@jadchene/mcp-ssh-service 1.2.0 → 1.4.0

package/README.md

@@ -13,10 +13,12 @@ A **production-grade** Model Context Protocol (MCP) server designed for secure,
 ## 🌟 Key Pillars
 
 ### 🔒 Uncompromising Security
-*   **Two-Step Confirmation**: High-risk operations (writes, deletes, restarts) return a `confirmationId`. Nothing happens until a human approves the specific transaction.
-*   **Command Blacklist**: Real-time regex interception for catastrophic commands like `rm -rf /` or `mkfs`.
-*   **Server-Level Read-Only**: Lock specific servers to a non-destructive mode at the configuration level.
-*   **Restricted File Deletion**: Hardcoded prevention of accidental deletion of system-critical paths like `/etc` or `/usr`.
+*   **Two-Step Confirmation**: High-risk operations (writes, deletes, restarts) return a `confirmationId`. Nothing happens until a human approves the specific transaction.
+*   **Command Blacklist**: Real-time regex interception for catastrophic commands like `rm -rf /` or `mkfs`.
+*   **Command Whitelist**: Trusted final command strings can bypass manual confirmation by matching configured regex patterns. This applies to built-in high-risk tools and to `execute_batch` sub-commands.
+*   **Single-Command Enforcement**: `execute_command` rejects shell chaining, pipes, redirection, subshells, and multiline payloads at the server layer.
+*   **Server-Level Read-Only**: Lock specific servers to a non-destructive mode at the configuration level.
+*   **Restricted File Deletion**: Hardcoded prevention of accidental deletion of system-critical paths like `/etc` or `/usr`.
 
 ### 🧠 AI-Native Design
 *   **Semantic Infrastructure Discovery**: AI can list servers and understand their purposes via natural language descriptions.
@@ -44,20 +46,36 @@ git clone https://github.com/jadchene/mcp-ssh.git
 cd mcp-ssh
 npm install
 npm run build
-node dist/index.js --config ./config.json
-```
-
----
-
-## ⚙️ Configuration Schema
+node dist/index.js --config ./config.json
+```
+
+---
+
+## 🧩 Skill Integration (Recommended)
+
+For AI assistants (Codex / Gemini / similar agents), this repository includes an SSH MCP skill that significantly improves execution quality and safety consistency.
+
+- Skill path: `skills/ssh-mcp/SKILL.md`
+- Benefits:
+  - Enforces strict two-step confirmation for high-risk operations
+  - Prefers `execute_batch` for multi-step workflows and avoids risky command chaining
+  - Standardizes server discovery, dependency checks, and post-action verification
+  - Reduces accidental destructive operations and context-loss mistakes
+
+When your agent supports skills, load this skill before using SSH MCP tools for best results.
+
+---
+
+## ⚙️ Configuration Schema
 
 ### Global Settings
 | Parameter | Type | Description |
 | --- | --- | --- |
-| `logDir` | string | Directory for logs. Supports env vars like `${HOME}`. |
-| `commandBlacklist` | string[] | Prohibited command regex patterns (e.g., `["^rm -rf"]`). |
-| `defaultTimeout` | number | Command timeout in milliseconds (default: 60000). |
-| `servers` | object | Dictionary of server configs where key is the `serverAlias`. |
+| `logDir` | string | Directory for logs. Supports env vars like `${HOME}`. |
+| `commandBlacklist` | string[] | Prohibited command regex patterns (e.g., `["^rm -rf"]`). |
+| `commandWhitelist` | string[] | Trusted final-command regex patterns that can skip confirmation for high-risk tools and `execute_batch` sub-commands. |
+| `defaultTimeout` | number | Command timeout in milliseconds (default: 60000). |
+| `servers` | object | Dictionary of server configs where key is the `serverAlias`. |
 
 ### Server Object
 | Parameter | Type | Description |
@@ -76,14 +94,15 @@ node dist/index.js --config ./config.json
 
 ---
 
-## ⚙️ Configuration Example
-
-```json
-{
-  "logDir": "./logs",
-  "defaultTimeout": 60000,
-  "commandBlacklist": ["^apt-get upgrade", "curl.*\\|.*sh"],
-  "servers": {
+## ⚙️ Configuration Example
+
+```json
+{
+  "logDir": "./logs",
+  "defaultTimeout": 60000,
+  "commandBlacklist": ["^apt-get upgrade", "curl.*\\|.*sh"],
+  "commandWhitelist": ["^systemctl status\\s+nginx$", "^docker ps$"],
+  "servers": {
     "prod-web": {
       "desc": "Primary API Cluster",
       "host": "10.0.0.5",
@@ -99,12 +118,66 @@ node dist/index.js --config ./config.json
       }
     }
   }
-}
-```
+}
+```
+
+---
+
+## MCP Client Configuration
+
+The following examples show how to register this MCP server in common AI clients. Replace the config path with your own local file path. To keep the setup portable, the examples below intentionally avoid absolute paths.
+
+### Codex
+
+`~/.codex/config.toml`
+
+```toml
+[mcp_servers.ssh]
+command = "mcp-ssh-service"
+args = ["--config", "./config.json"]
+```
+
+### Gemini CLI
+
+`~/.gemini/settings.json`
+
+```json
+{
+  "mcpServers": {
+    "ssh": {
+      "type": "stdio",
+      "command": "mcp-ssh-service",
+      "args": [
+        "--config",
+        "./config.json"
+      ]
+    }
+  }
+}
+```
+
+### Claude Code
+
+`~/.claude.json`
+
+```json
+{
+  "mcpServers": {
+    "ssh": {
+      "type": "stdio",
+      "command": "mcp-ssh-service",
+      "args": [
+        "--config",
+        "./config.json"
+      ]
+    }
+  }
+}
+```
 
 ---
 
-## 🛠️ Integrated Toolset (50 Tools)
+## 🛠️ Integrated Toolset (79 Tools)
 
 ### Discovery & Core (8)
 * `list_servers`
@@ -117,10 +190,10 @@ node dist/index.js --config ./config.json
 * `execute_batch` [Auth Required if any sub-command is high-risk]
 
 ### Shell & Basic (2)
-* `execute_command` [Auth Required]
+* `execute_command` [Auth Required, single command only]
 * `echo`
 
-### File Management (10)
+### File Management (15)
 * `upload_file` [Auth Required]
 * `download_file`
 * `ll`
@@ -129,14 +202,23 @@ node dist/index.js --config ./config.json
 * `grep`
 * `edit_text_file` [Auth Required]
 * `touch`
+* `mkdir` [Auth Required]
+* `mv` [Auth Required]
+* `cp` [Auth Required]
+* `append_text_file` [Auth Required]
+* `replace_in_file` [Auth Required]
 * `rm_safe` [Auth Required]
 * `find`
 
-### Git (2)
+### Git (6)
 * `git_status`
+* `git_fetch` [Auth Required]
 * `git_pull` [Auth Required]
+* `git_switch` [Auth Required]
+* `git_branch`
+* `git_log`
 
-### Docker & Compose (17)
+### Docker & Compose (21)
 * `docker_compose_up` [Auth Required]
 * `docker_compose_down` [Auth Required]
 * `docker_compose_stop` [Auth Required]
@@ -144,43 +226,71 @@ node dist/index.js --config ./config.json
 * `docker_compose_restart` [Auth Required]
 * `docker_ps`
 * `docker_images`
+* `docker_exec` [Auth Required]
+* `docker_inspect`
+* `docker_stats`
 * `docker_pull` [Auth Required]
 * `docker_cp` [Auth Required]
 * `docker_stop` [Auth Required]
 * `docker_rm` [Auth Required]
 * `docker_start` [Auth Required]
+* `docker_restart` [Auth Required]
 * `docker_rmi` [Auth Required]
 * `docker_commit` [Auth Required]
 * `docker_logs`
 * `docker_load` [Auth Required]
 * `docker_save` [Auth Required]
 
-### Service & Network (7)
+### Service & Network (14)
 * `systemctl_status`
 * `systemctl_restart` [Auth Required]
 * `systemctl_start` [Auth Required]
 * `systemctl_stop` [Auth Required]
 * `ip_addr`
-* `firewall_cmd` [Auth Required]
-* `netstat`
+* `journalctl`
+* `firewall_cmd` [Auth Required, structured actions only]
+* `netstat` [uses `args: string[]`]
+* `ss` [uses `args: string[]`]
+* `ping_host`
+* `traceroute`
+* `nslookup`
+* `dig`
+* `curl_http` [Auth Required]
 
-### Stats & Process (4)
+### Stats & Process (13)
 * `nvidia_smi`
 * `ps`
+* `pgrep`
+* `kill_process` [Auth Required]
 * `df_h`
 * `du_sh`
+* `chmod` [Auth Required]
+* `chown` [Auth Required]
+* `ln` [Auth Required]
+* `tar_create` [Auth Required]
+* `tar_extract` [Auth Required]
+* `zip` [Auth Required]
+* `unzip` [Auth Required]
 
-Total: 50 tools.
+Total: 79 tools.
 
 ---
 
-## 🔐 The Confirmation Workflow
-
+## 🔐 The Confirmation Workflow
+
 1.  **Request**: AI calls `execute_command({ command: 'systemctl restart nginx' })`.
-2.  **Intercept**: Server returns `status: "pending"` with a `confirmationId`.
-3.  **Human Input**: You review the action in your chat client and approve.
+2.  **Intercept**: Server returns `status: "pending"` with a `confirmationId`.
+3.  **Human Input**: You review the action in your chat client and approve.
 4.  **Execution**: AI calls `execute_command` again with the `confirmationId` and `confirmExecution: true`.
-5.  **Verify**: Server ensures parameters match exactly and executes the SSH command.
+5.  **Verify**: Server ensures parameters match exactly and executes the SSH command.
+
+If a high-risk tool's final command string matches `commandWhitelist`, the server skips the pending confirmation step and runs it directly. For `execute_batch`, only non-whitelisted high-risk sub-commands keep the batch in the confirmation flow.
+
+`execute_command` is limited to one shell command segment. The server rejects chaining operators such as `&&`, `||`, `;`, pipes, redirection, subshell syntax, and multiline input. For built-in tools, user-provided parameters are shell-escaped before execution to reduce command injection risk.
+
+`firewall_cmd` no longer accepts a free-form shell fragment. Use structured fields such as `action`, `port`, `zone`, `permanent`, and `listTarget`. `netstat` now accepts `args: string[]` so each option is validated as an individual token.
+
+Use `mkdir` for directory creation instead of `execute_command "mkdir ..."`. Set `parents: true` when you need `mkdir -p` behavior.
 
 ---
 

package/dist/config.js

@@ -117,6 +117,9 @@ export class ConfigManager {
     getGlobalBlacklist() {
         return this.config.commandBlacklist || [];
     }
+    getGlobalWhitelist() {
+        return this.config.commandWhitelist || [];
+    }
     getDefaultTimeout() {
         return this.config.defaultTimeout || 60000;
     }

package/dist/tools/definitions.js

@@ -55,7 +55,7 @@ export const toolDefinitions = [
     // --- Batch (Core) ---
     {
         name: 'execute_batch',
-        description: 'Workflow automation: Executes a sequence of multiple tools in a single persistent SSH session. REQUIRES CONFIRMATION if any sub-tool is high-risk.',
+        description: 'Workflow automation: Executes a sequence of multiple tools in a single persistent SSH session. REQUIRES CONFIRMATION when any high-risk sub-tool final command is not whitelisted.',
         inputSchema: baseParams({
             commands: {
                 type: 'array',
@@ -75,7 +75,7 @@ export const toolDefinitions = [
     // --- Shell & Basic (Requirements) ---
     {
         name: 'execute_command',
-        description: 'Arbitrary execution: Runs any shell command via SSH. REQUIRES CONFIRMATION.',
+        description: 'Single-command execution: Runs exactly one shell command segment via SSH. Rejects chaining, pipes, redirection, subshell syntax, and multiline input. REQUIRES CONFIRMATION unless the final command is whitelisted.',
         inputSchema: baseParams({
             command: { type: 'string' },
             ...cwdParam,
@@ -139,6 +139,31 @@ export const toolDefinitions = [
         description: 'Timestamp/File creation: Updates access time or creates empty file.',
         inputSchema: baseParams({ filePath: { type: 'string' } }, ['filePath'])
     },
+    {
+        name: 'mkdir',
+        description: 'Directory creation: Creates a directory. Set parents=true for mkdir -p behavior. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ path: { type: 'string' }, parents: { type: 'boolean' }, ...confirmationParams }, ['path'])
+    },
+    {
+        name: 'mv',
+        description: 'Move or rename a file or directory. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ source: { type: 'string' }, destination: { type: 'string' }, force: { type: 'boolean' }, ...confirmationParams }, ['source', 'destination'])
+    },
+    {
+        name: 'cp',
+        description: 'Copy a file or directory. Set recursive=true for directories. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ source: { type: 'string' }, destination: { type: 'string' }, recursive: { type: 'boolean' }, preserve: { type: 'boolean' }, ...confirmationParams }, ['source', 'destination'])
+    },
+    {
+        name: 'append_text_file',
+        description: 'Append text to a file, creating it if needed. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ filePath: { type: 'string' }, content: { type: 'string' }, ...confirmationParams }, ['filePath', 'content'])
+    },
+    {
+        name: 'replace_in_file',
+        description: 'Replace literal text inside a file. Set replaceAll=false to replace only the first occurrence. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ filePath: { type: 'string' }, search: { type: 'string' }, replace: { type: 'string' }, replaceAll: { type: 'boolean' }, ...confirmationParams }, ['filePath', 'search', 'replace'])
+    },
     {
         name: 'rm_safe',
         description: 'File deletion: Removes file or directory. REQUIRES CONFIRMATION.',
@@ -155,11 +180,31 @@ export const toolDefinitions = [
         description: 'Git status: Displays repository status.',
         inputSchema: baseParams(cwdParam)
     },
+    {
+        name: 'git_fetch',
+        description: 'Git fetch: Updates remote tracking refs. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ ...cwdParam, all: { type: 'boolean' }, prune: { type: 'boolean' }, ...confirmationParams })
+    },
     {
         name: 'git_pull',
         description: 'Git update: Pulls latest changes. REQUIRES CONFIRMATION.',
         inputSchema: baseParams({ ...cwdParam, ...confirmationParams })
     },
+    {
+        name: 'git_switch',
+        description: 'Git switch: Switches branches, or creates one with create=true. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ ...cwdParam, branch: { type: 'string' }, create: { type: 'boolean' }, startPoint: { type: 'string' }, ...confirmationParams }, ['branch'])
+    },
+    {
+        name: 'git_branch',
+        description: 'Git branch: Lists local or all branches.',
+        inputSchema: baseParams({ ...cwdParam, all: { type: 'boolean' }, verbose: { type: 'boolean' } })
+    },
+    {
+        name: 'git_log',
+        description: 'Git log: Shows recent commit history.',
+        inputSchema: baseParams({ ...cwdParam, maxCount: { type: 'number' }, oneline: { type: 'boolean' }, path: { type: 'string' } })
+    },
     // --- Docker & Compose (Requirements) ---
     {
         name: 'docker_compose_up',
@@ -196,6 +241,21 @@ export const toolDefinitions = [
         description: 'List docker images.',
         inputSchema: baseParams(grepParam)
     },
+    {
+        name: 'docker_exec',
+        description: 'Run one process inside a running container without shell expansion. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ container: { type: 'string' }, command: { type: 'string' }, args: { type: 'array', items: { type: 'string' } }, user: { type: 'string' }, workdir: { type: 'string' }, ...confirmationParams }, ['container', 'command'])
+    },
+    {
+        name: 'docker_inspect',
+        description: 'Inspect a container, image, volume, or network.',
+        inputSchema: baseParams({ target: { type: 'string' }, format: { type: 'string' } }, ['target'])
+    },
+    {
+        name: 'docker_stats',
+        description: 'Show container resource usage.',
+        inputSchema: baseParams({ container: { type: 'string' }, noStream: { type: 'boolean' } })
+    },
     {
         name: 'docker_pull',
         description: 'Pull an image from a registry. REQUIRES CONFIRMATION.',
@@ -221,6 +281,11 @@ export const toolDefinitions = [
         description: 'Start one or more stopped containers. REQUIRES CONFIRMATION.',
         inputSchema: baseParams({ container: { type: 'string' }, ...confirmationParams }, ['container'])
     },
+    {
+        name: 'docker_restart',
+        description: 'Restart one or more running containers. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ container: { type: 'string' }, ...confirmationParams }, ['container'])
+    },
     {
         name: 'docker_rmi',
         description: 'Remove one or more images. REQUIRES CONFIRMATION.',
@@ -272,15 +337,57 @@ export const toolDefinitions = [
         description: 'Show network interface info.',
         inputSchema: baseParams(grepParam)
     },
+    {
+        name: 'journalctl',
+        description: 'Read systemd journal logs with optional unit, since, and priority filters.',
+        inputSchema: baseParams({ unit: { type: 'string' }, lines: { type: 'number' }, since: { type: 'string' }, priority: { type: 'string' }, grep: { type: 'string' } })
+    },
     {
         name: 'firewall_cmd',
-        description: 'Control the runtime/permanent firewall. REQUIRES CONFIRMATION.',
-        inputSchema: baseParams({ args: { type: 'string' }, ...confirmationParams }, ['args'])
+        description: 'Structured firewall control. Supports action=list|add-port|remove-port|reload with optional zone, permanent, and listTarget. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({
+            action: { type: 'string', enum: ['list', 'add-port', 'remove-port', 'reload'] },
+            listTarget: { type: 'string', enum: ['ports', 'services', 'all'] },
+            port: { type: 'string' },
+            zone: { type: 'string' },
+            permanent: { type: 'boolean' },
+            ...confirmationParams
+        }, ['action'])
     },
     {
         name: 'netstat',
-        description: 'Monitor ports/connections.',
-        inputSchema: baseParams({ args: { type: 'string' }, ...grepParam })
+        description: 'Monitor ports/connections. Use args as an array of individual option tokens, for example ["-t", "-u", "-l", "-n"].',
+        inputSchema: baseParams({ args: { type: 'array', items: { type: 'string' } }, ...grepParam })
+    },
+    {
+        name: 'ss',
+        description: 'Socket statistics. Use args as an array of individual option tokens, for example ["-t", "-u", "-l", "-n"].',
+        inputSchema: baseParams({ args: { type: 'array', items: { type: 'string' } }, ...grepParam })
+    },
+    {
+        name: 'ping_host',
+        description: 'Ping a host a fixed number of times.',
+        inputSchema: baseParams({ host: { type: 'string' }, count: { type: 'number' } }, ['host'])
+    },
+    {
+        name: 'traceroute',
+        description: 'Trace the network path to a host.',
+        inputSchema: baseParams({ host: { type: 'string' }, maxHops: { type: 'number' } }, ['host'])
+    },
+    {
+        name: 'nslookup',
+        description: 'Resolve hostnames using nslookup.',
+        inputSchema: baseParams({ host: { type: 'string' }, server: { type: 'string' } }, ['host'])
+    },
+    {
+        name: 'dig',
+        description: 'Resolve DNS records using dig.',
+        inputSchema: baseParams({ host: { type: 'string' }, recordType: { type: 'string' }, server: { type: 'string' } }, ['host'])
+    },
+    {
+        name: 'curl_http',
+        description: 'Perform an HTTP request with structured method, URL, headers, and optional body. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ method: { type: 'string' }, url: { type: 'string' }, headers: { type: 'array', items: { type: 'string' } }, body: { type: 'string' }, timeoutSeconds: { type: 'number' }, followRedirects: { type: 'boolean' }, ...confirmationParams }, ['method', 'url'])
     },
     // --- Stats & Process (Requirements) ---
     {
@@ -293,6 +400,16 @@ export const toolDefinitions = [
         description: 'Report a snapshot of the current processes.',
         inputSchema: baseParams(grepParam)
     },
+    {
+        name: 'pgrep',
+        description: 'Find process IDs by name or full command pattern.',
+        inputSchema: baseParams({ pattern: { type: 'string' }, fullCommand: { type: 'boolean' } }, ['pattern'])
+    },
+    {
+        name: 'kill_process',
+        description: 'Send a signal to a process ID. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ pid: { type: 'number' }, signal: { type: 'string' }, ...confirmationParams }, ['pid'])
+    },
     {
         name: 'df_h',
         description: 'System disk usage.',
@@ -302,5 +419,40 @@ export const toolDefinitions = [
         name: 'du_sh',
         description: 'Directory size estimation.',
         inputSchema: baseParams({ path: { type: 'string' }, ...grepParam }, ['path'])
+    },
+    {
+        name: 'chmod',
+        description: 'Change file mode bits. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ mode: { type: 'string' }, path: { type: 'string' }, recursive: { type: 'boolean' }, ...confirmationParams }, ['mode', 'path'])
+    },
+    {
+        name: 'chown',
+        description: 'Change file owner and group. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ owner: { type: 'string' }, path: { type: 'string' }, recursive: { type: 'boolean' }, ...confirmationParams }, ['owner', 'path'])
+    },
+    {
+        name: 'ln',
+        description: 'Create a link. Uses symbolic=true by default for symlinks. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ target: { type: 'string' }, linkPath: { type: 'string' }, symbolic: { type: 'boolean' }, force: { type: 'boolean' }, ...confirmationParams }, ['target', 'linkPath'])
+    },
+    {
+        name: 'tar_create',
+        description: 'Create a tar archive from one or more source paths. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ sourcePaths: { type: 'array', items: { type: 'string' } }, outputPath: { type: 'string' }, gzip: { type: 'boolean' }, ...confirmationParams }, ['sourcePaths', 'outputPath'])
+    },
+    {
+        name: 'tar_extract',
+        description: 'Extract a tar archive into a destination directory. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ archivePath: { type: 'string' }, destination: { type: 'string' }, gzip: { type: 'boolean' }, ...confirmationParams }, ['archivePath', 'destination'])
+    },
+    {
+        name: 'zip',
+        description: 'Create a zip archive from one or more source paths. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ sourcePaths: { type: 'array', items: { type: 'string' } }, outputPath: { type: 'string' }, recursive: { type: 'boolean' }, ...confirmationParams }, ['sourcePaths', 'outputPath'])
+    },
+    {
+        name: 'unzip',
+        description: 'Extract a zip archive into a destination directory. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ archivePath: { type: 'string' }, destination: { type: 'string' }, overwrite: { type: 'boolean' }, ...confirmationParams }, ['archivePath', 'destination'])
     }
 ];

package/dist/tools/handlers.js

@@ -4,17 +4,26 @@ const WRITE_TOOLS = [
     'execute_command',
     'upload_file',
     'edit_text_file',
+    'append_text_file',
+    'mkdir',
+    'mv',
+    'cp',
+    'replace_in_file',
     'rm_safe',
+    'git_fetch',
     'git_pull',
+    'git_switch',
     'docker_compose_up',
     'docker_compose_down',
     'docker_compose_stop',
     'docker_compose_restart',
+    'docker_exec',
     'docker_pull',
     'docker_cp',
     'docker_stop',
     'docker_rm',
     'docker_start',
+    'docker_restart',
     'docker_rmi',
     'docker_commit',
     'docker_load',
@@ -22,7 +31,16 @@ const WRITE_TOOLS = [
     'systemctl_restart',
     'systemctl_start',
     'systemctl_stop',
-    'firewall_cmd'
+    'firewall_cmd',
+    'kill_process',
+    'chmod',
+    'chown',
+    'ln',
+    'tar_create',
+    'tar_extract',
+    'zip',
+    'unzip',
+    'curl_http'
 ];
 const DEFAULT_BLACKLIST = [
     /rm\s+-(rf|fr|r|f)\s+\//i,
@@ -38,6 +56,13 @@ export class ToolHandlers {
     constructor(configManager) {
         this.configManager = configManager;
     }
+    /**
+     * Build regex list from config patterns using case-insensitive matching to keep
+     * behavior aligned with the existing blacklist implementation.
+     */
+    compileUserPatterns(patterns) {
+        return patterns.map((pattern) => new RegExp(pattern, 'i'));
+    }
     getServerConfig(alias) {
         const config = this.configManager.getServerConfig(alias);
         if (!config) {
@@ -53,38 +78,207 @@ export class ToolHandlers {
         }
         return cwd;
     }
+    /**
+     * Escape arbitrary text as a single POSIX shell argument to avoid command
+     * injection through built-in tool parameters.
+     */
+    shellEscape(value) {
+        return `'${String(value).replace(/'/g, `'\"'\"'`)}'`;
+    }
+    /**
+     * execute_command is intentionally limited to one command segment. Chaining,
+     * pipes, subshells, redirection, and multiline payloads must use safer tools
+     * or execute_batch instead.
+     */
+    validateSingleCommand(command) {
+        this.ensureNoShellControl(command, 'execute_command only supports a single command without shell chaining, pipes, redirection, subshells, or multiline input.');
+    }
+    /**
+     * Validate free-form option fragments that intentionally allow spaces but must
+     * never introduce shell control syntax.
+     */
+    validateShellFragment(value, fieldName) {
+        this.ensureNoShellControl(value, `${fieldName} contains forbidden shell control characters.`);
+    }
+    /**
+     * Validate one shell token that is expected to remain a single argument.
+     */
+    validateShellToken(value, fieldName) {
+        if (/\s/.test(value)) {
+            throw new Error(`${fieldName} must be a single token without spaces.`);
+        }
+        this.validateShellFragment(value, fieldName);
+    }
+    shellEscapeList(values) {
+        return values.map((value) => this.shellEscape(value)).join(' ');
+    }
+    validateTokenArray(values, fieldName) {
+        for (const [index, value] of (values || []).entries()) {
+            this.validateShellToken(value, `${fieldName}[${index}]`);
+        }
+    }
+    escapePerlEnvBase64(value) {
+        return Buffer.from(value).toString('base64');
+    }
+    ensureNoShellControl(value, errorMessage) {
+        const forbiddenOperators = [/&&/, /\|\|/, /;/, /\|/, /\$\(/, /`/, />/, /</, /\r|\n/];
+        for (const pattern of forbiddenOperators) {
+            if (pattern.test(value)) {
+                throw new Error(errorMessage);
+            }
+        }
+    }
     checkBlacklist(command) {
-        const userBlacklist = this.configManager.getGlobalBlacklist();
-        const combined = [...DEFAULT_BLACKLIST, ...userBlacklist.map(p => new RegExp(p, 'i'))];
-        for (const pattern of combined) {
+        const userBlacklist = this.compileUserPatterns(this.configManager.getGlobalBlacklist());
+        const normalizedCommand = this.stripQuotedLiterals(command);
+        for (const pattern of DEFAULT_BLACKLIST) {
+            if (pattern.test(normalizedCommand)) {
+                throw new Error(`Security Violation: Prohibited pattern: ${pattern.toString()}`);
+            }
+        }
+        for (const pattern of userBlacklist) {
             if (pattern.test(command)) {
                 throw new Error(`Security Violation: Prohibited pattern: ${pattern.toString()}`);
             }
         }
     }
+    /**
+     * Remove quoted literal payloads before evaluating built-in default blacklist
+     * rules so escaped user arguments do not look like executable shell syntax.
+     */
+    stripQuotedLiterals(command) {
+        return command
+            .replace(/'[^']*'/g, "''")
+            .replace(/"([^"\\]|\\.)*"/g, '""');
+    }
+    /**
+     * Whitelisted execute_command payloads can bypass the confirmation flow, but
+     * they still must pass blacklist validation first.
+     */
+    isCommandWhitelisted(command) {
+        const userWhitelist = this.compileUserPatterns(this.configManager.getGlobalWhitelist());
+        return userWhitelist.some((pattern) => pattern.test(command));
+    }
+    /**
+     * Resolve the exact shell command string that will be executed for command-based
+     * tools so that security rules operate on the same final text.
+     */
+    getExecutableCommand(name, params) {
+        let command = this.getCommandForTool(name, params);
+        if (!command)
+            return '';
+        if (params.grep) {
+            this.validateShellFragment(params.grep, 'grep');
+            command += ` | grep -E ${this.shellEscape(params.grep)}`;
+        }
+        return command;
+    }
+    /**
+     * Determine whether the current tool invocation still needs confirmation after
+     * command whitelist rules are applied to the final executable command.
+     */
+    requiresConfirmation(name, params) {
+        if (name !== 'execute_batch') {
+            if (!WRITE_TOOLS.includes(name))
+                return false;
+            const command = this.getExecutableCommand(name, params);
+            return command ? !this.isCommandWhitelisted(command) : true;
+        }
+        return params.commands?.some((cmd) => {
+            if (!WRITE_TOOLS.includes(cmd.name))
+                return false;
+            const command = this.getExecutableCommand(cmd.name, cmd.arguments);
+            return command ? !this.isCommandWhitelisted(command) : true;
+        }) ?? false;
+    }
+    /**
+     * Determine whether a tool invocation is fundamentally a write action,
+     * regardless of whether whitelist rules later skip manual confirmation.
+     */
+    isWriteToolCall(name, params) {
+        if (name !== 'execute_batch') {
+            return WRITE_TOOLS.includes(name);
+        }
+        return params.commands?.some((cmd) => WRITE_TOOLS.includes(cmd.name)) ?? false;
+    }
+    /**
+     * Apply blacklist validation to every command-bearing tool invocation before
+     * confirmation and execution.
+     */
+    validateToolCommand(name, params) {
+        if (name === 'execute_command') {
+            this.validateSingleCommand(params.command);
+        }
+        if ((name === 'netstat' || name === 'ss') && Array.isArray(params.args)) {
+            this.validateTokenArray(params.args, `${name}.args`);
+        }
+        if (name === 'docker_exec' && Array.isArray(params.args)) {
+            for (const [index, arg] of params.args.entries()) {
+                this.validateShellFragment(arg, `docker_exec.args[${index}]`);
+            }
+        }
+        if ((name === 'tar_create' || name === 'zip') && Array.isArray(params.sourcePaths)) {
+            if (params.sourcePaths.length === 0) {
+                throw new Error(`${name}.sourcePaths must contain at least one path.`);
+            }
+        }
+        if (name === 'curl_http') {
+            this.validateShellToken(String(params.method || 'GET').toUpperCase(), 'curl_http.method');
+            for (const [index, header] of (params.headers || []).entries()) {
+                this.validateShellFragment(header, `curl_http.headers[${index}]`);
+            }
+        }
+        const command = this.getExecutableCommand(name, params);
+        if (command) {
+            this.checkBlacklist(command);
+        }
+    }
     getCommandForTool(name, params) {
         switch (name) {
             case 'get_system_info': return 'echo "USER: $(whoami)"; echo "UPTIME: $(uptime)"; echo "KERNEL: $(uname -a)"; echo "MEMORY:"; free -m';
-            case 'check_dependencies': return `for cmd in ${params.commands.join(' ')}; do which $cmd || echo "$cmd not found"; done`;
+            case 'check_dependencies': return `for cmd in ${params.commands.map((cmd) => this.shellEscape(cmd)).join(' ')}; do which "$cmd" || echo "$cmd not found"; done`;
             case 'pwd': return 'pwd';
-            case 'cd': return `cd ${params.path}`;
+            case 'cd': return `cd ${this.shellEscape(params.path)}`;
             case 'll': return 'ls -l';
-            case 'cat': return `cat ${params.filePath}`;
-            case 'tail': return `tail -n ${params.lines || 50} ${params.filePath}`;
-            case 'grep': return `grep ${params.ignoreCase ? '-inE' : '-nE'} "${params.pattern.replace(/"/g, '\\"')}" ${params.filePath}`;
+            case 'cat': return `cat ${this.shellEscape(params.filePath)}`;
+            case 'tail': return `tail -n ${params.lines || 50} ${this.shellEscape(params.filePath)}`;
+            case 'grep': return `grep ${params.ignoreCase ? '-inE' : '-nE'} ${this.shellEscape(params.pattern)} ${this.shellEscape(params.filePath)}`;
             case 'edit_text_file':
                 const edB64 = Buffer.from(params.content).toString('base64');
-                return `echo "${edB64}" | base64 -d > ${params.filePath}`;
-            case 'touch': return `touch ${params.filePath}`;
+                return `printf '%s' ${this.shellEscape(edB64)} | base64 -d > ${this.shellEscape(params.filePath)}`;
+            case 'append_text_file':
+                const appendB64 = Buffer.from(params.content).toString('base64');
+                return `printf '%s' ${this.shellEscape(appendB64)} | base64 -d >> ${this.shellEscape(params.filePath)}`;
+            case 'touch': return `touch ${this.shellEscape(params.filePath)}`;
+            case 'mkdir': return `mkdir ${params.parents ? '-p ' : ''}${this.shellEscape(params.path)}`;
+            case 'mv': return `mv ${params.force ? '-f ' : ''}${this.shellEscape(params.source)} ${this.shellEscape(params.destination)}`;
+            case 'cp': return `cp ${(params.recursive ? '-r ' : '') + (params.preserve ? '-p ' : '')}${this.shellEscape(params.source)} ${this.shellEscape(params.destination)}`;
+            case 'replace_in_file': {
+                const searchB64 = this.escapePerlEnvBase64(params.search);
+                const replaceB64 = this.escapePerlEnvBase64(params.replace);
+                const replaceFlag = params.replaceAll === false ? '' : 'g';
+                return `SEARCH_B64=${this.shellEscape(searchB64)} REPLACE_B64=${this.shellEscape(replaceB64)} perl -0i -M MIME::Base64 -pe ${this.shellEscape(`BEGIN { $s = decode_base64($ENV{SEARCH_B64}); $r = decode_base64($ENV{REPLACE_B64}); } s/\\Q$s\\E/$r/${replaceFlag}`)} ${this.shellEscape(params.filePath)}`;
+            }
             case 'rm_safe':
                 const restricted = ['/', '/etc', '/usr', '/bin', '/var', '/root', '/home'];
                 if (restricted.includes(params.path.trim()))
                     throw new Error(`RM_SAFE: Denied for restricted directory.`);
-                return `rm ${params.recursive ? '-rf' : '-f'} ${params.path}`;
-            case 'echo': return `echo "${params.text}"`;
-            case 'find': return `find ${params.path} -name "${params.name}"`;
+                return `rm ${params.recursive ? '-rf' : '-f'} ${this.shellEscape(params.path)}`;
+            case 'echo': return `echo ${this.shellEscape(params.text)}`;
+            case 'find': return `find ${this.shellEscape(params.path)} -name ${this.shellEscape(params.name)}`;
             case 'git_status': return 'git status';
+            case 'git_fetch': return `git fetch ${params.all ? '--all ' : ''}${params.prune ? '--prune' : ''}`.trim();
             case 'git_pull': return 'git pull --no-edit';
+            case 'git_switch':
+                if (params.create) {
+                    return `git switch -c ${this.shellEscape(params.branch)}${params.startPoint ? ` ${this.shellEscape(params.startPoint)}` : ''}`;
+                }
+                if (params.startPoint) {
+                    throw new Error(`git_switch.startPoint is only valid when create=true.`);
+                }
+                return `git switch ${this.shellEscape(params.branch)}`;
+            case 'git_branch': return `git branch ${params.all ? '-a ' : ''}${params.verbose ? '-v' : ''}`.trim();
+            case 'git_log': return `git log ${params.oneline === false ? '' : '--oneline '}-n ${params.maxCount || 20}${params.path ? ` -- ${this.shellEscape(params.path)}` : ''}`.trim();
             case 'execute_command': return params.command;
             case 'docker_compose_up': return 'docker-compose up -d';
             case 'docker_compose_down': return 'docker-compose down --remove-orphans';
@@ -93,30 +287,121 @@ export class ToolHandlers {
             case 'docker_compose_restart': return 'docker-compose restart';
             case 'docker_ps': return 'docker ps';
             case 'docker_images': return 'docker images';
-            case 'docker_pull': return `docker pull ${params.image}`;
-            case 'docker_cp': return `docker cp ${params.source} ${params.destination}`;
-            case 'docker_stop': return `docker stop ${params.container}`;
-            case 'docker_rm': return `docker rm ${params.container}`;
-            case 'docker_start': return `docker start ${params.container}`;
-            case 'docker_rmi': return `docker rmi ${params.image}`;
-            case 'docker_commit': return `docker commit ${params.container} ${params.repository}`;
-            case 'docker_logs': return `docker logs -n ${params.lines || 100} ${params.container}`;
-            case 'docker_load': return `docker load -i ${params.path}`;
-            case 'docker_save': return `docker save -o ${params.path} ${params.image}`;
-            case 'systemctl_status': return `systemctl status ${params.service}`;
-            case 'systemctl_restart': return `systemctl restart ${params.service}`;
-            case 'systemctl_start': return `systemctl start ${params.service}`;
-            case 'systemctl_stop': return `systemctl stop ${params.service}`;
+            case 'docker_exec':
+                return `docker exec${params.user ? ` --user ${this.shellEscape(params.user)}` : ''}${params.workdir ? ` --workdir ${this.shellEscape(params.workdir)}` : ''} ${this.shellEscape(params.container)} ${this.shellEscape(params.command)}${params.args?.length ? ` ${this.shellEscapeList(params.args)}` : ''}`;
+            case 'docker_inspect':
+                return `docker inspect${params.format ? ` --format ${this.shellEscape(params.format)}` : ''} ${this.shellEscape(params.target)}`;
+            case 'docker_stats':
+                return `docker stats ${params.noStream === false ? '' : '--no-stream '}${params.container ? this.shellEscape(params.container) : ''}`.trim();
+            case 'docker_pull': return `docker pull ${this.shellEscape(params.image)}`;
+            case 'docker_cp': return `docker cp ${this.shellEscape(params.source)} ${this.shellEscape(params.destination)}`;
+            case 'docker_stop': return `docker stop ${this.shellEscape(params.container)}`;
+            case 'docker_rm': return `docker rm ${this.shellEscape(params.container)}`;
+            case 'docker_start': return `docker start ${this.shellEscape(params.container)}`;
+            case 'docker_restart': return `docker restart ${this.shellEscape(params.container)}`;
+            case 'docker_rmi': return `docker rmi ${this.shellEscape(params.image)}`;
+            case 'docker_commit': return `docker commit ${this.shellEscape(params.container)} ${this.shellEscape(params.repository)}`;
+            case 'docker_logs': return `docker logs -n ${params.lines || 100} ${this.shellEscape(params.container)}`;
+            case 'docker_load': return `docker load -i ${this.shellEscape(params.path)}`;
+            case 'docker_save': return `docker save -o ${this.shellEscape(params.path)} ${this.shellEscape(params.image)}`;
+            case 'systemctl_status': return `systemctl status ${this.shellEscape(params.service)}`;
+            case 'systemctl_restart': return `systemctl restart ${this.shellEscape(params.service)}`;
+            case 'systemctl_start': return `systemctl start ${this.shellEscape(params.service)}`;
+            case 'systemctl_stop': return `systemctl stop ${this.shellEscape(params.service)}`;
             case 'ip_addr': return 'ip addr';
-            case 'firewall_cmd': return `firewall-cmd ${params.args}`;
-            case 'netstat': return `netstat ${params.args || '-tuln'}`;
+            case 'journalctl':
+                return `journalctl --no-pager${params.unit ? ` -u ${this.shellEscape(params.unit)}` : ''}${params.priority ? ` -p ${this.shellEscape(params.priority)}` : ''}${params.since ? ` --since ${this.shellEscape(params.since)}` : ''} -n ${params.lines || 100}`;
+            case 'firewall_cmd':
+                return this.buildFirewallCommand(params);
+            case 'netstat':
+                return `netstat ${(params.args && params.args.length > 0) ? params.args.join(' ') : '-tuln'}`;
+            case 'ss':
+                return `ss ${(params.args && params.args.length > 0) ? params.args.join(' ') : '-tuln'}`;
+            case 'ping_host':
+                return `ping -c ${params.count || 4} ${this.shellEscape(params.host)}`;
+            case 'traceroute':
+                return `traceroute${params.maxHops ? ` -m ${params.maxHops}` : ''} ${this.shellEscape(params.host)}`;
+            case 'nslookup':
+                return `nslookup ${this.shellEscape(params.host)}${params.server ? ` ${this.shellEscape(params.server)}` : ''}`;
+            case 'dig':
+                return `dig ${this.shellEscape(params.host)}${params.recordType ? ` ${this.shellEscape(params.recordType)}` : ''}${params.server ? ` ${this.shellEscape(`@${params.server}`)}` : ''}`;
+            case 'curl_http': {
+                const method = String(params.method || 'GET').toUpperCase();
+                const headerArgs = (params.headers || []).map((header) => ` -H ${this.shellEscape(header)}`).join('');
+                const common = `curl -X ${method}${params.followRedirects ? ' -L' : ''}${params.timeoutSeconds ? ` --max-time ${params.timeoutSeconds}` : ''}${headerArgs} ${this.shellEscape(params.url)}`;
+                if (params.body !== undefined) {
+                    const bodyB64 = Buffer.from(params.body).toString('base64');
+                    return `printf '%s' ${this.shellEscape(bodyB64)} | base64 -d | ${common} --data-binary @-`;
+                }
+                return common;
+            }
             case 'df_h': return 'df -h';
-            case 'du_sh': return `du -sh ${params.path}`;
+            case 'du_sh': return `du -sh ${this.shellEscape(params.path)}`;
             case 'nvidia_smi': return 'nvidia-smi';
             case 'ps': return 'ps aux';
+            case 'pgrep': return `pgrep ${params.fullCommand ? '-af ' : '-a '}${this.shellEscape(params.pattern)}`;
+            case 'kill_process': return `kill -s ${this.shellEscape(params.signal || 'TERM')} ${params.pid}`;
+            case 'chmod': return `chmod ${params.recursive ? '-R ' : ''}${this.shellEscape(params.mode)} ${this.shellEscape(params.path)}`;
+            case 'chown': return `chown ${params.recursive ? '-R ' : ''}${this.shellEscape(params.owner)} ${this.shellEscape(params.path)}`;
+            case 'ln': return `ln ${params.symbolic === false ? '' : '-s '}${params.force ? '-f ' : ''}${this.shellEscape(params.target)} ${this.shellEscape(params.linkPath)}`;
+            case 'tar_create':
+                return `tar ${params.gzip ? '-czf' : '-cf'} ${this.shellEscape(params.outputPath)} ${this.shellEscapeList(params.sourcePaths)}`;
+            case 'tar_extract': {
+                return `mkdir -p ${this.shellEscape(params.destination)} && tar ${params.gzip ? '-xzf' : '-xf'} ${this.shellEscape(params.archivePath)} -C ${this.shellEscape(params.destination)}`;
+            }
+            case 'zip':
+                return `zip ${params.recursive === false ? '' : '-r '}${this.shellEscape(params.outputPath)} ${this.shellEscapeList(params.sourcePaths)}`.trim();
+            case 'unzip':
+                return `mkdir -p ${this.shellEscape(params.destination)} && unzip ${params.overwrite ? '-o ' : '-n '}${this.shellEscape(params.archivePath)} -d ${this.shellEscape(params.destination)}`;
             default: return '';
         }
     }
+    /**
+     * Build firewall-cmd from structured inputs so the service controls the final
+     * command shape instead of accepting a free-form shell fragment.
+     */
+    buildFirewallCommand(params) {
+        const parts = ['firewall-cmd'];
+        if (params.zone) {
+            this.validateShellToken(params.zone, 'firewall_cmd.zone');
+            parts.push(`--zone=${params.zone}`);
+        }
+        if (params.permanent) {
+            parts.push('--permanent');
+        }
+        switch (params.action) {
+            case 'reload':
+                parts.push('--reload');
+                break;
+            case 'list': {
+                const listTarget = params.listTarget || 'ports';
+                const targetMap = {
+                    ports: '--list-ports',
+                    services: '--list-services',
+                    all: '--list-all'
+                };
+                const targetFlag = targetMap[listTarget];
+                if (!targetFlag) {
+                    throw new Error(`Unsupported firewall_cmd.listTarget: ${listTarget}`);
+                }
+                parts.push(targetFlag);
+                break;
+            }
+            case 'add-port':
+            case 'remove-port': {
+                if (!params.port) {
+                    throw new Error(`firewall_cmd action '${params.action}' requires 'port'.`);
+                }
+                this.validateShellToken(params.port, 'firewall_cmd.port');
+                const flag = params.action === 'add-port' ? '--add-port' : '--remove-port';
+                parts.push(`${flag}=${params.port}`);
+                break;
+            }
+            default:
+                throw new Error(`Unsupported firewall_cmd action: ${params.action}`);
+        }
+        return parts.join(' ');
+    }
     async handleTool(name, args) {
         if (name === 'list_servers') {
             const servers = this.configManager.getAllServers();
@@ -138,11 +423,19 @@ export class ToolHandlers {
                 return `Connection failed for server '${serverAlias}': ${err.message}`;
             }
         }
+        this.validateToolCommand(name, params);
+        if (name === 'execute_batch') {
+            for (const cmd of params.commands || []) {
+                this.validateToolCommand(cmd.name, cmd.arguments);
+            }
+        }
         // --- Confirmation Logic ---
-        const isWriteAction = WRITE_TOOLS.includes(name) || (name === 'execute_batch' && params.commands?.some((c) => WRITE_TOOLS.includes(c.name)));
+        const isWriteToolCall = this.isWriteToolCall(name, params);
+        const isWriteAction = this.requiresConfirmation(name, params);
+        if (isWriteToolCall && srv.readOnly) {
+            throw new Error(`Server '${serverAlias}' is read-only.`);
+        }
         if (isWriteAction) {
-            if (srv.readOnly)
-                throw new Error(`Server '${serverAlias}' is read-only.`);
             if (confirmationId && confirmExecution === true) {
                 const isValid = confirmationManager.validateAndPop(confirmationId, name, serverAlias, args);
                 if (!isValid)
@@ -163,10 +456,6 @@ export class ToolHandlers {
             const commands = params.commands;
             let results = [];
             let currentBatchCwd = this.resolveCwd(srv, params.cwd);
-            for (const cmd of commands) {
-                if (cmd.name === 'execute_command')
-                    this.checkBlacklist(cmd.arguments.command);
-            }
             return await SSHClient.runSession(srv, async (conn) => {
                 for (const cmd of commands) {
                     if (cmd.name === 'cd') {
@@ -174,21 +463,17 @@ export class ToolHandlers {
                         results.push(`Directory changed to: ${currentBatchCwd}`);
                         continue;
                     }
-                    let cmdStr = this.getCommandForTool(cmd.name, cmd.arguments);
+                    let cmdStr = this.getExecutableCommand(cmd.name, cmd.arguments);
                     if (!cmdStr) {
                         results.push(`[${cmd.name}] Error: Not supported in batch.`);
                         continue;
                     }
-                    if (cmd.arguments.grep)
-                        cmdStr += ` | grep -E "${cmd.arguments.grep.replace(/"/g, '\\"')}"`;
                     const res = await SSHClient.executeOnConn(conn, cmdStr, currentBatchCwd, timeout);
                     results.push(`[${cmd.name}]\n${res.stdout}${res.stderr ? '\n[STDERR]\n' + res.stderr : ''}`);
                 }
                 return results.join('\n\n---\n\n');
             });
         }
-        if (name === 'execute_command')
-            this.checkBlacklist(params.command);
         const cwd = this.resolveCwd(srv, params.cwd);
         if (name === 'list_working_directories') {
             if (!srv.workingDirectories || Object.keys(srv.workingDirectories).length === 0) {
@@ -206,10 +491,8 @@ export class ToolHandlers {
             await SSHClient.downloadFile(srv, params.remotePath, params.localPath);
             return `Successfully downloaded ${params.remotePath} to ${params.localPath}`;
         }
-        let commandToRun = this.getCommandForTool(name, params);
+        let commandToRun = this.getExecutableCommand(name, params);
         if (commandToRun) {
-            if (params.grep)
-                commandToRun += ` | grep -E "${params.grep.replace(/"/g, '\\"')}"`;
             const res = await SSHClient.executeCommand(srv, commandToRun, cwd, timeout);
             let out = res.stdout;
             if (res.stderr)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jadchene/mcp-ssh-service",
-  "version": "1.2.0",
+  "version": "1.4.0",
   "description": "A production-ready, highly secure SSH MCP server featuring stateless connections, two-step operation confirmation, and comprehensive DevOps tool integration.",
   "main": "dist/index.js",
   "type": "module",
@@ -10,11 +10,12 @@
   "files": [
     "dist"
   ],
-  "scripts": {
-    "build": "tsc",
-    "prepare": "npm run build",
-    "watch": "tsc -w",
-    "prepublishOnly": "npm run build",
+  "scripts": {
+    "build": "tsc",
+    "test": "npm run build && node --test ./tests/handlers.test.mjs",
+    "prepare": "npm run build",
+    "watch": "tsc -w",
+    "prepublishOnly": "npm run build",
     "start": "node dist/index.js"
   },
   "keywords": [