@calltelemetry/cucm-mcp 0.1.0

package/README.md

@@ -0,0 +1,76 @@
+# CUCM MCP
+
+MCP (Model Context Protocol) server for CUCM tooling.
+
+Included capabilities:
+
+- Query + download trace/log files via CUCM DIME Log Collection SOAP services
+- Query/download Syslog via DIME SystemLogs selections
+- Start/stop packet captures via CUCM CLI over SSH, then download the resulting `.cap` via DIME
+
+## Configuration
+
+Credentials are read from tool args or environment variables.
+
+### DIME (HTTPS)
+
+- `CUCM_DIME_USERNAME`
+- `CUCM_DIME_PASSWORD`
+- `CUCM_DIME_PORT` (default `8443`)
+
+### SSH (CLI)
+
+- `CUCM_SSH_USERNAME` (often `administrator`)
+- `CUCM_SSH_PASSWORD`
+- `CUCM_SSH_PORT` (default `22`)
+
+### TLS
+
+CUCM lab environments often use self-signed certificates. By default this server sets `NODE_TLS_REJECT_UNAUTHORIZED=0` unless you opt into strict verification:
+
+- `CUCM_MCP_TLS_MODE=strict` (or `MCP_TLS_MODE=strict`)
+
+## Run
+
+```bash
+yarn install
+yarn start
+```
+
+## MCP Config
+
+Add to `.mcp.json`:
+
+```json
+{
+  "mcpServers": {
+    "cucm": {
+      "type": "stdio",
+      "command": "yarn",
+      "args": ["--cwd", "cucm-mcp", "start"],
+      "env": {
+        "CUCM_DIME_USERNAME": "<user>",
+        "CUCM_DIME_PASSWORD": "<pass>",
+        "CUCM_SSH_USERNAME": "administrator",
+        "CUCM_SSH_PASSWORD": "<pass>",
+        "CUCM_MCP_TLS_MODE": "permissive"
+      }
+    }
+  }
+}
+```
+
+## Testing
+
+```bash
+yarn test
+```
+
+Live tests are opt-in via env vars; see `test/live.test.js`.
+
+## Useful Tools
+
+- `select_logs_minutes` - list recent ServiceLogs/SystemLogs files
+- `select_syslog_minutes` - list recent system log files (defaults to `Syslog`)
+- `packet_capture_start` / `packet_capture_stop` - control captures via SSH
+- `packet_capture_stop_and_download` - stop capture + download `.cap` via DIME

package/dist/dime.js

@@ -0,0 +1,220 @@
+import { XMLParser } from "fast-xml-parser";
+import { extractBoundary, parseMultipartRelated } from "./multipart.js";
+import { formatCucmDateTime, guessTimezoneString } from "./time.js";
+import { mkdirSync, writeFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+const parser = new XMLParser({
+    ignoreAttributes: false,
+    attributeNamePrefix: "@",
+    removeNSPrefix: true,
+    trimValues: true,
+});
+export function normalizeHost(hostOrUrl) {
+    const s = String(hostOrUrl || "").trim();
+    if (!s)
+        throw new Error("host is required");
+    if (s.includes("://")) {
+        const u = new URL(s);
+        return u.hostname;
+    }
+    return s.replace(/^https?:\/\//, "").replace(/\/+$/, "").split("/")[0];
+}
+export function resolveAuth(auth) {
+    const username = auth?.username || process.env.CUCM_DIME_USERNAME || process.env.CUCM_USERNAME;
+    const password = auth?.password || process.env.CUCM_DIME_PASSWORD || process.env.CUCM_PASSWORD;
+    if (!username || !password) {
+        throw new Error("Missing DIME credentials (provide auth or set CUCM_DIME_USERNAME/CUCM_DIME_PASSWORD)");
+    }
+    return { username, password };
+}
+export function resolveTarget(hostOrUrl, port) {
+    const host = normalizeHost(hostOrUrl);
+    const envPort = process.env.CUCM_DIME_PORT ? Number.parseInt(process.env.CUCM_DIME_PORT, 10) : undefined;
+    const resolvedPort = port ?? envPort ?? 8443;
+    return { host, port: resolvedPort };
+}
+function basicAuthHeader(username, password) {
+    return `Basic ${Buffer.from(`${username}:${password}`, "utf8").toString("base64")}`;
+}
+function escapeXml(s) {
+    return s
+        .replaceAll("&", "&")
+        .replaceAll("<", "&lt;")
+        .replaceAll(">", "&gt;")
+        .replaceAll('"', "&quot;")
+        .replaceAll("'", "&apos;");
+}
+function soapEnvelopeList() {
+    return ('<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="http://schemas.cisco.com/ast/soap">' +
+        "<soapenv:Header/>" +
+        "<soapenv:Body>" +
+        "<soap:listNodeServiceLogs>" +
+        "<soap:ListRequest></soap:ListRequest>" +
+        "</soap:listNodeServiceLogs>" +
+        "</soapenv:Body>" +
+        "</soapenv:Envelope>");
+}
+function soapItems(tag, values) {
+    const vals = (values || []).filter((v) => String(v || "").trim() !== "");
+    if (vals.length === 0)
+        return `<soap:${tag}><soap:item></soap:item></soap:${tag}>`;
+    return `<soap:${tag}>${vals.map((v) => `<soap:item>${escapeXml(v)}</soap:item>`).join("")}</soap:${tag}>`;
+}
+function soapEnvelopeSelect(criteria) {
+    const serviceLogs = soapItems("ServiceLogs", criteria.serviceLogs);
+    const systemLogs = soapItems("SystemLogs", criteria.systemLogs);
+    const searchStr = escapeXml(criteria.searchStr || "");
+    return ('<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="http://schemas.cisco.com/ast/soap">' +
+        "<soapenv:Header/>" +
+        "<soapenv:Body>" +
+        "<soap:selectLogFiles>" +
+        "<soap:FileSelectionCriteria>" +
+        serviceLogs +
+        systemLogs +
+        `<soap:SearchStr>${searchStr}</soap:SearchStr>` +
+        "<soap:Frequency>OnDemand</soap:Frequency>" +
+        "<soap:JobType>DownloadtoClient</soap:JobType>" +
+        `<soap:ToDate>${escapeXml(criteria.toDate)}</soap:ToDate>` +
+        `<soap:FromDate>${escapeXml(criteria.fromDate)}</soap:FromDate>` +
+        `<soap:TimeZone>${escapeXml(criteria.timezone)}</soap:TimeZone>` +
+        "<soap:RelText>None</soap:RelText>" +
+        "<soap:RelTime>0</soap:RelTime>" +
+        "<soap:Port></soap:Port>" +
+        "<soap:IPAddress></soap:IPAddress>" +
+        "<soap:UserName></soap:UserName>" +
+        "<soap:Password></soap:Password>" +
+        "<soap:ZipInfo></soap:ZipInfo>" +
+        "<soap:RemoteFolder></soap:RemoteFolder>" +
+        "</soap:FileSelectionCriteria>" +
+        "</soap:selectLogFiles>" +
+        "</soapenv:Body>" +
+        "</soapenv:Envelope>");
+}
+function soapEnvelopeGetOneFile(fileName) {
+    return ('<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="http://schemas.cisco.com/ast/soap/">' +
+        "<soapenv:Header/>" +
+        "<soapenv:Body>" +
+        '<soap:GetOneFile soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">' +
+        `<FileName xsi:type="get:FileName" xmlns:get="http://cisco.com/ccm/serviceability/soap/LogCollection/GetFile/">${escapeXml(fileName)}</FileName>` +
+        "</soap:GetOneFile>" +
+        "</soapenv:Body>" +
+        "</soapenv:Envelope>");
+}
+async function fetchSoap(target, auth, path, soapAction, xmlBody, timeoutMs = 30000) {
+    const url = `https://${target.host}:${target.port}${path}`;
+    const res = await fetch(url, {
+        method: "POST",
+        headers: {
+            Authorization: basicAuthHeader(auth.username, auth.password),
+            SOAPAction: soapAction,
+            "Content-Type": "text/xml;charset=UTF-8",
+            Accept: "*/*",
+        },
+        body: Buffer.from(xmlBody, "utf8"),
+        signal: AbortSignal.timeout(timeoutMs),
+    });
+    if (!res.ok) {
+        const text = await res.text().catch(() => "");
+        throw new Error(`CUCM DIME HTTP ${res.status}: ${text || res.statusText}`);
+    }
+    const contentType = res.headers.get("content-type");
+    const ab = await res.arrayBuffer();
+    return { contentType, bytes: Buffer.from(ab) };
+}
+export async function listNodeServiceLogs(hostOrUrl, auth, port) {
+    const target = resolveTarget(hostOrUrl, port);
+    const resolvedAuth = resolveAuth(auth);
+    const { contentType, bytes } = await fetchSoap(target, resolvedAuth, "/logcollectionservice2/services/LogCollectionPortTypeService", "listNodeServiceLogs", soapEnvelopeList());
+    const boundary = extractBoundary(contentType);
+    const parts = parseMultipartRelated(bytes, boundary);
+    const xmlParts = parts.filter((p) => p.contentType.toLowerCase() === "text/xml");
+    if (xmlParts.length === 0)
+        throw new Error("DIME response missing text/xml part");
+    const parsed = parser.parse(xmlParts[0].body.toString("utf8"));
+    const env = parsed.Envelope || parsed;
+    const body = env.Body || env;
+    const resp = body.listNodeServiceLogsResponse;
+    const ret = resp?.listNodeServiceLogsReturn;
+    if (!ret)
+        throw new Error("Unexpected listNodeServiceLogs response shape");
+    const items = Array.isArray(ret) ? ret : [ret];
+    return items.map((it) => {
+        const serviceLogsRaw = it?.ServiceLog?.item;
+        const serviceLogs = Array.isArray(serviceLogsRaw)
+            ? serviceLogsRaw
+            : typeof serviceLogsRaw === "string"
+                ? [serviceLogsRaw]
+                : [];
+        return {
+            server: String(it?.name || ""),
+            serviceLogs,
+            count: serviceLogs.length,
+        };
+    });
+}
+export async function selectLogs(hostOrUrl, criteria, auth, port) {
+    const target = resolveTarget(hostOrUrl, port);
+    const resolvedAuth = resolveAuth(auth);
+    const hasService = (criteria.serviceLogs || []).some((x) => String(x || "").trim() !== "");
+    const hasSystem = (criteria.systemLogs || []).some((x) => String(x || "").trim() !== "");
+    if (!hasService && !hasSystem) {
+        throw new Error("selectLogs requires at least one of serviceLogs or systemLogs");
+    }
+    const { contentType, bytes } = await fetchSoap(target, resolvedAuth, "/logcollectionservice2/services/LogCollectionPortTypeService", "selectLogFiles", soapEnvelopeSelect(criteria));
+    const boundary = extractBoundary(contentType);
+    const parts = parseMultipartRelated(bytes, boundary);
+    const xmlParts = parts.filter((p) => p.contentType.toLowerCase() === "text/xml");
+    if (xmlParts.length === 0)
+        throw new Error("DIME response missing text/xml part");
+    const parsed = parser.parse(xmlParts[0].body.toString("utf8"));
+    const env = parsed.Envelope || parsed;
+    const body = env.Body || env;
+    const resp = body.selectLogFilesResponse;
+    const resultSet = resp?.ResultSet;
+    const serviceFileList = resultSet?.SchemaFileSelectionResult?.Node?.ServiceList?.ServiceLogs?.SetOfFiles?.File;
+    const systemFileList = resultSet?.SchemaFileSelectionResult?.Node?.ServiceList?.SystemLogs?.SetOfFiles?.File;
+    const toArray = (x) => (x == null ? [] : Array.isArray(x) ? x : [x]);
+    const combined = [...toArray(serviceFileList), ...toArray(systemFileList)];
+    if (combined.length === 0)
+        throw new Error("No files found (missing ServiceLogs/SystemLogs SetOfFiles/File)");
+    return combined.map((f) => {
+        const absolutePath = f?.absolutepath || f?.AbsolutePath || f?.Absolutepath;
+        const fileName = f?.filename || f?.FileName || f?.Filename;
+        return {
+            server: target.host,
+            absolutePath: absolutePath ? String(absolutePath) : undefined,
+            fileName: fileName ? String(fileName) : undefined,
+            ...f,
+        };
+    });
+}
+export async function selectLogsMinutes(hostOrUrl, minutesBack, select, timezone, auth, port) {
+    const now = new Date();
+    const past = new Date(now.getTime() - minutesBack * 60_000);
+    const fromDate = formatCucmDateTime(past);
+    const toDate = formatCucmDateTime(now);
+    const tz = timezone || guessTimezoneString(now);
+    const files = await selectLogs(hostOrUrl, { ...select, fromDate, toDate, timezone: tz }, auth, port);
+    return { fromDate, toDate, timezone: tz, files };
+}
+export async function getOneFile(hostOrUrl, filePath, auth, port) {
+    const target = resolveTarget(hostOrUrl, port);
+    const resolvedAuth = resolveAuth(auth);
+    const { contentType, bytes } = await fetchSoap(target, resolvedAuth, "/logcollectionservice/services/DimeGetFileService", "http://schemas.cisco.com/ast/soap/action/#LogCollectionPort#GetOneFile", soapEnvelopeGetOneFile(filePath));
+    const boundary = extractBoundary(contentType);
+    const parts = parseMultipartRelated(bytes, boundary);
+    if (parts.length === 0)
+        throw new Error("DIME GetOneFile returned no multipart parts");
+    const nonXml = parts.find((p) => p.contentType.toLowerCase() !== "text/xml");
+    if (!nonXml)
+        throw new Error("DIME GetOneFile response missing non-XML file part");
+    return { server: target.host, filename: filePath, data: nonXml.body };
+}
+export function writeDownloadedFile(result, outFile) {
+    const baseName = result.filename.split("/").filter(Boolean).pop() || "cucm-file.bin";
+    const defaultDir = join("/tmp", "cucm-mcp");
+    const filePath = outFile || join(defaultDir, baseName);
+    mkdirSync(dirname(filePath), { recursive: true });
+    writeFileSync(filePath, result.data);
+    return { filePath, bytes: result.data.length, baseName };
+}

package/dist/index.js

@@ -0,0 +1,156 @@
+#!/usr/bin/env node
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+import { listNodeServiceLogs, selectLogs, selectLogsMinutes, getOneFile, writeDownloadedFile, } from "./dime.js";
+import { guessTimezoneString } from "./time.js";
+import { PacketCaptureManager } from "./packetCapture.js";
+// Default to accepting self-signed/invalid certs (common on CUCM lab/dev).
+// Opt back into strict verification with CUCM_MCP_TLS_MODE=strict.
+const tlsMode = (process.env.CUCM_MCP_TLS_MODE || process.env.MCP_TLS_MODE || "").toLowerCase();
+const strictTls = tlsMode === "strict" || tlsMode === "verify";
+if (!strictTls && !process.env.NODE_TLS_REJECT_UNAUTHORIZED) {
+    process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
+}
+const server = new McpServer({ name: "cucm", version: "0.1.0" });
+const captures = new PacketCaptureManager();
+const dimeAuthSchema = z
+    .object({
+    username: z.string().optional(),
+    password: z.string().optional(),
+})
+    .optional();
+const sshAuthSchema = z
+    .object({
+    username: z.string().optional(),
+    password: z.string().optional(),
+})
+    .optional();
+server.tool("guess_timezone_string", "Build a best-effort DIME timezone string for selectLogFiles.", {}, async () => ({
+    content: [{ type: "text", text: JSON.stringify({ timezone: guessTimezoneString(new Date()) }, null, 2) }],
+}));
+server.tool("list_node_service_logs", "List CUCM cluster nodes and their available service logs (DIME listNodeServiceLogs).", {
+    host: z.string(),
+    port: z.number().int().min(1).max(65535).optional(),
+    auth: dimeAuthSchema,
+}, async ({ host, port, auth }) => {
+    const result = await listNodeServiceLogs(host, auth, port);
+    return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+});
+server.tool("select_logs", "List log/trace files using DIME selectLogFiles. Supports ServiceLogs and SystemLogs.", {
+    host: z.string(),
+    port: z.number().int().min(1).max(65535).optional(),
+    auth: dimeAuthSchema,
+    serviceLogs: z.array(z.string()).optional().describe("ServiceLogs selections"),
+    systemLogs: z.array(z.string()).optional().describe("SystemLogs selections"),
+    searchStr: z.string().optional().describe("Optional filename substring filter"),
+    fromDate: z.string(),
+    toDate: z.string(),
+    timezone: z.string(),
+}, async ({ host, port, auth, serviceLogs, systemLogs, searchStr, fromDate, toDate, timezone }) => {
+    const result = await selectLogs(host, { serviceLogs, systemLogs, searchStr, fromDate, toDate, timezone }, auth, port);
+    return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+});
+server.tool("select_logs_minutes", "Convenience wrapper: select logs using a minutes-back window.", {
+    host: z.string(),
+    port: z.number().int().min(1).max(65535).optional(),
+    auth: dimeAuthSchema,
+    minutesBack: z.number().int().min(1).max(60 * 24 * 30),
+    serviceLogs: z.array(z.string()).optional(),
+    systemLogs: z.array(z.string()).optional(),
+    searchStr: z.string().optional(),
+    timezone: z.string().optional(),
+}, async ({ host, port, auth, minutesBack, serviceLogs, systemLogs, searchStr, timezone }) => {
+    const result = await selectLogsMinutes(host, minutesBack, { serviceLogs, systemLogs, searchStr }, timezone, auth, port);
+    return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+});
+server.tool("select_syslog_minutes", "Convenience wrapper: select system log files (e.g. Syslog) using a minutes-back window.", {
+    host: z.string(),
+    port: z.number().int().min(1).max(65535).optional(),
+    auth: dimeAuthSchema,
+    minutesBack: z.number().int().min(1).max(60 * 24 * 30),
+    systemLog: z
+        .string()
+        .optional()
+        .describe("System log selection name. Default is 'Syslog' (may vary by CUCM version)."),
+    searchStr: z.string().optional(),
+    timezone: z.string().optional(),
+}, async ({ host, port, auth, minutesBack, systemLog, searchStr, timezone }) => {
+    const result = await selectLogsMinutes(host, minutesBack, { systemLogs: [systemLog || "Syslog"], searchStr }, timezone, auth, port);
+    return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+});
+server.tool("download_file", "Download a single file via DIME GetOneFile and write it to disk.", {
+    host: z.string(),
+    port: z.number().int().min(1).max(65535).optional(),
+    auth: dimeAuthSchema,
+    filePath: z.string().min(1).describe("Absolute path on CUCM"),
+    outFile: z.string().optional().describe("Optional output path. Default: /tmp/cucm-mcp/<basename>"),
+}, async ({ host, port, auth, filePath, outFile }) => {
+    const dl = await getOneFile(host, filePath, auth, port);
+    const saved = writeDownloadedFile(dl, outFile);
+    return {
+        content: [
+            {
+                type: "text",
+                text: JSON.stringify({ server: dl.server, sourcePath: dl.filename, savedPath: saved.filePath, bytes: saved.bytes }, null, 2),
+            },
+        ],
+    };
+});
+server.tool("packet_capture_start", "Start a packet capture on CUCM via SSH (utils network capture). Returns a captureId.", {
+    host: z.string().describe("CUCM host/IP"),
+    sshPort: z.number().int().min(1).max(65535).optional(),
+    auth: sshAuthSchema,
+    iface: z.string().optional().describe("Interface (default eth0)"),
+    fileBase: z.string().optional().describe("Capture base name (no dots). Saved as <fileBase>.cap"),
+    count: z.number().int().min(1).max(200000).optional().describe("Packet count (file max is typically 100000)"),
+    size: z.string().optional().describe("Packet size (e.g. all)"),
+    hostFilterIp: z.string().optional().describe("Optional filter: host ip <addr>"),
+    portFilter: z.number().int().min(1).max(65535).optional().describe("Optional filter: port <num>"),
+}, async ({ host, sshPort, auth, iface, fileBase, count, size, hostFilterIp, portFilter }) => {
+    const result = await captures.start({
+        host,
+        sshPort,
+        auth: auth,
+        iface,
+        fileBase,
+        count,
+        size,
+        hostFilterIp,
+        portFilter,
+    });
+    return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+});
+server.tool("packet_capture_list", "List active packet captures started by this MCP server.", {}, async () => ({ content: [{ type: "text", text: JSON.stringify(captures.list(), null, 2) }] }));
+server.tool("packet_capture_stop", "Stop a packet capture by captureId (sends Ctrl-C).", {
+    captureId: z.string().min(1),
+}, async ({ captureId }) => {
+    const result = await captures.stop(captureId);
+    return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+});
+server.tool("packet_capture_stop_and_download", "Stop a packet capture and download the resulting .cap file via DIME.", {
+    captureId: z.string().min(1),
+    dimePort: z.number().int().min(1).max(65535).optional(),
+    auth: dimeAuthSchema.describe("DIME auth (optional; defaults to CUCM_DIME_USERNAME/CUCM_DIME_PASSWORD)"),
+    outFile: z.string().optional().describe("Optional output path for the downloaded .cap file"),
+}, async ({ captureId, dimePort, auth, outFile }) => {
+    const stopped = await captures.stop(captureId);
+    const dl = await getOneFile(stopped.host, stopped.remoteFilePath, auth, dimePort);
+    const saved = writeDownloadedFile(dl, outFile);
+    return {
+        content: [
+            {
+                type: "text",
+                text: JSON.stringify({
+                    captureId: stopped.id,
+                    host: stopped.host,
+                    remoteFilePath: stopped.remoteFilePath,
+                    savedPath: saved.filePath,
+                    bytes: saved.bytes,
+                }, null, 2),
+            },
+        ],
+    };
+});
+const transport = new StdioServerTransport();
+await server.connect(transport);

package/dist/multipart.js

@@ -0,0 +1,73 @@
+export function extractBoundary(contentTypeHeader) {
+    if (!contentTypeHeader)
+        return "";
+    const m = contentTypeHeader.match(/boundary\s*=\s*"?([^";]+)"?/i);
+    return (m?.[1] || "").trim();
+}
+function parseHeaderLines(lines) {
+    const out = {};
+    for (const line of lines) {
+        const idx = line.indexOf(":");
+        if (idx <= 0)
+            continue;
+        const k = line.slice(0, idx).trim().toLowerCase();
+        const v = line.slice(idx + 1).trim();
+        out[k] = v;
+    }
+    return out;
+}
+export function parseMultipartRelated(body, boundary) {
+    if (!boundary)
+        return [];
+    const boundaryLine = `--${boundary}`;
+    const boundaryBuf = Buffer.from(boundaryLine, "utf8");
+    const parts = [];
+    const findNextBoundary = (start) => {
+        for (let p = start; p <= body.length - boundaryBuf.length; p++) {
+            if (body[p] !== boundaryBuf[0])
+                continue;
+            if (body.subarray(p, p + boundaryBuf.length).equals(boundaryBuf))
+                return p;
+        }
+        return -1;
+    };
+    let i = findNextBoundary(0);
+    if (i === -1)
+        return [];
+    while (i !== -1) {
+        const lineEnd = body.indexOf("\n", i);
+        if (lineEnd === -1)
+            break;
+        const boundaryText = body.subarray(i, lineEnd).toString("utf8").trim();
+        if (boundaryText.endsWith("--"))
+            break;
+        let cursor = lineEnd + 1;
+        const headerLines = [];
+        while (cursor < body.length) {
+            const nextNl = body.indexOf("\n", cursor);
+            if (nextNl === -1)
+                break;
+            const rawLine = body.subarray(cursor, nextNl).toString("utf8");
+            const line = rawLine.replace(/\r$/, "");
+            cursor = nextNl + 1;
+            if (line.trim() === "")
+                break;
+            headerLines.push(line);
+        }
+        const headers = parseHeaderLines(headerLines);
+        const contentType = (headers["content-type"] || "application/octet-stream")
+            .split(";")[0]
+            .trim();
+        const nextBoundary = findNextBoundary(cursor);
+        if (nextBoundary === -1)
+            break;
+        let end = nextBoundary;
+        if (end >= 2 && body[end - 2] === 0x0d && body[end - 1] === 0x0a)
+            end -= 2;
+        else if (end >= 1 && body[end - 1] === 0x0a)
+            end -= 1;
+        parts.push({ contentType, headers, body: Buffer.from(body.subarray(cursor, end)) });
+        i = nextBoundary;
+    }
+    return parts;
+}

package/dist/packetCapture.js

@@ -0,0 +1,161 @@
+import crypto from "node:crypto";
+import { Client } from "ssh2";
+export function resolveSshAuth(auth) {
+    const username = auth?.username || process.env.CUCM_SSH_USERNAME;
+    const password = auth?.password || process.env.CUCM_SSH_PASSWORD;
+    if (!username || !password) {
+        throw new Error("Missing SSH credentials (provide auth or set CUCM_SSH_USERNAME/CUCM_SSH_PASSWORD)");
+    }
+    return { username, password };
+}
+export function sanitizeFileBase(s) {
+    // CUCM note: fname should not contain '.'
+    // Keep it conservative.
+    const cleaned = String(s || "")
+        .trim()
+        .replaceAll(".", "_")
+        .replace(/[^A-Za-z0-9_-]+/g, "_")
+        .replace(/^_+/, "")
+        .replace(/_+$/, "");
+    if (!cleaned)
+        throw new Error("fileBase is required (after sanitization)");
+    return cleaned;
+}
+export function buildCaptureCommand(opts) {
+    const iface = String(opts.iface || "eth0").trim() || "eth0";
+    const fileBase = sanitizeFileBase(opts.fileBase);
+    const count = Number.isFinite(opts.count) ? Math.trunc(opts.count) : 100000;
+    if (count <= 0)
+        throw new Error("count must be > 0");
+    const size = String(opts.size || "all").trim() || "all";
+    const args = [
+        "utils",
+        "network",
+        "capture",
+        iface,
+        "file",
+        fileBase,
+        "count",
+        String(count),
+        "size",
+        size,
+    ];
+    if (opts.portFilter != null) {
+        const p = Math.trunc(opts.portFilter);
+        if (p < 1 || p > 65535)
+            throw new Error("portFilter must be 1..65535");
+        args.push("port", String(p));
+    }
+    if (opts.hostFilterIp) {
+        const ip = String(opts.hostFilterIp).trim();
+        if (!ip)
+            throw new Error("hostFilterIp must be non-empty");
+        args.push("host", "ip", ip);
+    }
+    return args.join(" ");
+}
+export function remoteCapturePath(fileBase) {
+    const fb = sanitizeFileBase(fileBase);
+    return `/var/log/active/platform/cli/${fb}.cap`;
+}
+export class PacketCaptureManager {
+    active = new Map();
+    list() {
+        return [...this.active.values()].map((a) => a.session);
+    }
+    async start(opts) {
+        const iface = String(opts.iface || "eth0").trim() || "eth0";
+        const fileBase = sanitizeFileBase(opts.fileBase || `cap_${Date.now()}`);
+        const count = opts.count ?? 100000;
+        const size = opts.size ?? "all";
+        const cmd = buildCaptureCommand({ iface, fileBase, count, size, hostFilterIp: opts.hostFilterIp, portFilter: opts.portFilter });
+        const id = crypto.randomUUID();
+        const sshPort = opts.sshPort ?? (process.env.CUCM_SSH_PORT ? Number.parseInt(process.env.CUCM_SSH_PORT, 10) : 22);
+        const auth = resolveSshAuth(opts.auth);
+        const client = new Client();
+        const startedAt = new Date().toISOString();
+        const session = {
+            id,
+            host: opts.host,
+            startedAt,
+            iface,
+            fileBase,
+            remoteFilePath: remoteCapturePath(fileBase),
+        };
+        await new Promise((resolve, reject) => {
+            client
+                .on("ready", () => resolve())
+                .on("error", (e) => reject(e))
+                .connect({
+                host: opts.host,
+                port: sshPort,
+                username: auth.username,
+                password: auth.password,
+                readyTimeout: 15000,
+            });
+        });
+        const channel = await new Promise((resolve, reject) => {
+            client.exec(cmd, { pty: true }, (err, ch) => {
+                if (err)
+                    return reject(err);
+                resolve(ch);
+            });
+        });
+        channel.on("data", (buf) => {
+            session.lastStdout = buf.toString("utf8").slice(-2000);
+        });
+        channel.stderr.on("data", (buf) => {
+            session.lastStderr = buf.toString("utf8").slice(-2000);
+        });
+        channel.on("close", (code) => {
+            session.exitCode = code;
+            // If the capture stopped unexpectedly, drop it from the active map.
+            this.active.delete(id);
+            try {
+                client.end();
+            }
+            catch {
+                // ignore
+            }
+        });
+        this.active.set(id, { session, client, channel });
+        return session;
+    }
+    async stop(captureId, timeoutMs = 15000) {
+        const a = this.active.get(captureId);
+        if (!a)
+            throw new Error(`Unknown captureId: ${captureId}`);
+        const { channel, client, session } = a;
+        const done = new Promise((resolve) => {
+            channel.once("close", () => resolve());
+        });
+        // Best-effort interrupt.
+        try {
+            if (typeof channel.signal === "function")
+                channel.signal("INT");
+            else
+                channel.write("\x03");
+        }
+        catch {
+            try {
+                channel.write("\x03");
+            }
+            catch {
+                // ignore
+            }
+        }
+        await Promise.race([
+            done,
+            new Promise((_, reject) => setTimeout(() => reject(new Error("Timeout waiting for capture to stop")), timeoutMs)),
+        ]);
+        // stop() implies cleanup
+        this.active.delete(captureId);
+        try {
+            client.end();
+        }
+        catch {
+            // ignore
+        }
+        return session;
+    }
+}

package/dist/time.js

@@ -0,0 +1,25 @@
+export function formatCucmDateTime(d) {
+    // DIME examples use: "MM/DD/YY HH:MM AM" (US locale)
+    const date = new Intl.DateTimeFormat("en-US", {
+        month: "2-digit",
+        day: "2-digit",
+        year: "2-digit",
+    }).format(d);
+    const time = new Intl.DateTimeFormat("en-US", {
+        hour: "numeric",
+        minute: "2-digit",
+        hour12: true,
+    }).format(d);
+    return `${date} ${time}`;
+}
+export function guessTimezoneString(now = new Date()) {
+    // Best-effort DIME timezone string:
+    // "Client: (GMT-8:0)America/Los_Angeles"
+    const tz = Intl.DateTimeFormat().resolvedOptions().timeZone || "UTC";
+    const offsetMin = -now.getTimezoneOffset();
+    const sign = offsetMin >= 0 ? "+" : "-";
+    const abs = Math.abs(offsetMin);
+    const h = Math.floor(abs / 60);
+    const m = abs % 60;
+    return `Client: (GMT${sign}${h}:${m})${tz}`;
+}

package/package.json

@@ -0,0 +1,42 @@
+{
+  "name": "@calltelemetry/cucm-mcp",
+  "version": "0.1.0",
+  "private": false,
+  "type": "module",
+  "description": "MCP server for CUCM tooling (DIME logs, syslog, packet capture)",
+  "license": "UNLICENSED",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/calltelemetry/cucm-mcp.git"
+  },
+  "bin": {
+    "cucm-mcp": "./dist/index.js"
+  },
+  "files": [
+    "dist/",
+    "README.md",
+    "package.json"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "scripts": {
+    "start": "tsx src/index.ts",
+    "build": "tsc",
+    "typecheck": "tsc --noEmit",
+    "test": "yarn build && node --test test/*.test.js",
+    "prepack": "yarn test"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.12.1",
+    "fast-xml-parser": "^4.5.3",
+    "ssh2": "^1.16.0",
+    "zod": "^3.24.2"
+  },
+  "devDependencies": {
+    "@types/node": "^25.1.0",
+    "@types/ssh2": "^1.15.4",
+    "tsx": "^4.19.4",
+    "typescript": "^5.7.3"
+  }
+}