@raghulm/aegis-mcp 1.0.4 → 1.0.7

package/tools/cicd/jenkins.py

@@ -0,0 +1,256 @@
+"""Jenkins CI/CD integration tools for Aegis MCP.
+
+Provides functions to manage Jenkins jobs and builds via the Jenkins REST API
+using the ``python-jenkins`` library.  Credentials (URL, username, API token)
+are passed per-call so no global state or environment variables are required.
+"""
+
+from __future__ import annotations
+
+import json
+from typing import Any
+
+import jenkins
+
+
+# ---------------------------------------------------------------------------
+# Helpers
+# ---------------------------------------------------------------------------
+
+def _client(url: str, username: str, api_token: str) -> jenkins.Jenkins:
+    """Return a configured Jenkins client, raising RuntimeError on failure."""
+    try:
+        server = jenkins.Jenkins(url, username=username, password=api_token)
+        # Verify credentials by fetching the server version header
+        server.get_whoami()
+        return server
+    except jenkins.JenkinsException as exc:
+        raise RuntimeError(
+            f"Cannot connect to Jenkins at '{url}': {exc}"
+        ) from exc
+    except Exception as exc:
+        raise RuntimeError(
+            f"Jenkins connection error: {exc}"
+        ) from exc
+
+
+# ---------------------------------------------------------------------------
+# Tool functions
+# ---------------------------------------------------------------------------
+
+def jenkins_list_jobs(url: str, username: str, api_token: str) -> list[dict]:
+    """List all jobs on a Jenkins server.
+
+    Returns a list of dicts with keys: name, url, color (build status indicator).
+    """
+    server = _client(url, username, api_token)
+    try:
+        jobs = server.get_all_jobs()
+        return [
+            {
+                "name": j.get("name", ""),
+                "url": j.get("url", ""),
+                "color": j.get("color", ""),
+            }
+            for j in jobs
+        ]
+    except jenkins.JenkinsException as exc:
+        raise RuntimeError(f"Failed to list Jenkins jobs: {exc}") from exc
+
+
+def jenkins_get_job_info(
+    url: str, username: str, api_token: str, job_name: str
+) -> dict:
+    """Get detailed information about a Jenkins job.
+
+    Returns build history, health reports, and configuration details.
+    """
+    server = _client(url, username, api_token)
+    try:
+        info = server.get_job_info(job_name)
+        return {
+            "name": info.get("name", ""),
+            "url": info.get("url", ""),
+            "description": info.get("description", ""),
+            "buildable": info.get("buildable", False),
+            "color": info.get("color", ""),
+            "last_build": info.get("lastBuild"),
+            "last_successful_build": info.get("lastSuccessfulBuild"),
+            "last_failed_build": info.get("lastFailedBuild"),
+            "health_report": info.get("healthReport", []),
+            "in_queue": info.get("inQueue", False),
+        }
+    except jenkins.NotFoundException:
+        raise RuntimeError(f"Jenkins job '{job_name}' not found")
+    except jenkins.JenkinsException as exc:
+        raise RuntimeError(
+            f"Failed to get info for job '{job_name}': {exc}"
+        ) from exc
+
+
+def jenkins_create_job(
+    url: str,
+    username: str,
+    api_token: str,
+    job_name: str,
+    config_xml: str = "",
+) -> dict:
+    """Create a new Jenkins job.
+
+    Args:
+        url: Jenkins server URL.
+        username: Jenkins username.
+        api_token: Jenkins API token.
+        job_name: Name for the new job.
+        config_xml: Jenkins job configuration XML.  If empty, a minimal
+            freestyle project config is used.
+
+    Returns:
+        Dict with the created job name and URL.
+    """
+    if not config_xml:
+        config_xml = jenkins.EMPTY_CONFIG_XML
+
+    server = _client(url, username, api_token)
+    try:
+        server.create_job(job_name, config_xml)
+        return {
+            "status": "created",
+            "job_name": job_name,
+            "url": f"{url.rstrip('/')}/job/{job_name}/",
+        }
+    except jenkins.JenkinsException as exc:
+        raise RuntimeError(
+            f"Failed to create job '{job_name}': {exc}"
+        ) from exc
+
+
+def jenkins_trigger_build(
+    url: str,
+    username: str,
+    api_token: str,
+    job_name: str,
+    parameters: str = "",
+) -> dict:
+    """Trigger a build for a Jenkins job.
+
+    Args:
+        url: Jenkins server URL.
+        username: Jenkins username.
+        api_token: Jenkins API token.
+        job_name: Name of the job to build.
+        parameters: Optional JSON string of build parameters,
+            e.g. '{"BRANCH": "main"}'.
+
+    Returns:
+        Dict with the queue item number.
+    """
+    server = _client(url, username, api_token)
+    try:
+        params: dict[str, Any] | None = None
+        if parameters:
+            params = json.loads(parameters)
+
+        queue_item = server.build_job(job_name, parameters=params)
+        return {
+            "status": "triggered",
+            "job_name": job_name,
+            "queue_item": queue_item,
+        }
+    except json.JSONDecodeError as exc:
+        raise RuntimeError(
+            f"Invalid parameters JSON: {exc}"
+        ) from exc
+    except jenkins.JenkinsException as exc:
+        raise RuntimeError(
+            f"Failed to trigger build for '{job_name}': {exc}"
+        ) from exc
+
+
+def jenkins_get_build_info(
+    url: str,
+    username: str,
+    api_token: str,
+    job_name: str,
+    build_number: int,
+) -> dict:
+    """Get information about a specific build.
+
+    Returns build result, duration, timestamp, and other metadata.
+    """
+    server = _client(url, username, api_token)
+    try:
+        info = server.get_build_info(job_name, build_number)
+        return {
+            "job_name": job_name,
+            "build_number": info.get("number"),
+            "result": info.get("result"),
+            "duration_ms": info.get("duration"),
+            "timestamp": info.get("timestamp"),
+            "building": info.get("building", False),
+            "url": info.get("url", ""),
+            "display_name": info.get("displayName", ""),
+        }
+    except jenkins.NotFoundException:
+        raise RuntimeError(
+            f"Build #{build_number} not found for job '{job_name}'"
+        )
+    except jenkins.JenkinsException as exc:
+        raise RuntimeError(
+            f"Failed to get build info for '{job_name}' #{build_number}: {exc}"
+        ) from exc
+
+
+def jenkins_get_build_log(
+    url: str,
+    username: str,
+    api_token: str,
+    job_name: str,
+    build_number: int,
+) -> dict:
+    """Fetch the console output of a Jenkins build.
+
+    Returns the full console log as a string (truncated to 50 000 chars to
+    keep MCP responses manageable).
+    """
+    server = _client(url, username, api_token)
+    try:
+        output = server.get_build_console_output(job_name, build_number)
+        max_len = 50_000
+        truncated = len(output) > max_len
+        return {
+            "job_name": job_name,
+            "build_number": build_number,
+            "log": output[:max_len],
+            "truncated": truncated,
+        }
+    except jenkins.NotFoundException:
+        raise RuntimeError(
+            f"Build #{build_number} not found for job '{job_name}'"
+        )
+    except jenkins.JenkinsException as exc:
+        raise RuntimeError(
+            f"Failed to get build log for '{job_name}' #{build_number}: {exc}"
+        ) from exc
+
+
+def jenkins_delete_job(
+    url: str, username: str, api_token: str, job_name: str
+) -> dict:
+    """Delete a Jenkins job.
+
+    Returns confirmation dict on success.
+    """
+    server = _client(url, username, api_token)
+    try:
+        server.delete_job(job_name)
+        return {
+            "status": "deleted",
+            "job_name": job_name,
+        }
+    except jenkins.NotFoundException:
+        raise RuntimeError(f"Jenkins job '{job_name}' not found")
+    except jenkins.JenkinsException as exc:
+        raise RuntimeError(
+            f"Failed to delete job '{job_name}': {exc}"
+        ) from exc

package/tools/cicd/pipeline.py

@@ -1,33 +1,33 @@
-from __future__ import annotations
-
-import requests
-
-
-def pipeline_status(base_url: str, pipeline_id: str, api_token: str) -> dict:
-    """Fetch the status of a CI/CD pipeline by its ID.
-
-    Args:
-        base_url: Base URL of the CI/CD service API.
-        pipeline_id: Unique identifier of the pipeline.
-        api_token: API token for authenticating with the CI/CD service.
-
-    Returns:
-        Pipeline status as a JSON-compatible dict.
-    """
-    try:
-        response = requests.get(
-            f"{base_url.rstrip('/')}/pipelines/{pipeline_id}",
-            headers={"Authorization": f"Bearer {api_token}"},
-            timeout=15,
-        )
-        response.raise_for_status()
-    except requests.ConnectionError as exc:
-        raise RuntimeError(f"Cannot connect to CI/CD service at '{base_url}': {exc}") from exc
-    except requests.HTTPError as exc:
-        raise RuntimeError(
-            f"CI/CD API error for pipeline '{pipeline_id}': {exc.response.status_code}"
-        ) from exc
-    except requests.Timeout as exc:
-        raise RuntimeError(f"CI/CD API request timed out for pipeline '{pipeline_id}'") from exc
-
-    return response.json()
+from __future__ import annotations
+
+import requests
+
+
+def pipeline_status(base_url: str, pipeline_id: str, api_token: str) -> dict:
+    """Fetch the status of a CI/CD pipeline by its ID.
+
+    Args:
+        base_url: Base URL of the CI/CD service API.
+        pipeline_id: Unique identifier of the pipeline.
+        api_token: API token for authenticating with the CI/CD service.
+
+    Returns:
+        Pipeline status as a JSON-compatible dict.
+    """
+    try:
+        response = requests.get(
+            f"{base_url.rstrip('/')}/pipelines/{pipeline_id}",
+            headers={"Authorization": f"Bearer {api_token}"},
+            timeout=15,
+        )
+        response.raise_for_status()
+    except requests.ConnectionError as exc:
+        raise RuntimeError(f"Cannot connect to CI/CD service at '{base_url}': {exc}") from exc
+    except requests.HTTPError as exc:
+        raise RuntimeError(
+            f"CI/CD API error for pipeline '{pipeline_id}': {exc.response.status_code}"
+        ) from exc
+    except requests.Timeout as exc:
+        raise RuntimeError(f"CI/CD API request timed out for pipeline '{pipeline_id}'") from exc
+
+    return response.json()

package/tools/git/repo.py

@@ -1,22 +1,22 @@
-from __future__ import annotations
-
-import subprocess
-
-
-def get_recent_commits(limit: int = 10) -> list[dict[str, str]]:
-    try:
-        raw = subprocess.check_output(
-            ["git", "log", f"-{limit}", "--pretty=format:%H|%an|%s"],
-            text=True,
-        )
-    except FileNotFoundError as exc:
-        raise RuntimeError("git is not installed or not on PATH") from exc
-    except subprocess.CalledProcessError as exc:
-        raise RuntimeError(f"git log failed: {exc.output}") from exc
-
-    commits = []
-    for line in raw.splitlines():
-        parts = line.split("|", maxsplit=2)
-        if len(parts) == 3:
-            commits.append({"hash": parts[0], "author": parts[1], "subject": parts[2]})
-    return commits
+from __future__ import annotations
+
+import subprocess
+
+
+def get_recent_commits(limit: int = 10) -> list[dict[str, str]]:
+    try:
+        raw = subprocess.check_output(
+            ["git", "log", f"-{limit}", "--pretty=format:%H|%an|%s"],
+            text=True,
+        )
+    except FileNotFoundError as exc:
+        raise RuntimeError("git is not installed or not on PATH") from exc
+    except subprocess.CalledProcessError as exc:
+        raise RuntimeError(f"git log failed: {exc.output}") from exc
+
+    commits = []
+    for line in raw.splitlines():
+        parts = line.split("|", maxsplit=2)
+        if len(parts) == 3:
+            commits.append({"hash": parts[0], "author": parts[1], "subject": parts[2]})
+    return commits

package/tools/kubernetes/audit.py

@@ -1,108 +1,108 @@
-from __future__ import annotations
-
-import json
-import subprocess
-from typing import Any
-
-
-def k8s_security_audit(namespace: str = "") -> list[dict[str, Any]]:
-    findings = []
-
-    cmd_base = ["kubectl", "get"]
-    if namespace:
-        ns_args = ["-n", namespace]
-    else:
-        ns_args = ["-A"]
-
-    try:
-        pods_result = subprocess.check_output(
-            cmd_base + ["pods"] + ns_args + ["-o", "json"],
-            stderr=subprocess.STDOUT,
-            text=True,
-        )
-        pods_payload = json.loads(pods_result)
-    except Exception as exc:
-        print(f"Warning: Failed to get pods: {exc}")
-        pods_payload = {"items": []}
-
-    try:
-        services_result = subprocess.check_output(
-            cmd_base + ["svc"] + ns_args + ["-o", "json"],
-            stderr=subprocess.STDOUT,
-            text=True,
-        )
-        svcs_payload = json.loads(services_result)
-    except Exception as exc:
-        print(f"Warning: Failed to get services: {exc}")
-        svcs_payload = {"items": []}
-
-    try:
-        roles_result = subprocess.check_output(
-            cmd_base + ["clusterrolebindings", "-o", "json"],
-            stderr=subprocess.STDOUT,
-            text=True,
-        )
-        crb_payload = json.loads(roles_result)
-    except Exception as exc:
-        print(f"Warning: Failed to get clusterrolebindings: {exc}")
-        crb_payload = {"items": []}
-
-    # Parse pods
-    for pod in pods_payload.get("items", []):
-        metadata = pod.get("metadata", {})
-        pod_name = metadata.get("name", "unknown")
-        pod_ns = metadata.get("namespace", "unknown")
-        spec = pod.get("spec", {})
-
-        # Check hostNetwork
-        if spec.get("hostNetwork") is True:
-            findings.append({
-                "type": "hostNetwork",
-                "severity": "HIGH",
-                "resource": f"Pod/{pod_ns}/{pod_name}",
-                "message": "Pod is using host network."
-            })
-
-        # Check privileged containers
-        for container in spec.get("containers", []):
-            sec_ctx = container.get("securityContext", {})
-            if sec_ctx.get("privileged") is True:
-                findings.append({
-                    "type": "privileged_container",
-                    "severity": "CRITICAL",
-                    "resource": f"Pod/{pod_ns}/{pod_name}",
-                    "message": f"Container '{container.get('name')}' is running as privileged.",
-                })
-
-    # Parse services
-    for svc in svcs_payload.get("items", []):
-        metadata = svc.get("metadata", {})
-        svc_name = metadata.get("name", "unknown")
-        svc_ns = metadata.get("namespace", "unknown")
-        spec = svc.get("spec", {})
-
-        if spec.get("type") == "NodePort":
-            findings.append({
-                "type": "exposed_nodeport",
-                "severity": "MEDIUM",
-                "resource": f"Service/{svc_ns}/{svc_name}",
-                "message": "Service is exposed via NodePort."
-            })
-
-    # Parse cluster role bindings
-    for crb in crb_payload.get("items", []):
-        metadata = crb.get("metadata", {})
-        crb_name = metadata.get("name", "unknown")
-        role_ref = crb.get("roleRef", {})
-
-        if role_ref.get("name") == "cluster-admin":
-            for subj in crb.get("subjects", []):
-                if subj.get("kind") == "ServiceAccount":
-                    findings.append({
-                        "type": "cluster_admin_sa",
-                        "severity": "CRITICAL",
-                        "resource": f"ClusterRoleBinding/{crb_name}",
-                        "message": f"ServiceAccount '{subj.get('namespace')}/{subj.get('name')}' is bound to cluster-admin."
-                    })
-
-    return findings
+from __future__ import annotations
+
+import json
+import subprocess
+from typing import Any
+
+
+def k8s_security_audit(namespace: str = "") -> list[dict[str, Any]]:
+    findings = []
+
+    cmd_base = ["kubectl", "get"]
+    if namespace:
+        ns_args = ["-n", namespace]
+    else:
+        ns_args = ["-A"]
+
+    try:
+        pods_result = subprocess.check_output(
+            cmd_base + ["pods"] + ns_args + ["-o", "json"],
+            stderr=subprocess.STDOUT,
+            text=True,
+        )
+        pods_payload = json.loads(pods_result)
+    except Exception as exc:
+        print(f"Warning: Failed to get pods: {exc}")
+        pods_payload = {"items": []}
+
+    try:
+        services_result = subprocess.check_output(
+            cmd_base + ["svc"] + ns_args + ["-o", "json"],
+            stderr=subprocess.STDOUT,
+            text=True,
+        )
+        svcs_payload = json.loads(services_result)
+    except Exception as exc:
+        print(f"Warning: Failed to get services: {exc}")
+        svcs_payload = {"items": []}
+
+    try:
+        roles_result = subprocess.check_output(
+            cmd_base + ["clusterrolebindings", "-o", "json"],
+            stderr=subprocess.STDOUT,
+            text=True,
+        )
+        crb_payload = json.loads(roles_result)
+    except Exception as exc:
+        print(f"Warning: Failed to get clusterrolebindings: {exc}")
+        crb_payload = {"items": []}
+
+    # Parse pods
+    for pod in pods_payload.get("items", []):
+        metadata = pod.get("metadata", {})
+        pod_name = metadata.get("name", "unknown")
+        pod_ns = metadata.get("namespace", "unknown")
+        spec = pod.get("spec", {})
+
+        # Check hostNetwork
+        if spec.get("hostNetwork") is True:
+            findings.append({
+                "type": "hostNetwork",
+                "severity": "HIGH",
+                "resource": f"Pod/{pod_ns}/{pod_name}",
+                "message": "Pod is using host network."
+            })
+
+        # Check privileged containers
+        for container in spec.get("containers", []):
+            sec_ctx = container.get("securityContext", {})
+            if sec_ctx.get("privileged") is True:
+                findings.append({
+                    "type": "privileged_container",
+                    "severity": "CRITICAL",
+                    "resource": f"Pod/{pod_ns}/{pod_name}",
+                    "message": f"Container '{container.get('name')}' is running as privileged.",
+                })
+
+    # Parse services
+    for svc in svcs_payload.get("items", []):
+        metadata = svc.get("metadata", {})
+        svc_name = metadata.get("name", "unknown")
+        svc_ns = metadata.get("namespace", "unknown")
+        spec = svc.get("spec", {})
+
+        if spec.get("type") == "NodePort":
+            findings.append({
+                "type": "exposed_nodeport",
+                "severity": "MEDIUM",
+                "resource": f"Service/{svc_ns}/{svc_name}",
+                "message": "Service is exposed via NodePort."
+            })
+
+    # Parse cluster role bindings
+    for crb in crb_payload.get("items", []):
+        metadata = crb.get("metadata", {})
+        crb_name = metadata.get("name", "unknown")
+        role_ref = crb.get("roleRef", {})
+
+        if role_ref.get("name") == "cluster-admin":
+            for subj in crb.get("subjects", []):
+                if subj.get("kind") == "ServiceAccount":
+                    findings.append({
+                        "type": "cluster_admin_sa",
+                        "severity": "CRITICAL",
+                        "resource": f"ClusterRoleBinding/{crb_name}",
+                        "message": f"ServiceAccount '{subj.get('namespace')}/{subj.get('name')}' is bound to cluster-admin."
+                    })
+
+    return findings

package/tools/kubernetes/pods.py

@@ -1,27 +1,27 @@
-from __future__ import annotations
-
-import json
-import subprocess
-from typing import Any
-
-
-def list_pods(namespace: str = "default") -> list[dict[str, Any]]:
-    try:
-        result = subprocess.check_output(
-            ["kubectl", "get", "pods", "-n", namespace, "-o", "json"],
-            stderr=subprocess.STDOUT,
-            text=True,
-        )
-    except FileNotFoundError as exc:
-        raise RuntimeError("kubectl is not installed or not on PATH") from exc
-    except subprocess.CalledProcessError as exc:
-        raise RuntimeError(f"kubectl error (namespace '{namespace}'): {exc.output}") from exc
-
-    payload = json.loads(result)
-    return [
-        {
-            "name": item["metadata"]["name"],
-            "phase": item["status"].get("phase"),
-        }
-        for item in payload.get("items", [])
-    ]
+from __future__ import annotations
+
+import json
+import subprocess
+from typing import Any
+
+
+def list_pods(namespace: str = "default") -> list[dict[str, Any]]:
+    try:
+        result = subprocess.check_output(
+            ["kubectl", "get", "pods", "-n", namespace, "-o", "json"],
+            stderr=subprocess.STDOUT,
+            text=True,
+        )
+    except FileNotFoundError as exc:
+        raise RuntimeError("kubectl is not installed or not on PATH") from exc
+    except subprocess.CalledProcessError as exc:
+        raise RuntimeError(f"kubectl error (namespace '{namespace}'): {exc.output}") from exc
+
+    payload = json.loads(result)
+    return [
+        {
+            "name": item["metadata"]["name"],
+            "phase": item["status"].get("phase"),
+        }
+        for item in payload.get("items", [])
+    ]