>Hub: mxe.execute_result { output, exit_code } end

How It Works

From install to full orchestration in under five minutes.

1

Install the Hub

Download the MXE desktop app for your platform. It's an Electron application with a hardened security model: nodeIntegration: false, contextIsolation: true, strict CSP, and all API keys encrypted in the main process. The renderer never touches Node.js directly.

2

Point to Your VPS

Click "Slide Satellite" in the dashboard. Enter your VPS hostname, SSH user, and key path. MXE compiles the Rust Satellite binary (if needed), uploads it via SCP, and launches it with nohup. A 6-digit pairing code is printed to the remote terminal.

3

Automatic Pairing

The Hub connects over WebSocket and sends the pairing code along with its Ed25519 public key. The Satellite verifies the code, stores the Hub's key, and returns its own public key plus an auth token — all signed with NaCl crypto_sign. The Hub verifies the signature. Trust is now mutual and cryptographic.

4

Live Telemetry & Command Execution

Once paired, the Satellite streams CPU and memory stats every 5 seconds. The Hub can dispatch bash commands — each one is Ed25519-signed before transmission. The Satellite verifies the signature, checks against a 28-pattern blocklist, and executes with a 15-second timeout. Results stream back in real-time.

5

AI-Powered Triage

Critical log entries are automatically intercepted by the Hub's triage engine. The log message is scrubbed of secrets (API keys, tokens, private keys), then sent to an LLM for analysis. The model returns a JSON verdict: human intervention required or auto-fixable, plus a safe bash command. One click to execute the fix.

6

Resilient by Design

If the connection drops, the Hub reconnects with exponential backoff (1s, 2s, 4s... up to 30s cap). A 30-second Ping/Pong heartbeat detects half-open connections. Satellites run under systemd with privilege dropping, memory limits, and crash telemetry. OTA updates push new binaries without manual SSH access.

Downloads

Private beta builds. Auto-updater checks this server on every launch.

MXE Hub (Windows)

Electron desktop app — .exe installer

Download .exe

MXE Hub (Linux)

Electron desktop app — AppImage

Download AppImage

Satellite Binary (Linux x64)

Rust edge worker for remote VPS deployment

Download Binary

latest.yml (auto-updater manifest)