@remnux/mcp-server 0.1.0

package/dist/archive-extractor.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Archive extraction module for REMnux MCP server
+ *
+ * Supports .zip, .7z, and .rar archives with automatic password detection.
+ * Passwords are tried from a configurable list for malware sample archives.
+ */
+import type { Connector } from "./connectors/index.js";
+export type ArchiveType = "zip" | "7z" | "rar" | null;
+export interface ExtractionResult {
+    success: boolean;
+    files: string[];
+    password?: string;
+    error?: string;
+    outputDir: string;
+}
+/**
+ * Detect archive type from filename extension
+ */
+export declare function detectArchiveType(filename: string): ArchiveType;
+/**
+ * Load password list from config file
+ * Returns default list if file not found
+ */
+export declare function loadPasswordList(): string[];
+/**
+ * Build extraction command for given archive type and tool
+ *
+ * @param archiveType - Type of archive (zip, 7z, rar)
+ * @param archivePath - Full path to archive file
+ * @param outputDir - Directory to extract files to
+ * @param password - Optional password for encrypted archives
+ * @returns Command array for execution
+ */
+export declare function getExtractionCommand(archiveType: ArchiveType, archivePath: string, outputDir: string, password?: string): string[];
+/**
+ * Extract an archive file with automatic password detection
+ *
+ * @param connector - Connector to execute commands on REMnux
+ * @param archivePath - Full path to archive file inside REMnux
+ * @param samplesDir - Base samples directory for output
+ * @param customPassword - Optional password to try first
+ * @param outputSubdir - Optional subdirectory name (defaults to archive name without extension)
+ * @returns Extraction result with file list and password used
+ */
+export declare function extractArchive(connector: Connector, archivePath: string, samplesDir: string, customPassword?: string, outputSubdir?: string): Promise<ExtractionResult>;
+//# sourceMappingURL=archive-extractor.d.ts.map

package/dist/archive-extractor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"archive-extractor.d.ts","sourceRoot":"","sources":["../src/archive-extractor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,SAAS,EAAc,MAAM,uBAAuB,CAAC;AAKnE,MAAM,MAAM,WAAW,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,GAAG,IAAI,CAAC;AAEtD,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW,CAY/D;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,EAAE,CAgB3C;AAED;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,WAAW,EAAE,WAAW,EACxB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,EACjB,QAAQ,CAAC,EAAE,MAAM,GAChB,MAAM,EAAE,CAwCV;AAgGD;;;;;;;;;GASG;AACH,wBAAsB,cAAc,CAClC,SAAS,EAAE,SAAS,EACpB,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,EAClB,cAAc,CAAC,EAAE,MAAM,EACvB,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,gBAAgB,CAAC,CAsG3B"}

package/dist/archive-extractor.js

@@ -0,0 +1,268 @@
+/**
+ * Archive extraction module for REMnux MCP server
+ *
+ * Supports .zip, .7z, and .rar archives with automatic password detection.
+ * Passwords are tried from a configurable list for malware sample archives.
+ */
+import { readFileSync } from "fs";
+import { dirname, join, basename, extname, resolve, normalize } from "path";
+import { fileURLToPath } from "url";
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+/**
+ * Detect archive type from filename extension
+ */
+export function detectArchiveType(filename) {
+    const ext = extname(filename).toLowerCase();
+    switch (ext) {
+        case ".zip":
+            return "zip";
+        case ".7z":
+            return "7z";
+        case ".rar":
+            return "rar";
+        default:
+            return null;
+    }
+}
+/**
+ * Load password list from config file
+ * Returns default list if file not found
+ */
+export function loadPasswordList() {
+    const defaultPasswords = ["infected", "malware", "virus"];
+    try {
+        const passwordFile = join(__dirname, "config", "archive-passwords.txt");
+        const content = readFileSync(passwordFile, "utf-8");
+        const passwords = content
+            .split("\n")
+            .map((line) => line.trim())
+            .filter((line) => line.length > 0 && !line.startsWith("#"));
+        return passwords.length > 0 ? passwords : defaultPasswords;
+    }
+    catch {
+        // Fallback to defaults if file not found
+        return defaultPasswords;
+    }
+}
+/**
+ * Build extraction command for given archive type and tool
+ *
+ * @param archiveType - Type of archive (zip, 7z, rar)
+ * @param archivePath - Full path to archive file
+ * @param outputDir - Directory to extract files to
+ * @param password - Optional password for encrypted archives
+ * @returns Command array for execution
+ */
+export function getExtractionCommand(archiveType, archivePath, outputDir, password) {
+    // Validate inputs don't contain shell metacharacters
+    // This is defense-in-depth; the connector should also escape properly
+    if (password && /[;&|`$\n\r'"\\]/.test(password)) {
+        throw new Error("Password contains invalid characters");
+    }
+    switch (archiveType) {
+        case "7z":
+            // 7z x archive.7z -ooutputdir -ppassword -y
+            // -y: assume yes on all queries (non-interactive)
+            const cmd7z = ["7z", "x", archivePath, `-o${outputDir}`, "-y"];
+            if (password) {
+                cmd7z.push(`-p${password}`);
+            }
+            return cmd7z;
+        case "zip":
+            // unzip -P password -d outputdir archive.zip
+            // -o: overwrite without prompting
+            const cmdZip = ["unzip", "-o"];
+            if (password) {
+                cmdZip.push("-P", password);
+            }
+            cmdZip.push("-d", outputDir, archivePath);
+            return cmdZip;
+        case "rar":
+            // unrar x -ppassword archive.rar outputdir/
+            // -o+: overwrite existing files
+            const cmdRar = ["unrar", "x", "-o+"];
+            if (password) {
+                cmdRar.push(`-p${password}`);
+            }
+            cmdRar.push(archivePath, outputDir + "/");
+            return cmdRar;
+        default:
+            throw new Error(`Unsupported archive type: ${archiveType}`);
+    }
+}
+/**
+ * Check if extraction result indicates wrong password
+ */
+function isWrongPasswordError(result, _archiveType) {
+    const output = (result.stderr + result.stdout).toLowerCase();
+    // Common password error patterns across tools
+    const passwordErrors = [
+        "wrong password",
+        "incorrect password",
+        "bad password",
+        "password required",
+        "encrypted",
+        "need password",
+        "checksum error", // 7z uses this for wrong password
+        "crc failed", // unrar uses this for wrong password
+    ];
+    // Check if exit code indicates failure AND output mentions password issues
+    if (result.exitCode !== 0) {
+        return passwordErrors.some((pattern) => output.includes(pattern));
+    }
+    return false;
+}
+/**
+ * List files in a directory
+ */
+async function listExtractedFiles(connector, outputDir) {
+    try {
+        const result = await connector.execute(["find", outputDir, "-type", "f", "-printf", "%P\\n"], { timeout: 30000 });
+        if (result.exitCode === 0 && result.stdout) {
+            return result.stdout
+                .split("\n")
+                .map((f) => f.trim())
+                .filter((f) => f.length > 0);
+        }
+        // Fallback to ls if find doesn't support -printf (e.g., BSD)
+        const lsResult = await connector.execute(["ls", "-1R", outputDir], { timeout: 30000 });
+        if (lsResult.exitCode === 0 && lsResult.stdout) {
+            return lsResult.stdout
+                .split("\n")
+                .map((f) => f.trim())
+                .filter((f) => f.length > 0 && !f.endsWith(":"));
+        }
+        return [];
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Validate that extracted files don't escape the sandbox (zip-slip protection)
+ * Malicious archives can contain entries like "../../../etc/cron.d/evil"
+ *
+ * @param files - Relative file paths from extraction
+ * @param outputDir - Expected output directory
+ * @returns Array of files that attempted path escape (empty if all safe)
+ */
+function validateExtractedPaths(files, outputDir) {
+    const escapeAttempts = [];
+    const normalizedBase = resolve(outputDir);
+    for (const file of files) {
+        // Check for obvious traversal patterns
+        if (file.includes("..") || file.startsWith("/")) {
+            escapeAttempts.push(file);
+            continue;
+        }
+        // Resolve the full path and ensure it stays within outputDir
+        const resolvedPath = resolve(outputDir, normalize(file));
+        if (!resolvedPath.startsWith(normalizedBase + "/") && resolvedPath !== normalizedBase) {
+            escapeAttempts.push(file);
+        }
+    }
+    return escapeAttempts;
+}
+/**
+ * Extract an archive file with automatic password detection
+ *
+ * @param connector - Connector to execute commands on REMnux
+ * @param archivePath - Full path to archive file inside REMnux
+ * @param samplesDir - Base samples directory for output
+ * @param customPassword - Optional password to try first
+ * @param outputSubdir - Optional subdirectory name (defaults to archive name without extension)
+ * @returns Extraction result with file list and password used
+ */
+export async function extractArchive(connector, archivePath, samplesDir, customPassword, outputSubdir) {
+    // Detect archive type
+    const archiveType = detectArchiveType(archivePath);
+    if (!archiveType) {
+        return {
+            success: false,
+            files: [],
+            error: `Unsupported archive format: ${extname(archivePath)}`,
+            outputDir: "",
+        };
+    }
+    // Determine output directory
+    const archiveName = basename(archivePath, extname(archivePath));
+    const subdir = outputSubdir || archiveName;
+    const outputDir = join(samplesDir, subdir);
+    // Create output directory
+    const mkdirResult = await connector.execute(["mkdir", "-p", outputDir], {
+        timeout: 10000,
+    });
+    if (mkdirResult.exitCode !== 0) {
+        return {
+            success: false,
+            files: [],
+            error: `Failed to create output directory: ${mkdirResult.stderr}`,
+            outputDir,
+        };
+    }
+    // Build password list to try
+    const passwordsToTry = [];
+    // 1. Custom password first if provided
+    if (customPassword) {
+        passwordsToTry.push(customPassword);
+    }
+    // 2. Try without password (archive might not be encrypted)
+    passwordsToTry.push(undefined);
+    // 3. Add passwords from config file
+    const configPasswords = loadPasswordList();
+    for (const pwd of configPasswords) {
+        if (pwd !== customPassword) {
+            // Avoid duplicates
+            passwordsToTry.push(pwd);
+        }
+    }
+    // Try extraction with each password
+    let lastError = "";
+    for (const password of passwordsToTry) {
+        try {
+            const cmd = getExtractionCommand(archiveType, archivePath, outputDir, password);
+            const result = await connector.execute(cmd, { timeout: 120000 });
+            if (result.exitCode === 0) {
+                // Success! List extracted files
+                const files = await listExtractedFiles(connector, outputDir);
+                // Validate for zip-slip attacks (path traversal in archive entries)
+                const escapeAttempts = validateExtractedPaths(files, outputDir);
+                if (escapeAttempts.length > 0) {
+                    // Clean up potentially malicious files
+                    await connector.execute(["rm", "-rf", outputDir], { timeout: 30000 });
+                    return {
+                        success: false,
+                        files: [],
+                        error: `Archive contains path escape attempts (zip-slip): ${escapeAttempts.slice(0, 3).join(", ")}${escapeAttempts.length > 3 ? ` and ${escapeAttempts.length - 3} more` : ""}`,
+                        outputDir,
+                    };
+                }
+                return {
+                    success: true,
+                    files,
+                    password: password, // undefined if no password was needed
+                    outputDir,
+                };
+            }
+            // Check if this is a password error
+            if (isWrongPasswordError(result, archiveType)) {
+                lastError = "Incorrect password";
+                continue; // Try next password
+            }
+            // Some other error - might still try other passwords for encrypted archives
+            lastError = result.stderr || result.stdout || "Unknown extraction error";
+        }
+        catch (err) {
+            lastError = err instanceof Error ? err.message : "Extraction failed";
+        }
+    }
+    // All passwords failed
+    return {
+        success: false,
+        files: [],
+        error: `Extraction failed: ${lastError}. Tried ${passwordsToTry.length} password(s).`,
+        outputDir,
+    };
+}
+//# sourceMappingURL=archive-extractor.js.map

package/dist/archive-extractor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"archive-extractor.js","sourceRoot":"","sources":["../src/archive-extractor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAC5E,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AAGpC,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAYtC;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IAC5C,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,MAAM;YACT,OAAO,KAAK,CAAC;QACf,KAAK,KAAK;YACR,OAAO,IAAI,CAAC;QACd,KAAK,MAAM;YACT,OAAO,KAAK,CAAC;QACf;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,gBAAgB,GAAG,CAAC,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IAE1D,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,EAAE,QAAQ,EAAE,uBAAuB,CAAC,CAAC;QACxE,MAAM,OAAO,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,OAAO;aACtB,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;aAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;QAE9D,OAAO,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,gBAAgB,CAAC;IAC7D,CAAC;IAAC,MAAM,CAAC;QACP,yCAAyC;QACzC,OAAO,gBAAgB,CAAC;IAC1B,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,oBAAoB,CAClC,WAAwB,EACxB,WAAmB,EACnB,SAAiB,EACjB,QAAiB;IAEjB,qDAAqD;IACrD,sEAAsE;IACtE,IAAI,QAAQ,IAAI,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,QAAQ,WAAW,EAAE,CAAC;QACpB,KAAK,IAAI;YACP,4CAA4C;YAC5C,kDAAkD;YAClD,MAAM,KAAK,GAAG,CAAC,IAAI,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,SAAS,EAAE,EAAE,IAAI,CAAC,CAAC;YAC/D,IAAI,QAAQ,EAAE,CAAC;gBACb,KAAK,CAAC,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC,CAAC;YAC9B,CAAC;YACD,OAAO,KAAK,CAAC;QAEf,KAAK,KAAK;YACR,6CAA6C;YAC7C,kCAAkC;YAClC,MAAM,MAAM,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAC/B,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;YAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;YAC1C,OAAO,MAAM,CAAC;QAEhB,KAAK,KAAK;YACR,4CAA4C;YAC5C,gCAAgC;YAChC,MAAM,MAAM,GAAG,CAAC,OAAO,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;YACrC,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,CAAC,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC,CAAC;YAC/B,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,SAAS,GAAG,GAAG,CAAC,CAAC;YAC1C,OAAO,MAAM,CAAC;QAEhB;YACE,MAAM,IAAI,KAAK,CAAC,6BAA6B,WAAW,EAAE,CAAC,CAAC;IAChE,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,MAAkB,EAAE,YAAyB;IACzE,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;IAE7D,8CAA8C;IAC9C,MAAM,cAAc,GAAG;QACrB,gBAAgB;QAChB,oBAAoB;QACpB,cAAc;QACd,mBAAmB;QACnB,WAAW;QACX,eAAe;QACf,gBAAgB,EAAE,kCAAkC;QACpD,YAAY,EAAE,qCAAqC;KACpD,CAAC;IAEF,2EAA2E;IAC3E,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAC/B,SAAoB,EACpB,SAAiB;IAEjB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,CACpC,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,EACrD,EAAE,OAAO,EAAE,KAAK,EAAE,CACnB,CAAC;QAEF,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAC3C,OAAO,MAAM,CAAC,MAAM;iBACjB,KAAK,CAAC,IAAI,CAAC;iBACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACjC,CAAC;QAED,6DAA6D;QAC7D,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,OAAO,CACtC,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,EACxB,EAAE,OAAO,EAAE,KAAK,EAAE,CACnB,CAAC;QAEF,IAAI,QAAQ,CAAC,QAAQ,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC/C,OAAO,QAAQ,CAAC,MAAM;iBACnB,KAAK,CAAC,IAAI,CAAC;iBACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QACrD,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,sBAAsB,CAAC,KAAe,EAAE,SAAiB;IAChE,MAAM,cAAc,GAAa,EAAE,CAAC;IACpC,MAAM,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAE1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,uCAAuC;QACvC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChD,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1B,SAAS;QACX,CAAC;QAED,6DAA6D;QAC7D,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,cAAc,GAAG,GAAG,CAAC,IAAI,YAAY,KAAK,cAAc,EAAE,CAAC;YACtF,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,SAAoB,EACpB,WAAmB,EACnB,UAAkB,EAClB,cAAuB,EACvB,YAAqB;IAErB,sBAAsB;IACtB,MAAM,WAAW,GAAG,iBAAiB,CAAC,WAAW,CAAC,CAAC;IACnD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,EAAE;YACT,KAAK,EAAE,+BAA+B,OAAO,CAAC,WAAW,CAAC,EAAE;YAC5D,SAAS,EAAE,EAAE;SACd,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,MAAM,WAAW,GAAG,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;IAChE,MAAM,MAAM,GAAG,YAAY,IAAI,WAAW,CAAC;IAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAE3C,0BAA0B;IAC1B,MAAM,WAAW,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,EAAE;QACtE,OAAO,EAAE,KAAK;KACf,CAAC,CAAC;IACH,IAAI,WAAW,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,EAAE;YACT,KAAK,EAAE,sCAAsC,WAAW,CAAC,MAAM,EAAE;YACjE,SAAS;SACV,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,MAAM,cAAc,GAA2B,EAAE,CAAC;IAElD,uCAAuC;IACvC,IAAI,cAAc,EAAE,CAAC;QACnB,cAAc,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACtC,CAAC;IAED,2DAA2D;IAC3D,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAE/B,oCAAoC;IACpC,MAAM,eAAe,GAAG,gBAAgB,EAAE,CAAC;IAC3C,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QAClC,IAAI,GAAG,KAAK,cAAc,EAAE,CAAC;YAC3B,mBAAmB;YACnB,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,oCAAoC;IACpC,IAAI,SAAS,GAAG,EAAE,CAAC;IACnB,KAAK,MAAM,QAAQ,IAAI,cAAc,EAAE,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,oBAAoB,CAAC,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YAChF,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;YAEjE,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;gBAC1B,gCAAgC;gBAChC,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;gBAE7D,oEAAoE;gBACpE,MAAM,cAAc,GAAG,sBAAsB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;gBAChE,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC9B,uCAAuC;oBACvC,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;oBACtE,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,EAAE;wBACT,KAAK,EAAE,qDAAqD,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,cAAc,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;wBAC/K,SAAS;qBACV,CAAC;gBACJ,CAAC;gBAED,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,KAAK;oBACL,QAAQ,EAAE,QAAQ,EAAE,sCAAsC;oBAC1D,SAAS;iBACV,CAAC;YACJ,CAAC;YAED,oCAAoC;YACpC,IAAI,oBAAoB,CAAC,MAAM,EAAE,WAAW,CAAC,EAAE,CAAC;gBAC9C,SAAS,GAAG,oBAAoB,CAAC;gBACjC,SAAS,CAAC,oBAAoB;YAChC,CAAC;YAED,4EAA4E;YAC5E,SAAS,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,IAAI,0BAA0B,CAAC;QAC3E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB,CAAC;QACvE,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,OAAO;QACL,OAAO,EAAE,KAAK;QACd,KAAK,EAAE,EAAE;QACT,KAAK,EAAE,sBAAsB,SAAS,WAAW,cAAc,CAAC,MAAM,eAAe;QACrF,SAAS;KACV,CAAC;AACJ,CAAC"}

package/dist/catalog/index.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Tool Catalog — complete REMnux tool inventory from salt-states.
+ *
+ * Provides discovery of all ~200 tools on REMnux, complementing the
+ * smaller auto-run registry (~35 tools) used by analyze_file.
+ */
+export interface CatalogTool {
+    command: string;
+    name: string;
+    category: string;
+    description: string;
+    website: string;
+}
+export interface ToolsIndex {
+    version: string;
+    updated: string;
+    tools: CatalogTool[];
+}
+declare class ToolCatalog {
+    private tools;
+    private byMcpCategory;
+    private bySaltCategory;
+    readonly version: string;
+    readonly updated: string;
+    constructor(index: ToolsIndex);
+    /** All tools in the catalog. */
+    all(): readonly CatalogTool[];
+    /** Tools matching an MCP file-type category (PE, PDF, OLE2, etc.). */
+    forMcpCategory(mcpCategory: string): CatalogTool[];
+    /** Tools matching a salt-states category string. */
+    forSaltCategory(saltCategory: string): CatalogTool[];
+    /** All unique salt-states categories. */
+    categories(): string[];
+    /** Total tool count. */
+    get size(): number;
+}
+/** Singleton catalog instance. */
+export declare const toolCatalog: ToolCatalog;
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/catalog/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/catalog/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,WAAW,EAAE,CAAC;CACtB;AA0DD,cAAM,WAAW;IACf,OAAO,CAAC,KAAK,CAAgB;IAC7B,OAAO,CAAC,aAAa,CAA6B;IAClD,OAAO,CAAC,cAAc,CAA6B;IACnD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;gBAEb,KAAK,EAAE,UAAU;IA0B7B,gCAAgC;IAChC,GAAG,IAAI,SAAS,WAAW,EAAE;IAI7B,sEAAsE;IACtE,cAAc,CAAC,WAAW,EAAE,MAAM,GAAG,WAAW,EAAE;IAIlD,oDAAoD;IACpD,eAAe,CAAC,YAAY,EAAE,MAAM,GAAG,WAAW,EAAE;IAIpD,yCAAyC;IACzC,UAAU,IAAI,MAAM,EAAE;IAItB,wBAAwB;IACxB,IAAI,IAAI,IAAI,MAAM,CAEjB;CACF;AAWD,kCAAkC;AAClC,eAAO,MAAM,WAAW,aAA+B,CAAC"}

package/dist/catalog/index.js

@@ -0,0 +1,114 @@
+/**
+ * Tool Catalog — complete REMnux tool inventory from salt-states.
+ *
+ * Provides discovery of all ~200 tools on REMnux, complementing the
+ * smaller auto-run registry (~35 tools) used by analyze_file.
+ */
+import { readFileSync } from "node:fs";
+import { resolve, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+/**
+ * Maps salt-states categories to MCP file-type category names.
+ * Multiple salt-states categories can map to one MCP category.
+ */
+const SALT_TO_MCP_CATEGORY = {
+    // PE
+    "Examine Static Properties: PE Files": "PE",
+    "Statically Analyze Code: PE Files": "PE",
+    "Statically Analyze Code: Unpacking": "PE",
+    // .NET
+    "Examine Static Properties: .NET": "DOTNET",
+    "Statically Analyze Code: .NET": "DOTNET",
+    // PDF
+    "Analyze Documents: PDF": "PDF",
+    // Office (OLE2, OOXML, RTF share tools)
+    "Analyze Documents: Microsoft Office": "OLE2",
+    // ELF
+    "Examine Static Properties: ELF Files": "ELF",
+    "Dynamically Reverse-Engineer Code: ELF Files": "ELF",
+    // Scripts
+    "Statically Analyze Code: Scripts": "Script",
+    "Dynamically Reverse-Engineer Code: Scripts": "Script",
+    // Java/JAR
+    "Statically Analyze Code: Java": "JAR",
+    // Email
+    "Analyze Documents: Email Messages": "Email",
+    // Android/APK
+    "Statically Analyze Code: Android": "APK",
+    // General document analysis maps to OLE2 (broad category)
+    "Analyze Documents: General": "OLE2",
+};
+/**
+ * Reverse map: MCP category → set of salt-states categories.
+ */
+const MCP_TO_SALT_CATEGORIES = new Map();
+for (const [salt, mcp] of Object.entries(SALT_TO_MCP_CATEGORY)) {
+    const existing = MCP_TO_SALT_CATEGORIES.get(mcp) ?? [];
+    existing.push(salt);
+    MCP_TO_SALT_CATEGORIES.set(mcp, existing);
+}
+// OOXML and RTF share Office analysis tools with OLE2
+const officeCats = MCP_TO_SALT_CATEGORIES.get("OLE2") ?? [];
+MCP_TO_SALT_CATEGORIES.set("OOXML", [...officeCats]);
+MCP_TO_SALT_CATEGORIES.set("RTF", [...officeCats]);
+class ToolCatalog {
+    tools;
+    byMcpCategory;
+    bySaltCategory;
+    version;
+    updated;
+    constructor(index) {
+        this.tools = index.tools;
+        this.version = index.version;
+        this.updated = index.updated;
+        // Index by salt-states category
+        this.bySaltCategory = new Map();
+        for (const tool of this.tools) {
+            const existing = this.bySaltCategory.get(tool.category) ?? [];
+            existing.push(tool);
+            this.bySaltCategory.set(tool.category, existing);
+        }
+        // Index by MCP category
+        this.byMcpCategory = new Map();
+        for (const [mcpCat, saltCats] of MCP_TO_SALT_CATEGORIES) {
+            const tools = [];
+            for (const saltCat of saltCats) {
+                tools.push(...(this.bySaltCategory.get(saltCat) ?? []));
+            }
+            if (tools.length > 0) {
+                this.byMcpCategory.set(mcpCat, tools);
+            }
+        }
+    }
+    /** All tools in the catalog. */
+    all() {
+        return this.tools;
+    }
+    /** Tools matching an MCP file-type category (PE, PDF, OLE2, etc.). */
+    forMcpCategory(mcpCategory) {
+        return this.byMcpCategory.get(mcpCategory) ?? [];
+    }
+    /** Tools matching a salt-states category string. */
+    forSaltCategory(saltCategory) {
+        return this.bySaltCategory.get(saltCategory) ?? [];
+    }
+    /** All unique salt-states categories. */
+    categories() {
+        return [...this.bySaltCategory.keys()].sort();
+    }
+    /** Total tool count. */
+    get size() {
+        return this.tools.length;
+    }
+}
+/** Load the bundled tools-index.json. */
+function loadIndex() {
+    const __dirname = dirname(fileURLToPath(import.meta.url));
+    // data/ is at package root, two levels up from dist/catalog/ or src/catalog/
+    const indexPath = resolve(__dirname, "../../data/tools-index.json");
+    const raw = readFileSync(indexPath, "utf-8");
+    return JSON.parse(raw);
+}
+/** Singleton catalog instance. */
+export const toolCatalog = new ToolCatalog(loadIndex());
+//# sourceMappingURL=index.js.map

package/dist/catalog/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/catalog/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAgBzC;;;GAGG;AACH,MAAM,oBAAoB,GAA2B;IACnD,KAAK;IACL,qCAAqC,EAAE,IAAI;IAC3C,mCAAmC,EAAE,IAAI;IACzC,oCAAoC,EAAE,IAAI;IAE1C,OAAO;IACP,iCAAiC,EAAE,QAAQ;IAC3C,+BAA+B,EAAE,QAAQ;IAEzC,MAAM;IACN,wBAAwB,EAAE,KAAK;IAE/B,wCAAwC;IACxC,qCAAqC,EAAE,MAAM;IAE7C,MAAM;IACN,sCAAsC,EAAE,KAAK;IAC7C,8CAA8C,EAAE,KAAK;IAErD,UAAU;IACV,kCAAkC,EAAE,QAAQ;IAC5C,4CAA4C,EAAE,QAAQ;IAEtD,WAAW;IACX,+BAA+B,EAAE,KAAK;IAEtC,QAAQ;IACR,mCAAmC,EAAE,OAAO;IAE5C,cAAc;IACd,kCAAkC,EAAE,KAAK;IAEzC,0DAA0D;IAC1D,4BAA4B,EAAE,MAAM;CACrC,CAAC;AAEF;;GAEG;AACH,MAAM,sBAAsB,GAA0B,IAAI,GAAG,EAAE,CAAC;AAChE,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,CAAC;IAC/D,MAAM,QAAQ,GAAG,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;IACvD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpB,sBAAsB,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;AAC5C,CAAC;AAED,sDAAsD;AACtD,MAAM,UAAU,GAAG,sBAAsB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;AAC5D,sBAAsB,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC;AACrD,sBAAsB,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC;AAEnD,MAAM,WAAW;IACP,KAAK,CAAgB;IACrB,aAAa,CAA6B;IAC1C,cAAc,CAA6B;IAC1C,OAAO,CAAS;IAChB,OAAO,CAAS;IAEzB,YAAY,KAAiB;QAC3B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAE7B,gCAAgC;QAChC,IAAI,CAAC,cAAc,GAAG,IAAI,GAAG,EAAE,CAAC;QAChC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC9D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpB,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACnD,CAAC;QAED,wBAAwB;QACxB,IAAI,CAAC,aAAa,GAAG,IAAI,GAAG,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,sBAAsB,EAAE,CAAC;YACxD,MAAM,KAAK,GAAkB,EAAE,CAAC;YAChC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;YAC1D,CAAC;YACD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrB,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YACxC,CAAC;QACH,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,GAAG;QACD,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,sEAAsE;IACtE,cAAc,CAAC,WAAmB;QAChC,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;IACnD,CAAC;IAED,oDAAoD;IACpD,eAAe,CAAC,YAAoB;QAClC,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;IACrD,CAAC;IAED,yCAAyC;IACzC,UAAU;QACR,OAAO,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAChD,CAAC;IAED,wBAAwB;IACxB,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IAC3B,CAAC;CACF;AAED,yCAAyC;AACzC,SAAS,SAAS;IAChB,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,6EAA6E;IAC7E,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,EAAE,6BAA6B,CAAC,CAAC;IACpE,MAAM,GAAG,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC7C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAe,CAAC;AACvC,CAAC;AAED,kCAAkC;AAClC,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC,CAAC"}

package/dist/cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}

package/dist/cli.js

@@ -0,0 +1,154 @@
+#!/usr/bin/env node
+import { startServer } from "./index.js";
+function parseArgs() {
+    const args = process.argv.slice(2);
+    const config = {
+        mode: "docker",
+        container: "remnux",
+        samplesDir: "/home/remnux/files/samples",
+        outputDir: "/home/remnux/files/output",
+        timeout: 300,
+        noSandbox: true,
+    };
+    for (let i = 0; i < args.length; i++) {
+        let arg = args[i];
+        let value = args[i + 1];
+        let usedEqualsSyntax = false;
+        // Support --flag=value syntax: split on first '='
+        if (arg.startsWith("--") && arg.includes("=")) {
+            const eqIndex = arg.indexOf("=");
+            value = arg.slice(eqIndex + 1);
+            arg = arg.slice(0, eqIndex);
+            usedEqualsSyntax = true;
+        }
+        // Helper: only skip next arg if value came from separate arg (not '=' syntax)
+        const consumeValue = () => { if (!usedEqualsSyntax)
+            i++; };
+        switch (arg) {
+            case "--mode":
+                if (value === "docker" || value === "ssh" || value === "local") {
+                    config.mode = value;
+                }
+                consumeValue();
+                break;
+            case "--container":
+                config.container = value;
+                consumeValue();
+                break;
+            case "--host":
+                config.host = value;
+                consumeValue();
+                break;
+            case "--user":
+                config.user = value;
+                consumeValue();
+                break;
+            case "--port":
+                config.port = parseInt(value, 10);
+                consumeValue();
+                break;
+            case "--password":
+                config.password = value;
+                consumeValue();
+                break;
+            case "--samples-dir":
+                config.samplesDir = value;
+                consumeValue();
+                break;
+            case "--output-dir":
+                config.outputDir = value;
+                consumeValue();
+                break;
+            case "--timeout":
+                config.timeout = parseInt(value, 10);
+                consumeValue();
+                break;
+            case "--sandbox":
+                config.noSandbox = false;
+                break;
+            case "--no-sandbox":
+                // Backwards compatibility — already the default
+                break;
+            case "--transport":
+                if (value === "stdio" || value === "http") {
+                    config.transport = value;
+                }
+                consumeValue();
+                break;
+            case "--http-port":
+                config.httpPort = parseInt(value, 10);
+                consumeValue();
+                break;
+            case "--http-host":
+                config.httpHost = value;
+                consumeValue();
+                break;
+            case "--http-token":
+                config.httpToken = value;
+                consumeValue();
+                break;
+            case "--help":
+            case "-h":
+                printHelp();
+                process.exit(0);
+            case "--version":
+            case "-v":
+                console.log("remnux-mcp-server v0.1.0");
+                process.exit(0);
+        }
+    }
+    // Read token from env var if not set via CLI
+    if (!config.httpToken && process.env.MCP_TOKEN) {
+        config.httpToken = process.env.MCP_TOKEN;
+    }
+    return config;
+}
+function printHelp() {
+    console.log(`
+remnux-mcp-server - MCP server for REMnux malware analysis tools
+
+USAGE:
+  remnux-mcp-server [OPTIONS]
+
+OPTIONS:
+  --mode <mode>           Connection mode: docker, ssh, or local (default: docker)
+  --container <name>      Docker container name/ID (default: remnux)
+  --host <host>           SSH host (for ssh mode)
+  --user <user>           SSH user (default: remnux)
+  --port <port>           SSH port (default: 22)
+  --password <pass>       SSH password (uses SSH agent if omitted)
+  --samples-dir <path>    Path to samples directory (default: /home/remnux/files/samples)
+  --output-dir <path>     Path to output directory (default: /home/remnux/files/output)
+  --timeout <seconds>     Default command timeout (default: 300)
+  --sandbox               Enable path sandboxing (restrict files to samples/output dirs)
+  --no-sandbox            No-op (sandbox is already off by default)
+  --transport <mode>      Transport: stdio (default) or http
+  --http-port <port>      HTTP port (default: 3000)
+  --http-host <host>      HTTP bind address (default: 127.0.0.1)
+  --http-token <token>    Bearer token for HTTP auth (also reads MCP_TOKEN env var)
+  -h, --help              Show this help message
+  -v, --version           Show version
+
+EXAMPLES:
+  # Docker mode (default, stdio transport)
+  remnux-mcp-server --mode=docker --container=remnux
+
+  # SSH mode
+  remnux-mcp-server --mode=ssh --host=192.168.1.100 --user=remnux
+
+  # HTTP transport (Model B: server inside REMnux)
+  remnux-mcp-server --mode=local --transport=http --http-token=SECRET
+
+  # Add to Claude Code (stdio)
+  claude mcp add remnux --transport stdio -- npx remnux-mcp-server
+
+For tool discovery and documentation, use the REMnux docs MCP:
+  https://docs.remnux.org/~gitbook/mcp
+`);
+}
+// Start server
+startServer(parseArgs()).catch((error) => {
+    console.error("Failed to start server:", error);
+    process.exit(1);
+});
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,WAAW,EAAqB,MAAM,YAAY,CAAC;AAE5D,SAAS,SAAS;IAChB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,MAAM,GAAiB;QAC3B,IAAI,EAAE,QAAQ;QACd,SAAS,EAAE,QAAQ;QACnB,UAAU,EAAE,4BAA4B;QACxC,SAAS,EAAE,2BAA2B;QACtC,OAAO,EAAE,GAAG;QACZ,SAAS,EAAE,IAAI;KAChB,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,IAAI,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,IAAI,KAAK,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACxB,IAAI,gBAAgB,GAAG,KAAK,CAAC;QAE7B,kDAAkD;QAClD,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;YAC/B,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;YAC5B,gBAAgB,GAAG,IAAI,CAAC;QAC1B,CAAC;QAED,8EAA8E;QAC9E,MAAM,YAAY,GAAG,GAAG,EAAE,GAAG,IAAI,CAAC,gBAAgB;YAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAE3D,QAAQ,GAAG,EAAE,CAAC;YACZ,KAAK,QAAQ;gBACX,IAAI,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;oBAC/D,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC;gBACtB,CAAC;gBACD,YAAY,EAAE,CAAC;gBACf,MAAM;YACR,KAAK,aAAa;gBAChB,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC;gBACzB,YAAY,EAAE,CAAC;gBACf,MAAM;YACR,KAAK,QAAQ;gBACX,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC;gBACpB,YAAY,EAAE,CAAC;gBACf,MAAM;YACR,KAAK,QAAQ;gBACX,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC;gBACpB,YAAY,EAAE,CAAC;gBACf,MAAM;YACR,KAAK,QAAQ;gBACX,MAAM,CAAC,IAAI,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gBAClC,YAAY,EAAE,CAAC;gBACf,MAAM;YACR,KAAK,YAAY;gBACf,MAAM,CAAC,QAAQ,GAAG,KAAK,CAAC;gBACxB,YAAY,EAAE,CAAC;gBACf,MAAM;YACR,KAAK,eAAe;gBAClB,MAAM,CAAC,UAAU,GAAG,KAAK,CAAC;gBAC1B,YAAY,EAAE,CAAC;gBACf,MAAM;YACR,KAAK,cAAc;gBACjB,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC;gBACzB,YAAY,EAAE,CAAC;gBACf,MAAM;YACR,KAAK,WAAW;gBACd,MAAM,CAAC,OAAO,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gBACrC,YAAY,EAAE,CAAC;gBACf,MAAM;YACR,KAAK,WAAW;gBACd,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC;gBACzB,MAAM;YACR,KAAK,cAAc;gBACjB,gDAAgD;gBAChD,MAAM;YACR,KAAK,aAAa;gBAChB,IAAI,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;oBAC1C,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC;gBAC3B,CAAC;gBACD,YAAY,EAAE,CAAC;gBACf,MAAM;YACR,KAAK,aAAa;gBAChB,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gBACtC,YAAY,EAAE,CAAC;gBACf,MAAM;YACR,KAAK,aAAa;gBAChB,MAAM,CAAC,QAAQ,GAAG,KAAK,CAAC;gBACxB,YAAY,EAAE,CAAC;gBACf,MAAM;YACR,KAAK,cAAc;gBACjB,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC;gBACzB,YAAY,EAAE,CAAC;gBACf,MAAM;YACR,KAAK,QAAQ,CAAC;YACd,KAAK,IAAI;gBACP,SAAS,EAAE,CAAC;gBACZ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,KAAK,WAAW,CAAC;YACjB,KAAK,IAAI;gBACP,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;gBACxC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC;QAC/C,MAAM,CAAC,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC;IAC3C,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAwCb,CAAC,CAAC;AACH,CAAC;AAED,eAAe;AACf,WAAW,CAAC,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACvC,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;IAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}