@ebowwa/mcp-nm 2.0.3 → 2.1.0

package/src/index.ts

@@ -14,6 +14,7 @@
  * - Binary patching: patch bytes, NOP sled, hex editor
  * - Number conversion: hex, decimal, binary, octal, ASCII
  * - macOS binary patching: code signing, quarantine, safe patch workflow
+ * - Patch management: persistent patch registry, auto-apply on binary updates
  */
 
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
@@ -24,6 +25,9 @@ import {
 } from "@modelcontextprotocol/sdk/types.js";
 import { exec } from "child_process";
 import { promisify } from "util";
+import * as fs from "fs";
+import * as path from "path";
+import * as os from "os";
 
 const execAsync = promisify(exec);
 
@@ -31,7 +35,7 @@ const execAsync = promisify(exec);
 const server = new Server(
   {
     name: "@ebowwa/mcp-nm",
-    version: "2.0.3",
+    version: "2.1.0",
   },
   {
     capabilities: {
@@ -2544,6 +2548,588 @@ async function handleBinVerify(args: { filePath: string }) {
   }
 }
 
+// ============================================================================
+// Patch Management System
+// ============================================================================
+
+interface PatchEntry {
+  id: string;
+  offset: number;
+  originalBytes: string;
+  patchedBytes: string;
+  description: string;
+  createdAt: string;
+}
+
+interface BinaryPatchRecord {
+  binaryPath: string;
+  binaryName: string;
+  lastPatchedChecksum: string;
+  lastAppliedAt: string;
+  patches: PatchEntry[];
+}
+
+interface PatchManifest {
+  version: string;
+  createdAt: string;
+  updatedAt: string;
+  binaries: Record<string, BinaryPatchRecord>;
+}
+
+const PATCH_DIR = path.join(os.homedir(), ".claude", "patches");
+const MANIFEST_PATH = path.join(PATCH_DIR, "manifest.json");
+const BACKUPS_DIR = path.join(PATCH_DIR, "backups");
+const MANIFEST_VERSION = "1.0.0";
+
+// Ensure patch directory exists
+function ensurePatchDir(): void {
+  if (!fs.existsSync(PATCH_DIR)) {
+    fs.mkdirSync(PATCH_DIR, { recursive: true });
+  }
+  if (!fs.existsSync(BACKUPS_DIR)) {
+    fs.mkdirSync(BACKUPS_DIR, { recursive: true });
+  }
+}
+
+// Load manifest
+function loadManifest(): PatchManifest {
+  ensurePatchDir();
+  if (fs.existsSync(MANIFEST_PATH)) {
+    try {
+      const data = fs.readFileSync(MANIFEST_PATH, "utf-8");
+      return JSON.parse(data);
+    } catch {
+      // Return new manifest if corrupted
+    }
+  }
+  return {
+    version: MANIFEST_VERSION,
+    createdAt: new Date().toISOString(),
+    updatedAt: new Date().toISOString(),
+    binaries: {}
+  };
+}
+
+// Save manifest
+function saveManifest(manifest: PatchManifest): void {
+  ensurePatchDir();
+  manifest.updatedAt = new Date().toISOString();
+  fs.writeFileSync(MANIFEST_PATH, JSON.stringify(manifest, null, 2));
+}
+
+// Get file checksum
+async function getFileChecksum(filePath: string): Promise<string> {
+  try {
+    const { stdout } = await execAsync(`shasum -a 256 "${filePath}" | cut -d' ' -f1`);
+    return stdout.trim();
+  } catch {
+    return "unknown";
+  }
+}
+
+// Read bytes at offset
+function readBytesAtOffset(filePath: string, offset: number, length: number): string {
+  const fd = fs.openSync(filePath, "r");
+  const buffer = Buffer.alloc(length);
+  fs.readSync(fd, buffer, 0, length, offset);
+  fs.closeSync(fd);
+  return buffer.toString("hex").match(/.{2}/g)?.join(" ").toUpperCase() || "";
+}
+
+// Write bytes at offset
+function writeBytesAtOffset(filePath: string, offset: number, hexData: string): void {
+  const bytes = Buffer.from(hexData.replace(/\s+/g, ""), "hex");
+  const fd = fs.openSync(filePath, "r+");
+  fs.writeSync(fd, bytes, 0, bytes.length, offset);
+  fs.closeSync(fd);
+}
+
+// --- Register a patch ---
+async function handlePatchRegister(args: {
+  filePath: string;
+  patchId: string;
+  offset: number;
+  patchedBytes: string;
+  description: string;
+  captureOriginal?: boolean;
+}) {
+  try {
+    const results: string[] = [];
+    results.push(`Register Patch: ${args.patchId}`);
+    results.push(`Binary: ${args.filePath}`);
+    results.push(`Offset: 0x${args.offset.toString(16)} (${args.offset})`);
+    results.push("");
+
+    // Validate file exists
+    if (!fs.existsSync(args.filePath)) {
+      return {
+        content: [{ type: "text", text: `Error: File not found: ${args.filePath}` }],
+        isError: true
+      };
+    }
+
+    // Normalize hex data
+    const patchedBytes = args.patchedBytes.replace(/\s+/g, "").toUpperCase();
+    const byteLength = patchedBytes.length / 2;
+
+    // Capture original bytes if requested
+    let originalBytes = "";
+    if (args.captureOriginal !== false) {
+      try {
+        originalBytes = readBytesAtOffset(args.filePath, args.offset, byteLength);
+        results.push(`Original bytes: ${originalBytes}`);
+      } catch (e) {
+        return {
+          content: [{ type: "text", text: `Error: Could not read original bytes - ${e instanceof Error ? e.message : String(e)}` }],
+          isError: true
+        };
+      }
+    }
+
+    // Save backup of original bytes
+    const backupFileName = `${path.basename(args.filePath)}.offset_${args.offset}.bin`;
+    const backupPath = path.join(BACKUPS_DIR, backupFileName);
+    if (originalBytes) {
+      fs.writeFileSync(backupPath, Buffer.from(originalBytes.replace(/\s+/g, ""), "hex"));
+      results.push(`Backup saved: ${backupPath}`);
+    }
+
+    // Load and update manifest
+    const manifest = loadManifest();
+    const checksum = await getFileChecksum(args.filePath);
+
+    if (!manifest.binaries[args.filePath]) {
+      manifest.binaries[args.filePath] = {
+        binaryPath: args.filePath,
+        binaryName: path.basename(args.filePath),
+        lastPatchedChecksum: checksum,
+        lastAppliedAt: new Date().toISOString(),
+        patches: []
+      };
+    }
+
+    // Check if patch ID already exists
+    const existingIndex = manifest.binaries[args.filePath].patches.findIndex(p => p.id === args.patchId);
+    const newPatch: PatchEntry = {
+      id: args.patchId,
+      offset: args.offset,
+      originalBytes: originalBytes || "UNKNOWN",
+      patchedBytes: patchedBytes.match(/.{2}/g)?.join(" ") || patchedBytes,
+      description: args.description,
+      createdAt: new Date().toISOString()
+    };
+
+    if (existingIndex >= 0) {
+      manifest.binaries[args.filePath].patches[existingIndex] = newPatch;
+      results.push(`Updated existing patch: ${args.patchId}`);
+    } else {
+      manifest.binaries[args.filePath].patches.push(newPatch);
+      results.push(`Registered new patch: ${args.patchId}`);
+    }
+
+    saveManifest(manifest);
+
+    results.push("");
+    results.push("Patch registered successfully!");
+    results.push(`Manifest: ${MANIFEST_PATH}`);
+    results.push("");
+    results.push("To apply this patch, use: bin_patch_apply");
+
+    return { content: [{ type: "text", text: results.join("\n") }] };
+  } catch (error) {
+    return {
+      content: [{ type: "text", text: `Error: ${error instanceof Error ? error.message : String(error)}` }],
+      isError: true
+    };
+  }
+}
+
+// --- Apply all registered patches ---
+async function handlePatchApply(args: {
+  filePath: string;
+  resign?: boolean;
+  removeQuarantine?: boolean;
+}) {
+  const isMac = isMacOS();
+  const resign = args.resign !== false && isMac;
+  const removeQuarantine = args.removeQuarantine !== false && isMac;
+
+  try {
+    const results: string[] = [];
+    results.push(`Apply Patches: ${args.filePath}`);
+    results.push("");
+
+    // Load manifest
+    const manifest = loadManifest();
+    const record = manifest.binaries[args.filePath];
+
+    if (!record || record.patches.length === 0) {
+      results.push("No registered patches found for this binary.");
+      results.push("");
+      results.push("To register a patch, use: bin_patch_register");
+      return { content: [{ type: "text", text: results.join("\n") }] };
+    }
+
+    // Check current checksum
+    const currentChecksum = await getFileChecksum(args.filePath);
+    results.push(`Current checksum: ${currentChecksum.substring(0, 16)}...`);
+    results.push(`Last patched checksum: ${record.lastPatchedChecksum.substring(0, 16)}...`);
+
+    if (currentChecksum === record.lastPatchedChecksum) {
+      results.push("Status: Binary appears to already have patches applied.");
+      results.push("Use force=true to re-apply anyway.");
+      return { content: [{ type: "text", text: results.join("\n") }] };
+    }
+
+    results.push("Binary has been updated - applying patches...");
+    results.push("");
+
+    // Create backup of entire binary
+    const backupPath = `${args.filePath}.prepatch`;
+    fs.copyFileSync(args.filePath, backupPath);
+    results.push(`Backup: ${backupPath}`);
+
+    // Apply each patch
+    let appliedCount = 0;
+    for (const patch of record.patches) {
+      try {
+        results.push(`Applying: ${patch.id}`);
+        results.push(`  Offset: 0x${patch.offset.toString(16)}`);
+        results.push(`  Bytes: ${patch.patchedBytes}`);
+
+        writeBytesAtOffset(args.filePath, patch.offset, patch.patchedBytes);
+        appliedCount++;
+        results.push("  Status: Applied");
+      } catch (e) {
+        results.push(`  Status: FAILED - ${e instanceof Error ? e.message : String(e)}`);
+      }
+    }
+
+    // macOS: resign and remove quarantine
+    if (isMac && appliedCount > 0) {
+      results.push("");
+
+      if (resign) {
+        results.push("Re-signing binary...");
+        try {
+          await execAsync(`codesign --remove-signature "${args.filePath}" 2>&1`);
+          await execAsync(`codesign --force --sign - "${args.filePath}"`);
+          results.push("  Status: Re-signed with ad-hoc signature");
+        } catch (e) {
+          results.push(`  Warning: ${e instanceof Error ? e.message : String(e)}`);
+        }
+      }
+
+      if (removeQuarantine) {
+        results.push("Removing quarantine...");
+        try {
+          await execAsync(`xattr -d com.apple.quarantine "${args.filePath}" 2>&1`);
+          await execAsync(`xattr -d com.apple.provenance "${args.filePath}" 2>&1`);
+          results.push("  Status: Quarantine attributes removed");
+        } catch {
+          results.push("  Status: No quarantine to remove");
+        }
+      }
+    }
+
+    // Update manifest with new checksum
+    const newChecksum = await getFileChecksum(args.filePath);
+    record.lastPatchedChecksum = newChecksum;
+    record.lastAppliedAt = new Date().toISOString();
+    saveManifest(manifest);
+
+    results.push("");
+    results.push(`=== SUMMARY ===`);
+    results.push(`Patches applied: ${appliedCount}/${record.patches.length}`);
+    results.push(`New checksum: ${newChecksum.substring(0, 16)}...`);
+    results.push("Binary is ready to use.");
+
+    return { content: [{ type: "text", text: results.join("\n") }] };
+  } catch (error) {
+    return {
+      content: [{ type: "text", text: `Error: ${error instanceof Error ? error.message : String(error)}` }],
+      isError: true
+    };
+  }
+}
+
+// --- Verify patches are applied ---
+async function handlePatchVerify(args: { filePath: string }) {
+  try {
+    const results: string[] = [];
+    results.push(`Verify Patches: ${args.filePath}`);
+    results.push("");
+
+    // Load manifest
+    const manifest = loadManifest();
+    const record = manifest.binaries[args.filePath];
+
+    if (!record || record.patches.length === 0) {
+      results.push("No registered patches found for this binary.");
+      return { content: [{ type: "text", text: results.join("\n") }] };
+    }
+
+    // Get current checksum
+    const currentChecksum = await getFileChecksum(args.filePath);
+    results.push(`Current checksum: ${currentChecksum.substring(0, 16)}...`);
+    results.push(`Expected checksum: ${record.lastPatchedChecksum.substring(0, 16)}...`);
+    results.push("");
+
+    // Check if binary was updated
+    if (currentChecksum !== record.lastPatchedChecksum) {
+      results.push("⚠️  Binary has been UPDATED since last patch.");
+      results.push("   Run bin_patch_apply to re-apply patches.");
+      results.push("");
+    } else {
+      results.push("✓ Binary checksum matches patched version.");
+      results.push("");
+    }
+
+    // Verify each patch by reading current bytes
+    results.push("Patch Status:");
+    let allApplied = true;
+    for (const patch of record.patches) {
+      try {
+        const byteLength = patch.patchedBytes.replace(/\s+/g, "").length / 2;
+        const currentBytes = readBytesAtOffset(args.filePath, patch.offset, byteLength);
+        const normalizedCurrent = currentBytes.replace(/\s+/g, "").toUpperCase();
+        const normalizedPatched = patch.patchedBytes.replace(/\s+/g, "").toUpperCase();
+
+        if (normalizedCurrent === normalizedPatched) {
+          results.push(`  ✓ ${patch.id}: APPLIED`);
+        } else if (normalizedCurrent === patch.originalBytes.replace(/\s+/g, "").toUpperCase()) {
+          results.push(`  ✗ ${patch.id}: NOT APPLIED (original bytes present)`);
+          allApplied = false;
+        } else {
+          results.push(`  ? ${patch.id}: UNKNOWN (bytes don't match expected)`);
+          results.push(`      Current: ${currentBytes}`);
+          results.push(`      Expected: ${patch.patchedBytes}`);
+          allApplied = false;
+        }
+      } catch (e) {
+        results.push(`  ✗ ${patch.id}: ERROR - ${e instanceof Error ? e.message : String(e)}`);
+        allApplied = false;
+      }
+    }
+
+    results.push("");
+    if (allApplied && currentChecksum === record.lastPatchedChecksum) {
+      results.push("Status: All patches verified and applied.");
+    } else if (!allApplied) {
+      results.push("Status: Some patches need to be applied.");
+      results.push("Action: Run bin_patch_apply");
+    } else {
+      results.push("Status: Binary may have been updated. Re-apply patches.");
+      results.push("Action: Run bin_patch_apply");
+    }
+
+    return { content: [{ type: "text", text: results.join("\n") }] };
+  } catch (error) {
+    return {
+      content: [{ type: "text", text: `Error: ${error instanceof Error ? error.message : String(error)}` }],
+      isError: true
+    };
+  }
+}
+
+// --- Restore original bytes ---
+async function handlePatchRestore(args: {
+  filePath: string;
+  patchId?: string;
+  resign?: boolean;
+}) {
+  const isMac = isMacOS();
+  const resign = args.resign !== false && isMac;
+
+  try {
+    const results: string[] = [];
+    results.push(`Restore Patches: ${args.filePath}`);
+    results.push("");
+
+    // Load manifest
+    const manifest = loadManifest();
+    const record = manifest.binaries[args.filePath];
+
+    if (!record || record.patches.length === 0) {
+      results.push("No registered patches found for this binary.");
+      return { content: [{ type: "text", text: results.join("\n") }] };
+    }
+
+    // Filter patches if specific ID requested
+    const patchesToRestore = args.patchId
+      ? record.patches.filter(p => p.id === args.patchId)
+      : record.patches;
+
+    if (patchesToRestore.length === 0) {
+      results.push(`No patch found with ID: ${args.patchId}`);
+      return { content: [{ type: "text", text: results.join("\n") }] };
+    }
+
+    // Create backup
+    const backupPath = `${args.filePath}.prerestore`;
+    fs.copyFileSync(args.filePath, backupPath);
+    results.push(`Backup: ${backupPath}`);
+    results.push("");
+
+    // Restore each patch
+    let restoredCount = 0;
+    for (const patch of patchesToRestore) {
+      if (patch.originalBytes === "UNKNOWN") {
+        results.push(`${patch.id}: SKIPPED (no original bytes captured)`);
+        continue;
+      }
+
+      try {
+        results.push(`Restoring: ${patch.id}`);
+        writeBytesAtOffset(args.filePath, patch.offset, patch.originalBytes);
+        results.push(`  Offset: 0x${patch.offset.toString(16)}`);
+        results.push(`  Bytes: ${patch.originalBytes}`);
+        results.push("  Status: Restored");
+        restoredCount++;
+      } catch (e) {
+        results.push(`  Status: FAILED - ${e instanceof Error ? e.message : String(e)}`);
+      }
+    }
+
+    // macOS: resign
+    if (isMac && restoredCount > 0 && resign) {
+      results.push("");
+      results.push("Re-signing binary...");
+      try {
+        await execAsync(`codesign --remove-signature "${args.filePath}" 2>&1`);
+        await execAsync(`codesign --force --sign - "${args.filePath}"`);
+        results.push("  Status: Re-signed with ad-hoc signature");
+      } catch (e) {
+        results.push(`  Warning: ${e instanceof Error ? e.message : String(e)}`);
+      }
+    }
+
+    // Update manifest
+    const newChecksum = await getFileChecksum(args.filePath);
+    record.lastPatchedChecksum = newChecksum;
+    saveManifest(manifest);
+
+    results.push("");
+    results.push(`Restored: ${restoredCount}/${patchesToRestore.length} patches`);
+
+    return { content: [{ type: "text", text: results.join("\n") }] };
+  } catch (error) {
+    return {
+      content: [{ type: "text", text: `Error: ${error instanceof Error ? error.message : String(error)}` }],
+      isError: true
+    };
+  }
+}
+
+// --- List registered patches ---
+async function handlePatchList(args: { filePath?: string }) {
+  try {
+    const results: string[] = [];
+    results.push("Patch Registry");
+    results.push(`Manifest: ${MANIFEST_PATH}`);
+    results.push("");
+
+    const manifest = loadManifest();
+
+    if (Object.keys(manifest.binaries).length === 0) {
+      results.push("No patches registered.");
+      results.push("");
+      results.push("To register a patch, use: bin_patch_register");
+      return { content: [{ type: "text", text: results.join("\n") }] };
+    }
+
+    // Filter by file if specified
+    const binariesToShow = args.filePath
+      ? { [args.filePath]: manifest.binaries[args.filePath] }
+      : manifest.binaries;
+
+    for (const [binaryPath, record] of Object.entries(binariesToShow)) {
+      if (!record) continue;
+
+      results.push(`═══════════════════════════════════════════════════════════`);
+      results.push(`Binary: ${binaryPath}`);
+      results.push(`Name: ${record.binaryName}`);
+      results.push(`Patches: ${record.patches.length}`);
+      results.push(`Last Applied: ${record.lastAppliedAt}`);
+      results.push(`Checksum: ${record.lastPatchedChecksum.substring(0, 16)}...`);
+      results.push("");
+
+      if (record.patches.length > 0) {
+        results.push("Registered Patches:");
+        for (const patch of record.patches) {
+          results.push(`  ┌─ ${patch.id} ─────────────────────────────────`);
+          results.push(`  │ Offset: 0x${patch.offset.toString(16)} (${patch.offset})`);
+          results.push(`  │ Original: ${patch.originalBytes}`);
+          results.push(`  │ Patched:  ${patch.patchedBytes}`);
+          results.push(`  │ Description: ${patch.description}`);
+          results.push(`  │ Created: ${patch.createdAt}`);
+          results.push(`  └────────────────────────────────────────────`);
+        }
+      }
+      results.push("");
+    }
+
+    return { content: [{ type: "text", text: results.join("\n") }] };
+  } catch (error) {
+    return {
+      content: [{ type: "text", text: `Error: ${error instanceof Error ? error.message : String(error)}` }],
+      isError: true
+    };
+  }
+}
+
+// --- Remove a patch from registry ---
+async function handlePatchRemove(args: {
+  filePath: string;
+  patchId: string;
+}) {
+  try {
+    const results: string[] = [];
+    results.push(`Remove Patch: ${args.patchId}`);
+    results.push("");
+
+    const manifest = loadManifest();
+    const record = manifest.binaries[args.filePath];
+
+    if (!record) {
+      results.push("No patches registered for this binary.");
+      return { content: [{ type: "text", text: results.join("\n") }] };
+    }
+
+    const index = record.patches.findIndex(p => p.id === args.patchId);
+    if (index < 0) {
+      results.push(`Patch not found: ${args.patchId}`);
+      return { content: [{ type: "text", text: results.join("\n") }] };
+    }
+
+    const removed = record.patches.splice(index, 1)[0];
+    results.push("Removed patch:");
+    results.push(`  ID: ${removed.id}`);
+    results.push(`  Offset: 0x${removed.offset.toString(16)}`);
+    results.push(`  Description: ${removed.description}`);
+
+    // Remove binary entry if no patches left
+    if (record.patches.length === 0) {
+      delete manifest.binaries[args.filePath];
+      results.push("");
+      results.push("No more patches for this binary - removed from registry.");
+    }
+
+    saveManifest(manifest);
+    results.push("");
+    results.push("Patch removed from registry.");
+    results.push("Note: This does NOT undo the patch in the binary.");
+    results.push("Use bin_patch_restore to restore original bytes.");
+
+    return { content: [{ type: "text", text: results.join("\n") }] };
+  } catch (error) {
+    return {
+      content: [{ type: "text", text: `Error: ${error instanceof Error ? error.message : String(error)}` }],
+      isError: true
+    };
+  }
+}
+
 // ============================================================================
 // Tool definitions
 // ============================================================================
@@ -3102,6 +3688,83 @@ const TOOLS = [
       required: ["filePath"],
     },
   },
+  // Patch Management Tools
+  {
+    name: "bin_patch_register",
+    description: "Register a binary patch for persistence across updates. Captures original bytes and stores in manifest.",
+    inputSchema: {
+      type: "object" as const,
+      properties: {
+        filePath: { type: "string", description: "Path to the binary file" },
+        patchId: { type: "string", description: "Unique identifier for this patch (e.g., 'skip-permissions')" },
+        offset: { type: "number", description: "Byte offset to patch" },
+        patchedBytes: { type: "string", description: "Hex bytes to write (e.g., '90 90 90')" },
+        description: { type: "string", description: "Description of what this patch does" },
+        captureOriginal: { type: "boolean", description: "Capture original bytes (default: true)" },
+      },
+      required: ["filePath", "patchId", "offset", "patchedBytes", "description"],
+    },
+  },
+  {
+    name: "bin_patch_apply",
+    description: "Apply all registered patches to a binary. Handles macOS re-signing and quarantine. Detects binary updates.",
+    inputSchema: {
+      type: "object" as const,
+      properties: {
+        filePath: { type: "string", description: "Path to the binary file" },
+        resign: { type: "boolean", description: "Re-sign binary after patching (macOS, default: true)" },
+        removeQuarantine: { type: "boolean", description: "Remove quarantine after patching (macOS, default: true)" },
+      },
+      required: ["filePath"],
+    },
+  },
+  {
+    name: "bin_patch_verify",
+    description: "Verify if registered patches are currently applied to a binary. Detects if binary was updated.",
+    inputSchema: {
+      type: "object" as const,
+      properties: {
+        filePath: { type: "string", description: "Path to the binary file" },
+      },
+      required: ["filePath"],
+    },
+  },
+  {
+    name: "bin_patch_restore",
+    description: "Restore original bytes for registered patches. Undoes patches in the binary.",
+    inputSchema: {
+      type: "object" as const,
+      properties: {
+        filePath: { type: "string", description: "Path to the binary file" },
+        patchId: { type: "string", description: "Specific patch to restore (optional - restores all if omitted)" },
+        resign: { type: "boolean", description: "Re-sign binary after restoring (macOS, default: true)" },
+      },
+      required: ["filePath"],
+    },
+  },
+  {
+    name: "bin_patch_list",
+    description: "List all registered patches in the manifest, optionally filtered by binary.",
+    inputSchema: {
+      type: "object" as const,
+      properties: {
+        filePath: { type: "string", description: "Filter by binary path (optional)" },
+      },
+      required: [],
+    },
+  },
+  {
+    name: "bin_patch_remove",
+    description: "Remove a patch from the registry. Does NOT undo the patch in the binary.",
+    inputSchema: {
+      type: "object" as const,
+      properties: {
+        filePath: { type: "string", description: "Path to the binary file" },
+        patchId: { type: "string", description: "ID of the patch to remove from registry" },
+      },
+      required: ["filePath", "patchId"],
+    },
+  },
 ];
 
 // ============================================================================
@@ -3257,6 +3920,37 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         });
       case "bin_verify":
         return await handleBinVerify(args as { filePath: string });
+      // Patch Management handlers
+      case "bin_patch_register":
+        return await handlePatchRegister(args as {
+          filePath: string;
+          patchId: string;
+          offset: number;
+          patchedBytes: string;
+          description: string;
+          captureOriginal?: boolean;
+        });
+      case "bin_patch_apply":
+        return await handlePatchApply(args as {
+          filePath: string;
+          resign?: boolean;
+          removeQuarantine?: boolean;
+        });
+      case "bin_patch_verify":
+        return await handlePatchVerify(args as { filePath: string });
+      case "bin_patch_restore":
+        return await handlePatchRestore(args as {
+          filePath: string;
+          patchId?: string;
+          resign?: boolean;
+        });
+      case "bin_patch_list":
+        return await handlePatchList(args as { filePath?: string });
+      case "bin_patch_remove":
+        return await handlePatchRemove(args as {
+          filePath: string;
+          patchId: string;
+        });
       default:
         throw new Error(`Unknown tool: ${name}`);
     }