@jadchene/mcp-ssh-service 1.3.0 → 1.4.1

package/README.md

@@ -177,7 +177,7 @@ args = ["--config", "./config.json"]
 
 ---
 
-## 🛠️ Integrated Toolset (50 Tools)
+## 🛠️ Integrated Toolset (79 Tools)
 
 ### Discovery & Core (8)
 * `list_servers`
@@ -193,23 +193,34 @@ args = ["--config", "./config.json"]
 * `execute_command` [Auth Required, single command only]
 * `echo`
 
-### File Management (10)
+### File Management (17)
 * `upload_file` [Auth Required]
 * `download_file`
 * `ll`
 * `cat`
+* `head`
 * `tail`
+* `sed`
 * `grep`
 * `edit_text_file` [Auth Required]
 * `touch`
+* `mkdir` [Auth Required]
+* `mv` [Auth Required]
+* `cp` [Auth Required]
+* `append_text_file` [Auth Required]
+* `replace_in_file` [Auth Required]
 * `rm_safe` [Auth Required]
 * `find`
 
-### Git (2)
+### Git (6)
 * `git_status`
+* `git_fetch` [Auth Required]
 * `git_pull` [Auth Required]
+* `git_switch` [Auth Required]
+* `git_branch`
+* `git_log`
 
-### Docker & Compose (17)
+### Docker & Compose (21)
 * `docker_compose_up` [Auth Required]
 * `docker_compose_down` [Auth Required]
 * `docker_compose_stop` [Auth Required]
@@ -217,33 +228,53 @@ args = ["--config", "./config.json"]
 * `docker_compose_restart` [Auth Required]
 * `docker_ps`
 * `docker_images`
+* `docker_exec` [Auth Required]
+* `docker_inspect`
+* `docker_stats`
 * `docker_pull` [Auth Required]
 * `docker_cp` [Auth Required]
 * `docker_stop` [Auth Required]
 * `docker_rm` [Auth Required]
 * `docker_start` [Auth Required]
+* `docker_restart` [Auth Required]
 * `docker_rmi` [Auth Required]
 * `docker_commit` [Auth Required]
 * `docker_logs`
 * `docker_load` [Auth Required]
 * `docker_save` [Auth Required]
 
-### Service & Network (7)
+### Service & Network (14)
 * `systemctl_status`
 * `systemctl_restart` [Auth Required]
 * `systemctl_start` [Auth Required]
 * `systemctl_stop` [Auth Required]
 * `ip_addr`
+* `journalctl`
 * `firewall_cmd` [Auth Required, structured actions only]
 * `netstat` [uses `args: string[]`]
-
-### Stats & Process (4)
+* `ss` [uses `args: string[]`]
+* `ping_host`
+* `traceroute`
+* `nslookup`
+* `dig`
+* `curl_http` [Auth Required]
+
+### Stats & Process (13)
 * `nvidia_smi`
 * `ps`
+* `pgrep`
+* `kill_process` [Auth Required]
 * `df_h`
 * `du_sh`
-
-Total: 50 tools.
+* `chmod` [Auth Required]
+* `chown` [Auth Required]
+* `ln` [Auth Required]
+* `tar_create` [Auth Required]
+* `tar_extract` [Auth Required]
+* `zip` [Auth Required]
+* `unzip` [Auth Required]
+
+Total: 81 tools.
 
 ---
 
@@ -260,6 +291,8 @@ If a high-risk tool's final command string matches `commandWhitelist`, the serve
 `execute_command` is limited to one shell command segment. The server rejects chaining operators such as `&&`, `||`, `;`, pipes, redirection, subshell syntax, and multiline input. For built-in tools, user-provided parameters are shell-escaped before execution to reduce command injection risk.
 
 `firewall_cmd` no longer accepts a free-form shell fragment. Use structured fields such as `action`, `port`, `zone`, `permanent`, and `listTarget`. `netstat` now accepts `args: string[]` so each option is validated as an individual token.
+
+Use `mkdir` for directory creation instead of `execute_command "mkdir ..."`. Set `parents: true` when you need `mkdir -p` behavior.
 
 ---
 

package/dist/tools/definitions.js

@@ -115,11 +115,26 @@ export const toolDefinitions = [
         description: 'File reading: Reads text file content.',
         inputSchema: baseParams({ filePath: { type: 'string' }, ...grepParam }, ['filePath'])
     },
+    {
+        name: 'head',
+        description: 'File preview: Reads the first N lines of a file.',
+        inputSchema: baseParams({ filePath: { type: 'string' }, lines: { type: 'number' }, ...grepParam }, ['filePath'])
+    },
     {
         name: 'tail',
         description: 'Log inspection: Reads last N lines of a file.',
         inputSchema: baseParams({ filePath: { type: 'string' }, lines: { type: 'number' }, ...grepParam }, ['filePath'])
     },
+    {
+        name: 'sed',
+        description: 'Line range reading: Reads an inclusive line range from a text file.',
+        inputSchema: baseParams({
+            filePath: { type: 'string' },
+            startLine: { type: 'number' },
+            endLine: { type: 'number' },
+            ...grepParam
+        }, ['filePath', 'startLine', 'endLine'])
+    },
     {
         name: 'grep',
         description: 'Pattern search: Search for a regex pattern in a file.',
@@ -139,6 +154,31 @@ export const toolDefinitions = [
         description: 'Timestamp/File creation: Updates access time or creates empty file.',
         inputSchema: baseParams({ filePath: { type: 'string' } }, ['filePath'])
     },
+    {
+        name: 'mkdir',
+        description: 'Directory creation: Creates a directory. Set parents=true for mkdir -p behavior. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ path: { type: 'string' }, parents: { type: 'boolean' }, ...confirmationParams }, ['path'])
+    },
+    {
+        name: 'mv',
+        description: 'Move or rename a file or directory. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ source: { type: 'string' }, destination: { type: 'string' }, force: { type: 'boolean' }, ...confirmationParams }, ['source', 'destination'])
+    },
+    {
+        name: 'cp',
+        description: 'Copy a file or directory. Set recursive=true for directories. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ source: { type: 'string' }, destination: { type: 'string' }, recursive: { type: 'boolean' }, preserve: { type: 'boolean' }, ...confirmationParams }, ['source', 'destination'])
+    },
+    {
+        name: 'append_text_file',
+        description: 'Append text to a file, creating it if needed. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ filePath: { type: 'string' }, content: { type: 'string' }, ...confirmationParams }, ['filePath', 'content'])
+    },
+    {
+        name: 'replace_in_file',
+        description: 'Replace literal text inside a file. Set replaceAll=false to replace only the first occurrence. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ filePath: { type: 'string' }, search: { type: 'string' }, replace: { type: 'string' }, replaceAll: { type: 'boolean' }, ...confirmationParams }, ['filePath', 'search', 'replace'])
+    },
     {
         name: 'rm_safe',
         description: 'File deletion: Removes file or directory. REQUIRES CONFIRMATION.',
@@ -155,11 +195,31 @@ export const toolDefinitions = [
         description: 'Git status: Displays repository status.',
         inputSchema: baseParams(cwdParam)
     },
+    {
+        name: 'git_fetch',
+        description: 'Git fetch: Updates remote tracking refs. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ ...cwdParam, all: { type: 'boolean' }, prune: { type: 'boolean' }, ...confirmationParams })
+    },
     {
         name: 'git_pull',
         description: 'Git update: Pulls latest changes. REQUIRES CONFIRMATION.',
         inputSchema: baseParams({ ...cwdParam, ...confirmationParams })
     },
+    {
+        name: 'git_switch',
+        description: 'Git switch: Switches branches, or creates one with create=true. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ ...cwdParam, branch: { type: 'string' }, create: { type: 'boolean' }, startPoint: { type: 'string' }, ...confirmationParams }, ['branch'])
+    },
+    {
+        name: 'git_branch',
+        description: 'Git branch: Lists local or all branches.',
+        inputSchema: baseParams({ ...cwdParam, all: { type: 'boolean' }, verbose: { type: 'boolean' } })
+    },
+    {
+        name: 'git_log',
+        description: 'Git log: Shows recent commit history.',
+        inputSchema: baseParams({ ...cwdParam, maxCount: { type: 'number' }, oneline: { type: 'boolean' }, path: { type: 'string' } })
+    },
     // --- Docker & Compose (Requirements) ---
     {
         name: 'docker_compose_up',
@@ -196,6 +256,21 @@ export const toolDefinitions = [
         description: 'List docker images.',
         inputSchema: baseParams(grepParam)
     },
+    {
+        name: 'docker_exec',
+        description: 'Run one process inside a running container without shell expansion. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ container: { type: 'string' }, command: { type: 'string' }, args: { type: 'array', items: { type: 'string' } }, user: { type: 'string' }, workdir: { type: 'string' }, ...confirmationParams }, ['container', 'command'])
+    },
+    {
+        name: 'docker_inspect',
+        description: 'Inspect a container, image, volume, or network.',
+        inputSchema: baseParams({ target: { type: 'string' }, format: { type: 'string' } }, ['target'])
+    },
+    {
+        name: 'docker_stats',
+        description: 'Show container resource usage.',
+        inputSchema: baseParams({ container: { type: 'string' }, noStream: { type: 'boolean' } })
+    },
     {
         name: 'docker_pull',
         description: 'Pull an image from a registry. REQUIRES CONFIRMATION.',
@@ -221,6 +296,11 @@ export const toolDefinitions = [
         description: 'Start one or more stopped containers. REQUIRES CONFIRMATION.',
         inputSchema: baseParams({ container: { type: 'string' }, ...confirmationParams }, ['container'])
     },
+    {
+        name: 'docker_restart',
+        description: 'Restart one or more running containers. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ container: { type: 'string' }, ...confirmationParams }, ['container'])
+    },
     {
         name: 'docker_rmi',
         description: 'Remove one or more images. REQUIRES CONFIRMATION.',
@@ -272,6 +352,11 @@ export const toolDefinitions = [
         description: 'Show network interface info.',
         inputSchema: baseParams(grepParam)
     },
+    {
+        name: 'journalctl',
+        description: 'Read systemd journal logs with optional unit, since, and priority filters.',
+        inputSchema: baseParams({ unit: { type: 'string' }, lines: { type: 'number' }, since: { type: 'string' }, priority: { type: 'string' }, grep: { type: 'string' } })
+    },
     {
         name: 'firewall_cmd',
         description: 'Structured firewall control. Supports action=list|add-port|remove-port|reload with optional zone, permanent, and listTarget. REQUIRES CONFIRMATION unless the final command is whitelisted.',
@@ -289,6 +374,36 @@ export const toolDefinitions = [
         description: 'Monitor ports/connections. Use args as an array of individual option tokens, for example ["-t", "-u", "-l", "-n"].',
         inputSchema: baseParams({ args: { type: 'array', items: { type: 'string' } }, ...grepParam })
     },
+    {
+        name: 'ss',
+        description: 'Socket statistics. Use args as an array of individual option tokens, for example ["-t", "-u", "-l", "-n"].',
+        inputSchema: baseParams({ args: { type: 'array', items: { type: 'string' } }, ...grepParam })
+    },
+    {
+        name: 'ping_host',
+        description: 'Ping a host a fixed number of times.',
+        inputSchema: baseParams({ host: { type: 'string' }, count: { type: 'number' } }, ['host'])
+    },
+    {
+        name: 'traceroute',
+        description: 'Trace the network path to a host.',
+        inputSchema: baseParams({ host: { type: 'string' }, maxHops: { type: 'number' } }, ['host'])
+    },
+    {
+        name: 'nslookup',
+        description: 'Resolve hostnames using nslookup.',
+        inputSchema: baseParams({ host: { type: 'string' }, server: { type: 'string' } }, ['host'])
+    },
+    {
+        name: 'dig',
+        description: 'Resolve DNS records using dig.',
+        inputSchema: baseParams({ host: { type: 'string' }, recordType: { type: 'string' }, server: { type: 'string' } }, ['host'])
+    },
+    {
+        name: 'curl_http',
+        description: 'Perform an HTTP request with structured method, URL, headers, and optional body. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ method: { type: 'string' }, url: { type: 'string' }, headers: { type: 'array', items: { type: 'string' } }, body: { type: 'string' }, timeoutSeconds: { type: 'number' }, followRedirects: { type: 'boolean' }, ...confirmationParams }, ['method', 'url'])
+    },
     // --- Stats & Process (Requirements) ---
     {
         name: 'nvidia_smi',
@@ -300,6 +415,16 @@ export const toolDefinitions = [
         description: 'Report a snapshot of the current processes.',
         inputSchema: baseParams(grepParam)
     },
+    {
+        name: 'pgrep',
+        description: 'Find process IDs by name or full command pattern.',
+        inputSchema: baseParams({ pattern: { type: 'string' }, fullCommand: { type: 'boolean' } }, ['pattern'])
+    },
+    {
+        name: 'kill_process',
+        description: 'Send a signal to a process ID. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ pid: { type: 'number' }, signal: { type: 'string' }, ...confirmationParams }, ['pid'])
+    },
     {
         name: 'df_h',
         description: 'System disk usage.',
@@ -309,5 +434,40 @@ export const toolDefinitions = [
         name: 'du_sh',
         description: 'Directory size estimation.',
         inputSchema: baseParams({ path: { type: 'string' }, ...grepParam }, ['path'])
+    },
+    {
+        name: 'chmod',
+        description: 'Change file mode bits. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ mode: { type: 'string' }, path: { type: 'string' }, recursive: { type: 'boolean' }, ...confirmationParams }, ['mode', 'path'])
+    },
+    {
+        name: 'chown',
+        description: 'Change file owner and group. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ owner: { type: 'string' }, path: { type: 'string' }, recursive: { type: 'boolean' }, ...confirmationParams }, ['owner', 'path'])
+    },
+    {
+        name: 'ln',
+        description: 'Create a link. Uses symbolic=true by default for symlinks. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ target: { type: 'string' }, linkPath: { type: 'string' }, symbolic: { type: 'boolean' }, force: { type: 'boolean' }, ...confirmationParams }, ['target', 'linkPath'])
+    },
+    {
+        name: 'tar_create',
+        description: 'Create a tar archive from one or more source paths. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ sourcePaths: { type: 'array', items: { type: 'string' } }, outputPath: { type: 'string' }, gzip: { type: 'boolean' }, ...confirmationParams }, ['sourcePaths', 'outputPath'])
+    },
+    {
+        name: 'tar_extract',
+        description: 'Extract a tar archive into a destination directory. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ archivePath: { type: 'string' }, destination: { type: 'string' }, gzip: { type: 'boolean' }, ...confirmationParams }, ['archivePath', 'destination'])
+    },
+    {
+        name: 'zip',
+        description: 'Create a zip archive from one or more source paths. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ sourcePaths: { type: 'array', items: { type: 'string' } }, outputPath: { type: 'string' }, recursive: { type: 'boolean' }, ...confirmationParams }, ['sourcePaths', 'outputPath'])
+    },
+    {
+        name: 'unzip',
+        description: 'Extract a zip archive into a destination directory. REQUIRES CONFIRMATION unless the final command is whitelisted.',
+        inputSchema: baseParams({ archivePath: { type: 'string' }, destination: { type: 'string' }, overwrite: { type: 'boolean' }, ...confirmationParams }, ['archivePath', 'destination'])
     }
 ];

package/dist/tools/handlers.js

@@ -4,17 +4,26 @@ const WRITE_TOOLS = [
     'execute_command',
     'upload_file',
     'edit_text_file',
+    'append_text_file',
+    'mkdir',
+    'mv',
+    'cp',
+    'replace_in_file',
     'rm_safe',
+    'git_fetch',
     'git_pull',
+    'git_switch',
     'docker_compose_up',
     'docker_compose_down',
     'docker_compose_stop',
     'docker_compose_restart',
+    'docker_exec',
     'docker_pull',
     'docker_cp',
     'docker_stop',
     'docker_rm',
     'docker_start',
+    'docker_restart',
     'docker_rmi',
     'docker_commit',
     'docker_load',
@@ -22,7 +31,16 @@ const WRITE_TOOLS = [
     'systemctl_restart',
     'systemctl_start',
     'systemctl_stop',
-    'firewall_cmd'
+    'firewall_cmd',
+    'kill_process',
+    'chmod',
+    'chown',
+    'ln',
+    'tar_create',
+    'tar_extract',
+    'zip',
+    'unzip',
+    'curl_http'
 ];
 const DEFAULT_BLACKLIST = [
     /rm\s+-(rf|fr|r|f)\s+\//i,
@@ -91,6 +109,25 @@ export class ToolHandlers {
         }
         this.validateShellFragment(value, fieldName);
     }
+    shellEscapeList(values) {
+        return values.map((value) => this.shellEscape(value)).join(' ');
+    }
+    validateTokenArray(values, fieldName) {
+        for (const [index, value] of (values || []).entries()) {
+            this.validateShellToken(value, `${fieldName}[${index}]`);
+        }
+    }
+    /**
+     * Validate positive line counts for text inspection helpers.
+     */
+    validatePositiveInteger(value, fieldName) {
+        if (!Number.isInteger(value) || value <= 0) {
+            throw new Error(`${fieldName} must be a positive integer.`);
+        }
+    }
+    escapePerlEnvBase64(value) {
+        return Buffer.from(value).toString('base64');
+    }
     ensureNoShellControl(value, errorMessage) {
         const forbiddenOperators = [/&&/, /\|\|/, /;/, /\|/, /\$\(/, /`/, />/, /</, /\r|\n/];
         for (const pattern of forbiddenOperators) {
@@ -180,9 +217,33 @@ export class ToolHandlers {
         if (name === 'execute_command') {
             this.validateSingleCommand(params.command);
         }
-        if (name === 'netstat' && Array.isArray(params.args)) {
+        if ((name === 'netstat' || name === 'ss') && Array.isArray(params.args)) {
+            this.validateTokenArray(params.args, `${name}.args`);
+        }
+        if ((name === 'head' || name === 'tail') && params.lines !== undefined) {
+            this.validatePositiveInteger(params.lines, `${name}.lines`);
+        }
+        if (name === 'sed') {
+            this.validatePositiveInteger(params.startLine, 'sed.startLine');
+            this.validatePositiveInteger(params.endLine, 'sed.endLine');
+            if (params.endLine < params.startLine) {
+                throw new Error(`sed.endLine must be greater than or equal to sed.startLine.`);
+            }
+        }
+        if (name === 'docker_exec' && Array.isArray(params.args)) {
             for (const [index, arg] of params.args.entries()) {
-                this.validateShellToken(arg, `netstat.args[${index}]`);
+                this.validateShellFragment(arg, `docker_exec.args[${index}]`);
+            }
+        }
+        if ((name === 'tar_create' || name === 'zip') && Array.isArray(params.sourcePaths)) {
+            if (params.sourcePaths.length === 0) {
+                throw new Error(`${name}.sourcePaths must contain at least one path.`);
+            }
+        }
+        if (name === 'curl_http') {
+            this.validateShellToken(String(params.method || 'GET').toUpperCase(), 'curl_http.method');
+            for (const [index, header] of (params.headers || []).entries()) {
+                this.validateShellFragment(header, `curl_http.headers[${index}]`);
             }
         }
         const command = this.getExecutableCommand(name, params);
@@ -198,12 +259,26 @@ export class ToolHandlers {
             case 'cd': return `cd ${this.shellEscape(params.path)}`;
             case 'll': return 'ls -l';
             case 'cat': return `cat ${this.shellEscape(params.filePath)}`;
+            case 'head': return `head -n ${params.lines || 40} ${this.shellEscape(params.filePath)}`;
             case 'tail': return `tail -n ${params.lines || 50} ${this.shellEscape(params.filePath)}`;
+            case 'sed': return `sed -n '${params.startLine},${params.endLine}p' ${this.shellEscape(params.filePath)}`;
             case 'grep': return `grep ${params.ignoreCase ? '-inE' : '-nE'} ${this.shellEscape(params.pattern)} ${this.shellEscape(params.filePath)}`;
             case 'edit_text_file':
                 const edB64 = Buffer.from(params.content).toString('base64');
                 return `printf '%s' ${this.shellEscape(edB64)} | base64 -d > ${this.shellEscape(params.filePath)}`;
+            case 'append_text_file':
+                const appendB64 = Buffer.from(params.content).toString('base64');
+                return `printf '%s' ${this.shellEscape(appendB64)} | base64 -d >> ${this.shellEscape(params.filePath)}`;
             case 'touch': return `touch ${this.shellEscape(params.filePath)}`;
+            case 'mkdir': return `mkdir ${params.parents ? '-p ' : ''}${this.shellEscape(params.path)}`;
+            case 'mv': return `mv ${params.force ? '-f ' : ''}${this.shellEscape(params.source)} ${this.shellEscape(params.destination)}`;
+            case 'cp': return `cp ${(params.recursive ? '-r ' : '') + (params.preserve ? '-p ' : '')}${this.shellEscape(params.source)} ${this.shellEscape(params.destination)}`;
+            case 'replace_in_file': {
+                const searchB64 = this.escapePerlEnvBase64(params.search);
+                const replaceB64 = this.escapePerlEnvBase64(params.replace);
+                const replaceFlag = params.replaceAll === false ? '' : 'g';
+                return `SEARCH_B64=${this.shellEscape(searchB64)} REPLACE_B64=${this.shellEscape(replaceB64)} perl -0i -M MIME::Base64 -pe ${this.shellEscape(`BEGIN { $s = decode_base64($ENV{SEARCH_B64}); $r = decode_base64($ENV{REPLACE_B64}); } s/\\Q$s\\E/$r/${replaceFlag}`)} ${this.shellEscape(params.filePath)}`;
+            }
             case 'rm_safe':
                 const restricted = ['/', '/etc', '/usr', '/bin', '/var', '/root', '/home'];
                 if (restricted.includes(params.path.trim()))
@@ -212,7 +287,18 @@ export class ToolHandlers {
             case 'echo': return `echo ${this.shellEscape(params.text)}`;
             case 'find': return `find ${this.shellEscape(params.path)} -name ${this.shellEscape(params.name)}`;
             case 'git_status': return 'git status';
+            case 'git_fetch': return `git fetch ${params.all ? '--all ' : ''}${params.prune ? '--prune' : ''}`.trim();
             case 'git_pull': return 'git pull --no-edit';
+            case 'git_switch':
+                if (params.create) {
+                    return `git switch -c ${this.shellEscape(params.branch)}${params.startPoint ? ` ${this.shellEscape(params.startPoint)}` : ''}`;
+                }
+                if (params.startPoint) {
+                    throw new Error(`git_switch.startPoint is only valid when create=true.`);
+                }
+                return `git switch ${this.shellEscape(params.branch)}`;
+            case 'git_branch': return `git branch ${params.all ? '-a ' : ''}${params.verbose ? '-v' : ''}`.trim();
+            case 'git_log': return `git log ${params.oneline === false ? '' : '--oneline '}-n ${params.maxCount || 20}${params.path ? ` -- ${this.shellEscape(params.path)}` : ''}`.trim();
             case 'execute_command': return params.command;
             case 'docker_compose_up': return 'docker-compose up -d';
             case 'docker_compose_down': return 'docker-compose down --remove-orphans';
@@ -221,11 +307,18 @@ export class ToolHandlers {
             case 'docker_compose_restart': return 'docker-compose restart';
             case 'docker_ps': return 'docker ps';
             case 'docker_images': return 'docker images';
+            case 'docker_exec':
+                return `docker exec${params.user ? ` --user ${this.shellEscape(params.user)}` : ''}${params.workdir ? ` --workdir ${this.shellEscape(params.workdir)}` : ''} ${this.shellEscape(params.container)} ${this.shellEscape(params.command)}${params.args?.length ? ` ${this.shellEscapeList(params.args)}` : ''}`;
+            case 'docker_inspect':
+                return `docker inspect${params.format ? ` --format ${this.shellEscape(params.format)}` : ''} ${this.shellEscape(params.target)}`;
+            case 'docker_stats':
+                return `docker stats ${params.noStream === false ? '' : '--no-stream '}${params.container ? this.shellEscape(params.container) : ''}`.trim();
             case 'docker_pull': return `docker pull ${this.shellEscape(params.image)}`;
             case 'docker_cp': return `docker cp ${this.shellEscape(params.source)} ${this.shellEscape(params.destination)}`;
             case 'docker_stop': return `docker stop ${this.shellEscape(params.container)}`;
             case 'docker_rm': return `docker rm ${this.shellEscape(params.container)}`;
             case 'docker_start': return `docker start ${this.shellEscape(params.container)}`;
+            case 'docker_restart': return `docker restart ${this.shellEscape(params.container)}`;
             case 'docker_rmi': return `docker rmi ${this.shellEscape(params.image)}`;
             case 'docker_commit': return `docker commit ${this.shellEscape(params.container)} ${this.shellEscape(params.repository)}`;
             case 'docker_logs': return `docker logs -n ${params.lines || 100} ${this.shellEscape(params.container)}`;
@@ -236,17 +329,50 @@ export class ToolHandlers {
             case 'systemctl_start': return `systemctl start ${this.shellEscape(params.service)}`;
             case 'systemctl_stop': return `systemctl stop ${this.shellEscape(params.service)}`;
             case 'ip_addr': return 'ip addr';
+            case 'journalctl':
+                return `journalctl --no-pager${params.unit ? ` -u ${this.shellEscape(params.unit)}` : ''}${params.priority ? ` -p ${this.shellEscape(params.priority)}` : ''}${params.since ? ` --since ${this.shellEscape(params.since)}` : ''} -n ${params.lines || 100}`;
             case 'firewall_cmd':
                 return this.buildFirewallCommand(params);
             case 'netstat':
-                return `netstat ${(params.args && params.args.length > 0) ? params.args.map((arg, index) => {
-                    this.validateShellToken(arg, `netstat.args[${index}]`);
-                    return arg;
-                }).join(' ') : '-tuln'}`;
+                return `netstat ${(params.args && params.args.length > 0) ? params.args.join(' ') : '-tuln'}`;
+            case 'ss':
+                return `ss ${(params.args && params.args.length > 0) ? params.args.join(' ') : '-tuln'}`;
+            case 'ping_host':
+                return `ping -c ${params.count || 4} ${this.shellEscape(params.host)}`;
+            case 'traceroute':
+                return `traceroute${params.maxHops ? ` -m ${params.maxHops}` : ''} ${this.shellEscape(params.host)}`;
+            case 'nslookup':
+                return `nslookup ${this.shellEscape(params.host)}${params.server ? ` ${this.shellEscape(params.server)}` : ''}`;
+            case 'dig':
+                return `dig ${this.shellEscape(params.host)}${params.recordType ? ` ${this.shellEscape(params.recordType)}` : ''}${params.server ? ` ${this.shellEscape(`@${params.server}`)}` : ''}`;
+            case 'curl_http': {
+                const method = String(params.method || 'GET').toUpperCase();
+                const headerArgs = (params.headers || []).map((header) => ` -H ${this.shellEscape(header)}`).join('');
+                const common = `curl -X ${method}${params.followRedirects ? ' -L' : ''}${params.timeoutSeconds ? ` --max-time ${params.timeoutSeconds}` : ''}${headerArgs} ${this.shellEscape(params.url)}`;
+                if (params.body !== undefined) {
+                    const bodyB64 = Buffer.from(params.body).toString('base64');
+                    return `printf '%s' ${this.shellEscape(bodyB64)} | base64 -d | ${common} --data-binary @-`;
+                }
+                return common;
+            }
             case 'df_h': return 'df -h';
             case 'du_sh': return `du -sh ${this.shellEscape(params.path)}`;
             case 'nvidia_smi': return 'nvidia-smi';
             case 'ps': return 'ps aux';
+            case 'pgrep': return `pgrep ${params.fullCommand ? '-af ' : '-a '}${this.shellEscape(params.pattern)}`;
+            case 'kill_process': return `kill -s ${this.shellEscape(params.signal || 'TERM')} ${params.pid}`;
+            case 'chmod': return `chmod ${params.recursive ? '-R ' : ''}${this.shellEscape(params.mode)} ${this.shellEscape(params.path)}`;
+            case 'chown': return `chown ${params.recursive ? '-R ' : ''}${this.shellEscape(params.owner)} ${this.shellEscape(params.path)}`;
+            case 'ln': return `ln ${params.symbolic === false ? '' : '-s '}${params.force ? '-f ' : ''}${this.shellEscape(params.target)} ${this.shellEscape(params.linkPath)}`;
+            case 'tar_create':
+                return `tar ${params.gzip ? '-czf' : '-cf'} ${this.shellEscape(params.outputPath)} ${this.shellEscapeList(params.sourcePaths)}`;
+            case 'tar_extract': {
+                return `mkdir -p ${this.shellEscape(params.destination)} && tar ${params.gzip ? '-xzf' : '-xf'} ${this.shellEscape(params.archivePath)} -C ${this.shellEscape(params.destination)}`;
+            }
+            case 'zip':
+                return `zip ${params.recursive === false ? '' : '-r '}${this.shellEscape(params.outputPath)} ${this.shellEscapeList(params.sourcePaths)}`.trim();
+            case 'unzip':
+                return `mkdir -p ${this.shellEscape(params.destination)} && unzip ${params.overwrite ? '-o ' : '-n '}${this.shellEscape(params.archivePath)} -d ${this.shellEscape(params.destination)}`;
             default: return '';
         }
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jadchene/mcp-ssh-service",
-  "version": "1.3.0",
+  "version": "1.4.1",
   "description": "A production-ready, highly secure SSH MCP server featuring stateless connections, two-step operation confirmation, and comprehensive DevOps tool integration.",
   "main": "dist/index.js",
   "type": "module",