@calltelemetry/cucm-mcp 0.1.0 → 0.1.2

package/README.md

@@ -49,10 +49,10 @@ Add to `.mcp.json`:
       "command": "yarn",
       "args": ["--cwd", "cucm-mcp", "start"],
       "env": {
-        "CUCM_DIME_USERNAME": "<user>",
-        "CUCM_DIME_PASSWORD": "<pass>",
+        "CUCM_DIME_USERNAME": "<cucm-username>",
+        "CUCM_DIME_PASSWORD": "<cucm-password>",
         "CUCM_SSH_USERNAME": "administrator",
-        "CUCM_SSH_PASSWORD": "<pass>",
+        "CUCM_SSH_PASSWORD": "<ssh-password>",
         "CUCM_MCP_TLS_MODE": "permissive"
       }
     }

package/dist/dime.js

@@ -3,12 +3,34 @@ import { extractBoundary, parseMultipartRelated } from "./multipart.js";
 import { formatCucmDateTime, guessTimezoneString } from "./time.js";
 import { mkdirSync, writeFileSync } from "node:fs";
 import { dirname, join } from "node:path";
+// Default to accepting self-signed/invalid certs (common on CUCM lab/dev).
+// Opt back into strict verification with CUCM_MCP_TLS_MODE=strict.
+const tlsMode = (process.env.CUCM_MCP_TLS_MODE || process.env.MCP_TLS_MODE || "").toLowerCase();
+const strictTls = tlsMode === "strict" || tlsMode === "verify";
+if (!strictTls)
+    process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
 const parser = new XMLParser({
     ignoreAttributes: false,
     attributeNamePrefix: "@",
     removeNSPrefix: true,
     trimValues: true,
 });
+function isXmlContentType(contentType) {
+    const ct = String(contentType || "").toLowerCase();
+    if (!ct)
+        return false;
+    return ct === "text/xml" || ct === "application/xml" || ct === "application/soap+xml" || ct.endsWith("+xml") || ct.includes("/xml");
+}
+function dimeXmlBytes(contentType, bytes) {
+    const boundary = extractBoundary(contentType);
+    if (!boundary)
+        return bytes;
+    const parts = parseMultipartRelated(bytes, boundary);
+    const xmlParts = parts.filter((p) => isXmlContentType(p.contentType));
+    if (xmlParts.length === 0)
+        throw new Error("DIME response missing text/xml part");
+    return xmlParts[0].body;
+}
 export function normalizeHost(hostOrUrl) {
     const s = String(hostOrUrl || "").trim();
     if (!s)
@@ -125,12 +147,8 @@ export async function listNodeServiceLogs(hostOrUrl, auth, port) {
     const target = resolveTarget(hostOrUrl, port);
     const resolvedAuth = resolveAuth(auth);
     const { contentType, bytes } = await fetchSoap(target, resolvedAuth, "/logcollectionservice2/services/LogCollectionPortTypeService", "listNodeServiceLogs", soapEnvelopeList());
-    const boundary = extractBoundary(contentType);
-    const parts = parseMultipartRelated(bytes, boundary);
-    const xmlParts = parts.filter((p) => p.contentType.toLowerCase() === "text/xml");
-    if (xmlParts.length === 0)
-        throw new Error("DIME response missing text/xml part");
-    const parsed = parser.parse(xmlParts[0].body.toString("utf8"));
+    const xml = dimeXmlBytes(contentType, bytes);
+    const parsed = parser.parse(xml.toString("utf8"));
     const env = parsed.Envelope || parsed;
     const body = env.Body || env;
     const resp = body.listNodeServiceLogsResponse;
@@ -161,12 +179,8 @@ export async function selectLogs(hostOrUrl, criteria, auth, port) {
         throw new Error("selectLogs requires at least one of serviceLogs or systemLogs");
     }
     const { contentType, bytes } = await fetchSoap(target, resolvedAuth, "/logcollectionservice2/services/LogCollectionPortTypeService", "selectLogFiles", soapEnvelopeSelect(criteria));
-    const boundary = extractBoundary(contentType);
-    const parts = parseMultipartRelated(bytes, boundary);
-    const xmlParts = parts.filter((p) => p.contentType.toLowerCase() === "text/xml");
-    if (xmlParts.length === 0)
-        throw new Error("DIME response missing text/xml part");
-    const parsed = parser.parse(xmlParts[0].body.toString("utf8"));
+    const xml = dimeXmlBytes(contentType, bytes);
+    const parsed = parser.parse(xml.toString("utf8"));
     const env = parsed.Envelope || parsed;
     const body = env.Body || env;
     const resp = body.selectLogFilesResponse;
@@ -202,14 +216,80 @@ export async function getOneFile(hostOrUrl, filePath, auth, port) {
     const resolvedAuth = resolveAuth(auth);
     const { contentType, bytes } = await fetchSoap(target, resolvedAuth, "/logcollectionservice/services/DimeGetFileService", "http://schemas.cisco.com/ast/soap/action/#LogCollectionPort#GetOneFile", soapEnvelopeGetOneFile(filePath));
     const boundary = extractBoundary(contentType);
+    if (!boundary) {
+        // Some environments respond with a non-multipart body. Prefer treating non-XML bodies as raw file bytes.
+        const ct = (contentType || "").toLowerCase();
+        if (ct.includes("text/xml") || ct.includes("application/soap+xml")) {
+            // Best-effort fault detection
+            const asText = bytes.toString("utf8");
+            if (/\bFault\b/i.test(asText))
+                throw new Error(`CUCM DIME GetOneFile returned SOAP fault: ${asText}`);
+            // If it's XML but not a fault, still return raw bytes.
+        }
+        return { server: target.host, filename: filePath, data: bytes };
+    }
     const parts = parseMultipartRelated(bytes, boundary);
     if (parts.length === 0)
         throw new Error("DIME GetOneFile returned no multipart parts");
-    const nonXml = parts.find((p) => p.contentType.toLowerCase() !== "text/xml");
+    const nonXml = parts.find((p) => !isXmlContentType(p.contentType));
     if (!nonXml)
         throw new Error("DIME GetOneFile response missing non-XML file part");
     return { server: target.host, filename: filePath, data: nonXml.body };
 }
+function isDimeMissingFileError(e) {
+    const msg = e instanceof Error ? e.message : String(e || "");
+    // CUCM DIME commonly responds with HTTP 500 and a SOAP fault like:
+    //   "FileName ... do not exist"
+    return /DIME HTTP 500/i.test(msg) && /do not exist/i.test(msg);
+}
+export async function getOneFileWithRetry(hostOrUrl, filePath, opts) {
+    const timeoutMs = Math.max(1000, opts?.timeoutMs ?? 120_000);
+    const pollIntervalMs = Math.max(250, opts?.pollIntervalMs ?? 2000);
+    const start = Date.now();
+    let attempts = 0;
+    // Simple fixed-interval poll; CUCM can take time to flush capture files to disk.
+    while (true) {
+        attempts++;
+        try {
+            const r = await getOneFile(hostOrUrl, filePath, opts?.auth, opts?.port);
+            return { ...r, attempts, waitedMs: Date.now() - start };
+        }
+        catch (e) {
+            const elapsed = Date.now() - start;
+            if (!isDimeMissingFileError(e) || elapsed >= timeoutMs)
+                throw e;
+            await new Promise((r) => setTimeout(r, pollIntervalMs));
+        }
+    }
+}
+export async function getOneFileAnyWithRetry(hostOrUrl, filePaths, opts) {
+    const paths = (filePaths || []).map(String).filter((p) => p.trim() !== "");
+    if (paths.length === 0)
+        throw new Error("getOneFileAnyWithRetry requires at least one filePath");
+    const timeoutMs = Math.max(1000, opts?.timeoutMs ?? 120_000);
+    const pollIntervalMs = Math.max(250, opts?.pollIntervalMs ?? 2000);
+    const start = Date.now();
+    let attempts = 0;
+    while (true) {
+        attempts++;
+        for (const p of paths) {
+            try {
+                const r = await getOneFile(hostOrUrl, p, opts?.auth, opts?.port);
+                return { ...r, attempts, waitedMs: Date.now() - start };
+            }
+            catch (e) {
+                if (!isDimeMissingFileError(e))
+                    throw e;
+            }
+        }
+        const elapsed = Date.now() - start;
+        if (elapsed >= timeoutMs) {
+            // If timeout, throw the same missing-file style error for the first candidate.
+            throw new Error(`DIME HTTP 500: FileName ${paths[0]} do not exist (timed out after ${elapsed}ms)`);
+        }
+        await new Promise((r) => setTimeout(r, pollIntervalMs));
+    }
+}
 export function writeDownloadedFile(result, outFile) {
     const baseName = result.filename.split("/").filter(Boolean).pop() || "cucm-file.bin";
     const defaultDir = join("/tmp", "cucm-mcp");

package/dist/index.js

@@ -2,16 +2,17 @@
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { z } from "zod";
-import { listNodeServiceLogs, selectLogs, selectLogsMinutes, getOneFile, writeDownloadedFile, } from "./dime.js";
+import { listNodeServiceLogs, selectLogs, selectLogsMinutes, getOneFile, getOneFileAnyWithRetry, writeDownloadedFile, } from "./dime.js";
 import { guessTimezoneString } from "./time.js";
 import { PacketCaptureManager } from "./packetCapture.js";
 // Default to accepting self-signed/invalid certs (common on CUCM lab/dev).
 // Opt back into strict verification with CUCM_MCP_TLS_MODE=strict.
 const tlsMode = (process.env.CUCM_MCP_TLS_MODE || process.env.MCP_TLS_MODE || "").toLowerCase();
 const strictTls = tlsMode === "strict" || tlsMode === "verify";
-if (!strictTls && !process.env.NODE_TLS_REJECT_UNAUTHORIZED) {
+// Default: permissive TLS (accept self-signed). This is the common CUCM lab posture.
+// Set CUCM_MCP_TLS_MODE=strict to enforce verification.
+if (!strictTls)
     process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
-}
 const server = new McpServer({ name: "cucm", version: "0.1.0" });
 const captures = new PacketCaptureManager();
 const dimeAuthSchema = z
@@ -124,8 +125,9 @@ server.tool("packet_capture_start", "Start a packet capture on CUCM via SSH (uti
 server.tool("packet_capture_list", "List active packet captures started by this MCP server.", {}, async () => ({ content: [{ type: "text", text: JSON.stringify(captures.list(), null, 2) }] }));
 server.tool("packet_capture_stop", "Stop a packet capture by captureId (sends Ctrl-C).", {
     captureId: z.string().min(1),
-}, async ({ captureId }) => {
-    const result = await captures.stop(captureId);
+    timeoutMs: z.number().int().min(1000).max(10 * 60_000).optional().describe("How long to wait for stop (default ~90s)"),
+}, async ({ captureId, timeoutMs }) => {
+    const result = await captures.stop(captureId, timeoutMs);
     return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
 });
 server.tool("packet_capture_stop_and_download", "Stop a packet capture and download the resulting .cap file via DIME.", {
@@ -133,9 +135,32 @@ server.tool("packet_capture_stop_and_download", "Stop a packet capture and downl
     dimePort: z.number().int().min(1).max(65535).optional(),
     auth: dimeAuthSchema.describe("DIME auth (optional; defaults to CUCM_DIME_USERNAME/CUCM_DIME_PASSWORD)"),
     outFile: z.string().optional().describe("Optional output path for the downloaded .cap file"),
-}, async ({ captureId, dimePort, auth, outFile }) => {
-    const stopped = await captures.stop(captureId);
-    const dl = await getOneFile(stopped.host, stopped.remoteFilePath, auth, dimePort);
+    stopTimeoutMs: z.number().int().min(1000).max(10 * 60_000).optional().describe("How long to wait for SSH capture stop"),
+    downloadTimeoutMs: z
+        .number()
+        .int()
+        .min(1000)
+        .max(10 * 60_000)
+        .optional()
+        .describe("How long to wait for the capture file to appear in DIME"),
+    downloadPollIntervalMs: z
+        .number()
+        .int()
+        .min(250)
+        .max(30_000)
+        .optional()
+        .describe("How often to retry DIME GetOneFile when the file isn't there yet"),
+}, async ({ captureId, dimePort, auth, outFile, stopTimeoutMs, downloadTimeoutMs, downloadPollIntervalMs }) => {
+    const stopped = await captures.stop(captureId, stopTimeoutMs);
+    const candidates = (stopped.remoteFileCandidates || []).length
+        ? stopped.remoteFileCandidates
+        : [stopped.remoteFilePath];
+    const dl = await getOneFileAnyWithRetry(stopped.host, candidates, {
+        auth: auth,
+        port: dimePort,
+        timeoutMs: downloadTimeoutMs,
+        pollIntervalMs: downloadPollIntervalMs,
+    });
     const saved = writeDownloadedFile(dl, outFile);
     return {
         content: [
@@ -144,9 +169,12 @@ server.tool("packet_capture_stop_and_download", "Stop a packet capture and downl
                 text: JSON.stringify({
                     captureId: stopped.id,
                     host: stopped.host,
-                    remoteFilePath: stopped.remoteFilePath,
+                    remoteFilePath: dl.filename,
+                    stopTimedOut: stopped.stopTimedOut || false,
                     savedPath: saved.filePath,
                     bytes: saved.bytes,
+                    dimeAttempts: dl.attempts,
+                    dimeWaitedMs: dl.waitedMs,
                 }, null, 2),
             },
         ],

package/dist/packetCapture.js

@@ -1,5 +1,25 @@
 import crypto from "node:crypto";
 import { Client } from "ssh2";
+function extractCapFilePath(text) {
+    if (!text)
+        return undefined;
+    // CUCM typically writes captures to /var/log/active/platform/cli/<name>.cap
+    // Sometimes CLI output includes the final on-disk location.
+    const re = /\/var\/log\/active\/platform\/cli\/[A-Za-z0-9._-]+\.cap/g;
+    const matches = text.match(re);
+    if (!matches || matches.length === 0)
+        return undefined;
+    return matches[matches.length - 1];
+}
+function looksLikeCucmPrompt(text) {
+    const t = String(text || "");
+    // CUCM CLI commonly ends commands by printing a prompt like:
+    //   admin:
+    // Some environments might show other usernames.
+    // We only look at the tail to avoid false positives.
+    const tail = t.slice(-80);
+    return /(?:^|\n)[A-Za-z0-9_-]+:\s*$/.test(tail);
+}
 export function resolveSshAuth(auth) {
     const username = auth?.username || process.env.CUCM_SSH_USERNAME;
     const password = auth?.password || process.env.CUCM_SSH_PASSWORD;
@@ -58,6 +78,17 @@ export function remoteCapturePath(fileBase) {
     const fb = sanitizeFileBase(fileBase);
     return `/var/log/active/platform/cli/${fb}.cap`;
 }
+export function remoteCaptureCandidates(fileBase, maxParts = 10) {
+    const fb = sanitizeFileBase(fileBase);
+    const base = `/var/log/active/platform/cli/${fb}.cap`;
+    const out = [base];
+    // Some CUCM/VOS versions roll packet capture files as .cap01, .cap02, ...
+    for (let i = 1; i <= maxParts; i++) {
+        const suffix = String(i).padStart(2, "0");
+        out.push(`/var/log/active/platform/cli/${fb}.cap${suffix}`);
+    }
+    return out;
+}
 export class PacketCaptureManager {
     active = new Map();
     list() {
@@ -81,6 +112,7 @@ export class PacketCaptureManager {
             iface,
             fileBase,
             remoteFilePath: remoteCapturePath(fileBase),
+            remoteFileCandidates: remoteCaptureCandidates(fileBase),
         };
         await new Promise((resolve, reject) => {
             client
@@ -121,33 +153,123 @@ export class PacketCaptureManager {
         this.active.set(id, { session, client, channel });
         return session;
     }
-    async stop(captureId, timeoutMs = 15000) {
+    async stop(captureId, timeoutMs = 90_000) {
         const a = this.active.get(captureId);
         if (!a)
             throw new Error(`Unknown captureId: ${captureId}`);
         const { channel, client, session } = a;
         const done = new Promise((resolve) => {
-            channel.once("close", () => resolve());
+            // CUCM CLI can keep the SSH channel open after the command finishes
+            // (it returns to a prompt rather than exiting). Treat prompt as "stopped".
+            const onData = () => {
+                if (looksLikeCucmPrompt(session.lastStdout) || looksLikeCucmPrompt(session.lastStderr)) {
+                    cleanup();
+                    resolve();
+                }
+            };
+            const cleanup = () => {
+                channel.off("data", onData);
+                channel.stderr.off("data", onData);
+            };
+            const finish = () => {
+                cleanup();
+                resolve();
+            };
+            channel.once("exit", finish);
+            channel.once("close", finish);
+            channel.once("end", finish);
+            channel.on("data", onData);
+            channel.stderr.on("data", onData);
         });
-        // Best-effort interrupt.
-        try {
-            if (typeof channel.signal === "function")
-                channel.signal("INT");
-            else
+        const sendInterrupt = () => {
+            // Best-effort interrupt.
+            try {
+                if (typeof channel.signal === "function")
+                    channel.signal("INT");
+                // Always also write Ctrl-C for PTY sessions.
                 channel.write("\x03");
+            }
+            catch {
+                try {
+                    channel.write("\x03");
+                }
+                catch {
+                    // ignore
+                }
+            }
+        };
+        // CUCM can take a while to flush/close captures (especially big buffers).
+        // Also, some CLI flows require a second Ctrl-C or a newline to return to prompt.
+        const resolvedTimeoutMs = Math.max(5000, timeoutMs || 0);
+        const deadline = Date.now() + resolvedTimeoutMs;
+        sendInterrupt();
+        // Nudge again a couple times if it doesn't exit quickly.
+        void (async () => {
+            const delays = [750, 1500, 3000];
+            for (const d of delays) {
+                await new Promise((r) => setTimeout(r, d));
+                if (Date.now() >= deadline)
+                    return;
+                // If channel already closed, no-op.
+                sendInterrupt();
+                try {
+                    channel.write("\n");
+                }
+                catch {
+                    // ignore
+                }
+            }
+        })();
+        try {
+            await Promise.race([
+                done,
+                new Promise((_, reject) => setTimeout(() => reject(new Error("Timeout waiting for capture to stop")), resolvedTimeoutMs)),
+            ]);
         }
-        catch {
+        catch (e) {
+            // Don't hard-fail: if the CLI doesn't emit a prompt/exit, we still want to:
+            // - close SSH resources
+            // - let the caller try DIME downloads (.cap, .cap01, etc)
+            session.stopTimedOut = true;
             try {
-                channel.write("\x03");
+                channel.close();
             }
             catch {
                 // ignore
             }
         }
-        await Promise.race([
-            done,
-            new Promise((_, reject) => setTimeout(() => reject(new Error("Timeout waiting for capture to stop")), timeoutMs)),
-        ]);
+        session.stoppedAt = new Date().toISOString();
+        // If we're back at a CUCM prompt, try to close the session cleanly.
+        if (looksLikeCucmPrompt(session.lastStdout) || looksLikeCucmPrompt(session.lastStderr)) {
+            try {
+                channel.write("exit\n");
+            }
+            catch {
+                // ignore
+            }
+        }
+        // Ensure the channel is closed so the SSH client can terminate promptly.
+        try {
+            channel.end();
+        }
+        catch {
+            // ignore
+        }
+        try {
+            channel.close();
+        }
+        catch {
+            // ignore
+        }
+        // Attempt to learn the actual remote file path from CLI output.
+        // This helps when CUCM appends suffixes or reports a different on-disk location.
+        const inferred = extractCapFilePath(session.lastStdout) || extractCapFilePath(session.lastStderr);
+        if (inferred) {
+            session.remoteFilePath = inferred;
+            if (!session.remoteFileCandidates.includes(inferred)) {
+                session.remoteFileCandidates = [inferred, ...session.remoteFileCandidates];
+            }
+        }
         // stop() implies cleanup
         this.active.delete(captureId);
         try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@calltelemetry/cucm-mcp",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "private": false,
   "type": "module",
   "description": "MCP server for CUCM tooling (DIME logs, syslog, packet capture)",
@@ -10,7 +10,10 @@
     "url": "git+https://github.com/calltelemetry/cucm-mcp.git"
   },
   "bin": {
-    "cucm-mcp": "./dist/index.js"
+    "cucm-mcp": "dist/index.js"
+  },
+  "publishConfig": {
+    "access": "public"
   },
   "files": [
     "dist/",
@@ -22,7 +25,7 @@
   },
   "scripts": {
     "start": "tsx src/index.ts",
-    "build": "tsc",
+    "build": "tsc && node scripts/chmod-bin.mjs",
     "typecheck": "tsc --noEmit",
     "test": "yarn build && node --test test/*.test.js",
     "prepack": "yarn test"