Protocol Phoenix: Auto-Login & Recovery

Protocol Phoenix eliminates the need for Remote Desktop access to your Execution Node. Inject MT5 credentials securely from your browser, and let Sentinel handle automatic recovery when your node restarts.

The Problem Phoenix Solves

Traditional workflow:

Execution Node restarts (Windows Update, crash, power loss)
MT5 opens but is not logged in
You must RDP into the node, manually enter credentials
Trading is halted until you act — potentially hours of downtime

🐉 The Phoenix Way

With Protocol Phoenix, Sentinel automatically logs into MT5 when the node restarts. Zero human intervention. Zero downtime. Your Algorithm rises from the ashes — every time.

How It Works

End-to-End Encryption

Your MT5 credentials never exist in plaintext on any server:

Browser: You enter credentials in the Dashboard
Client-side encryption: AES-256-GCM encrypts credentials using your license key as the passphrase
Cloud storage: Only the encrypted blob is stored (the server cannot decrypt it)
Sentinel: Downloads the encrypted blob and decrypts locally using the license key

Browser → AES-256-GCM(credentials, license_key) → Encrypted Blob → Cloud
Sentinel → Download Blob → AES-256-GCM⁻¹(blob, license_key) → Credentials

ℹ️ Zero-Knowledge

The cloud infrastructure stores only encrypted data. Even database administrators cannot read your MT5 password. Decryption only happens on your Execution Node.

Setup Guide

Step 1: Inject Credentials via Dashboard

Navigate to Terminal Uplink

Go to Dashboard → Terminal. Locate the Terminal Uplink widget.

Enter MT5 Credentials

Fill in the required fields:

MT5 Login ID — Your broker account number
MT5 Password — Investor or Master password
Broker Server — Select from the dropdown or enter manually

Encrypt & Store

Click "Inject Credentials". The browser encrypts everything locally before sending to the cloud. You'll see a confirmation:

✅ Credentials encrypted and stored
🔐 Encryption: AES-256-GCM | PBKDF2-SHA256 (100K iterations)

Step 2: Enable Phoenix on Sentinel

Sentinel automatically detects injected credentials on startup. Ensure Sentinel is running with cloud mode enabled:

python sentinel_lite.py \
  --mt5 "C:\Program Files\MetaTrader 5\terminal64.exe" \
  --supabase-url "https://your-project.supabase.co" \
  --supabase-key "YOUR_SERVICE_KEY" \
  --license-key "AD-XXXX-XXXX-XXXX"

💡 Sentinel Lite vs Pro

Both Sentinel Lite and Sentinel Pro support Protocol Phoenix. The difference is that Pro includes additional features like advanced risk monitoring and automated trade management.

Recovery Scenarios

| Scenario | Phoenix Response | |----------|-----------------| | Windows restart | Sentinel detects MT5 not logged in → injects credentials → MT5 reconnects | | MT5 crash | Sentinel restarts MT5 → Phoenix auto-login activates | | Network dropout | MT5 reconnects automatically (MT5's built-in feature) | | Broker server change | Update credentials via Dashboard → Sentinel picks up next cycle |

Security Considerations

⚠️ Credential Update

If you change your MT5 password at the broker, you must update the credentials in the Dashboard. Sentinel will fail to log in with outdated credentials and will alert you via Telegram.

Encryption standard: AES-256-GCM with PBKDF2-SHA256 key derivation (100,000 iterations)
Key material: Your license key serves as the passphrase — never transmitted separately
At rest: Encrypted blob stored in Supabase with row-level security
In transit: HTTPS/TLS 1.3 for all cloud communication
Rotation: Update credentials anytime via Dashboard — old blob is overwritten

Troubleshooting

| Issue | Solution | |-------|----------| | "Credentials not found" | Verify you've injected via Dashboard Terminal Uplink | | "Decryption failed" | License key mismatch — ensure Sentinel uses the same key | | "MT5 login rejected" | Password changed at broker — update via Dashboard | | "Phoenix not activating" | Ensure Sentinel runs with --supabase-url and --license-key |