{"key":"mcp_homelab_access_server_prompt","title":"MCP Homelab Access Server — Codex Build Prompt","content":"## Purpose\n\nBuild a local MCP server for Claude Desktop on Windows that gives Claude full operational access to the entire homelab — all Linux VMs via SSH and the local Windows machine directly.\n\n## Architecture Decision\n\nRuns locally on Binkie-Desktop (Windows) as a stdio MCP server registered with Claude Desktop. Local execution eliminates network exposure. All Linux VM access goes via SSH using local Windows keys. Windows file and command access is direct.\n\n## Codex Prompt\n\nBuild a local MCP server for Claude Desktop on Windows that gives Claude full operational access to the homelab. The server runs as a local process on Binkie-Desktop and is registered with Claude Desktop as a local stdio MCP server.\n\n### Capabilities Required\n\n1. **SSH command execution** — Execute arbitrary commands on any homelab Linux VM via SSH. Use the local Windows SSH key at `C:\\Users\\Jason\\.ssh\\id_ed25519_homelab` with user `svc-admin` for all Linux hosts except `svc-auto` which uses `ansible`. Commands should run non-interactively with a configurable timeout. Return stdout, stderr, and exit code.\n\n2. **Windows local command execution** — Execute PowerShell and CMD commands locally on Binkie-Desktop. Return stdout, stderr, and exit code.\n\n3. **File read** — Read any file on any Linux VM via SSH/SFTP, or any local Windows path directly. Must support both text and binary files. Binary files should be returned base64-encoded with a flag indicating binary content.\n\n4. **File write/create** — Write, create, or overwrite any file on any Linux VM via SSH/SFTP, or any local Windows path directly. Must support both text and binary content. Accept base64-encoded content for binary files.\n\n5. **Directory listing** — List directory contents on any Linux VM or local Windows path.\n\n### Host Inventory\n\nHardcode the following host map into the server config:\n\n```\npve-01:       192.168.4.53  / svc-admin\npve-02:       192.168.4.54  / svc-admin\nsvc-sec:      192.168.4.110 / svc-admin\nsvc-data-lab: 192.168.4.111 / svc-admin\nsvc-minecraft:192.168.4.112 / svc-admin\nsvc-db-01:    192.168.4.113 / svc-admin\nsvc-apps:     192.168.4.114 / svc-admin\nsvc-dns-01:   192.168.4.115 / svc-admin\nsvc-monitor:  192.168.4.116 / svc-admin\nsvc-ai:       192.168.4.117 / svc-admin\nlinuxlab:     192.168.4.118 / svc-admin\nsvc-nas:      192.168.4.119 / svc-admin\nsvc-auto:     192.168.4.120 / ansible\nsvc-mgmt:     192.168.4.121 / svc-admin\nsvc-dev:      192.168.4.123 / svc-admin\nwindows-local: Binkie-Desktop (local execution, no SSH)\n```\n\n### MCP Tools To Expose\n\n- `ssh_exec(host, command, timeout_seconds)` — run command on named Linux host\n- `ssh_read_file(host, path)` — read file from Linux host, returns text or base64 binary\n- `ssh_write_file(host, path, content, is_binary)` — write/create file on Linux host\n- `ssh_list_dir(host, path)` — list directory on Linux host\n- `local_exec(command, shell)` — run PowerShell or CMD locally, shell defaults to powershell\n- `local_read_file(path)` — read local Windows file, returns text or base64 binary\n- `local_write_file(path, content, is_binary)` — write/create local Windows file\n- `local_list_dir(path)` — list local Windows directory\n\n### Technical Requirements\n\n- Written in Python or Node.js, whichever produces a cleaner implementation\n- Uses the official MCP SDK\n- SSH via Paramiko (Python) or ssh2 (Node)\n- Private key path configurable via environment variable, defaulting to `C:\\Users\\Jason\\.ssh\\id_ed25519_homelab`\n- StrictHostKeyChecking disabled for LAN hosts\n- Binary file detection automatic based on content/extension\n- Registered in Claude Desktop config as a local stdio server\n- No authentication layer — trusted local process\n- Provide installation instructions and the exact Claude Desktop config entry needed to register it\n\n## Notes\n\n- The Brain MCP server runs remotely over HTTP — proof that remote MCP works — but for unrestricted shell access to 15 VMs, local stdio is safer\n- All Linux VMs accessible as mapped SMB drives on Windows too — file access has two paths\n- Keep bound to localhost/LAN only, never expose externally\n- On demand usage model — no need for persistent service given Claude usage limits\n\n## Status\n\nNOT YET BUILT — prompt ready to hand to Codex when ready.\n","summary":"## Purpose\n\nBuild a local MCP server for Claude Desktop on Windows that gives Claude full operational access to the entire homelab — all Linux VMs via SSH and the local Windows machine directly.\n\n## Architecture Decision\n\nRuns locally on Binkie-Desktop (Windows) as a stdio MCP server registered with Claude Desktop. Local execution eliminates network exposure. All Linux VM access goes via SSH using local Windows keys. Windows file and command access is direct.\n\n## Codex Prompt\n\nBuild a local MCP server for Claude Desktop on Windows that gives Claude full operational access to the homelab. The server runs as a local process on Binkie-Desktop and is registered with Claude Desktop as a local stdio MCP server.\n\n### Capabilities Required\n\n1. **SSH command execution** — Execute arbitrary commands on any homelab Linux VM via SSH. Use the local Windows SSH key at `C:\\Users\\Jason\\.ssh\\id_ed25519_homelab` with user `svc-admin` for all Linux hosts except `svc-auto` which uses `ansible`. Commands should run non-interactively with a configurable timeout. Return stdout, stderr, and exit code.\n\n2. **Windows local command execution** — Execute PowerShell and CMD commands locally on Binkie-Desktop. Return stdout, stderr, and exit code.\n\n3. **File read** — Read any file on any Linux VM via SSH/SFTP, or any local Windows path directly. Must support both text and binary files. Binary files should be returned base64-encoded with a flag indicating binary content.\n\n4. **File write/create** — Write, create, or overwrite any file on any Linux VM via SSH/SFTP, or any local Windows path directly. Must support both text and binary content. Accept base64-encoded content for binary files.\n\n5. **Directory listing** — List directory contents on any Linux VM or local Windows path.\n\n### Host Inventory\n\nHardcode the following host map into the server config:\n\n```\npve-01:       192.168.4.53  / svc-admin\npve-02:       192.168.4.54  / svc-admin\nsvc-sec:      192.168.4.110 / svc-admin\nsvc-data-lab: 192.168.4.111 / svc-admin\nsvc-minecraft:192.168.4.112 / svc-admin\nsvc-db-01:    192.168.4.113 / svc-admin\nsvc-apps:     192.168.4.114 / svc-admin\nsvc-dns-01:   192.168.4.115 / svc-admin\nsvc-monitor:  192.168.4.116 / svc-admin\nsvc-ai:       192.168.4.117 / svc-admin\nlinuxlab:     192.168.4.118 / svc-admin\nsvc-nas:      192.168.4.119 / svc-admin\nsvc-auto:     192.168.4.120 / ansible\nsvc-mgmt:     192.168.4.121 / svc-admin\nsvc-dev:      192.168.4.123 / svc-admin\nwindows-local: Binkie-Desktop (local execution, no SSH)\n```\n\n### MCP Tools To Expose\n\n- `ssh_exec(host, command, timeout_seconds)` — run command on named Linux host\n- `ssh_read_file(host, path)` — read file from Linux host, returns text or base64 binary\n- `ssh_write_file(host, path, content, is_binary)` — write/create file on Linux host\n- `ssh_list_dir(host, path)` — list directory on Linux host\n- `local_exec(command, shell)` — run PowerShell or CMD locally, shell defaults to powershell\n- `local_read_file(path)` — read local Windows file, returns text or base64 binary\n- `local_write_file(path, content, is_binary)` — write/create local Windows file\n- `local_list_dir(path)` — list local Windows directory\n\n### Technical Requirements\n\n- Written in Python or Node.js, whichever produces a cleaner implementation\n- Uses the official MCP SDK\n- SSH via Paramiko (Python) or ssh2 (Node)\n- Private key path configurable via environment variable, defaulting to `C:\\Users\\Jason\\.ssh\\id_ed25519_homelab`\n- StrictHostKeyChecking disabled for LAN hosts\n- Binary file detection automatic based on content/extension\n- Registered in Claude Desktop config as a local stdio server\n- No authentication layer — trusted local process\n- Provide installation instructions and the exact Claude Desktop config entry needed to register it\n\n## Notes\n\n- The Brain MCP server runs remotely over HTTP — proof that remote MCP works — but for unrestricted shell access to 15 VMs, local stdio is safer\n- All Linux VMs accessible as mapped SMB drives on Windows too — file access has two paths\n- Keep bound to localhost/LAN only, never expose externally\n- On demand usage model — no need for persistent service given Claude usage limits\n\n## Status\n\nNOT YET BUILT — prompt ready to hand to Codex when ready.\n","status":"active","namespace":"projects","namespace_name":"projects","namespace_tier":"shared","tags":[]}