@remnux/mcp-server 0.1.0

package/dist/file-upload.js

@@ -0,0 +1,170 @@
+/**
+ * File upload module for REMnux MCP server
+ *
+ * Allows AI assistants to upload files from the host filesystem to the
+ * samples directory via MCP. Reads files locally — no base64 in context.
+ */
+import { createHash } from "crypto";
+import { createReadStream, lstatSync } from "fs";
+import { pipeline } from "stream/promises";
+import { basename, isAbsolute } from "path";
+// 200MB limit for uploaded files (stat-based check, no in-memory buffering)
+const MAX_FILE_SIZE = 200 * 1024 * 1024;
+/**
+ * Validate filename for security
+ * - No path separators (/, \)
+ * - No path traversal (..)
+ * - No null bytes
+ * - Reasonable length
+ */
+export function validateFilename(filename) {
+    if (!filename || filename.length === 0) {
+        return { valid: false, error: "Filename cannot be empty" };
+    }
+    if (filename.length > 255) {
+        return { valid: false, error: "Filename too long (max 255 characters)" };
+    }
+    if (filename.includes("/") || filename.includes("\\")) {
+        return { valid: false, error: "Filename cannot contain path separators" };
+    }
+    if (filename.includes("..")) {
+        return { valid: false, error: "Filename cannot contain '..'" };
+    }
+    if (filename.includes("\0")) {
+        return { valid: false, error: "Filename cannot contain null bytes" };
+    }
+    // Check for shell metacharacters that could cause issues
+    if (/[;&|`$\n\r'"<>]/.test(filename)) {
+        return { valid: false, error: "Filename contains invalid characters" };
+    }
+    return { valid: true };
+}
+/**
+ * Validate a host filesystem path for security
+ */
+export function validateHostPath(hostPath) {
+    if (!hostPath || hostPath.length === 0) {
+        return { valid: false, error: "host_path cannot be empty" };
+    }
+    if (!isAbsolute(hostPath)) {
+        return { valid: false, error: "host_path must be an absolute path" };
+    }
+    if (hostPath.includes("\0")) {
+        return { valid: false, error: "host_path cannot contain null bytes" };
+    }
+    // Reject path traversal — always reject ".." components
+    if (hostPath.includes("..")) {
+        return { valid: false, error: "host_path cannot contain path traversal (..)" };
+    }
+    // Reject shell metacharacters
+    if (/[;&|`$\n\r'"<>]/.test(hostPath)) {
+        return { valid: false, error: "host_path contains invalid characters" };
+    }
+    return { valid: true };
+}
+/**
+ * Upload a file from the host filesystem to the samples directory
+ *
+ * @param connector - Connector to write files on REMnux
+ * @param samplesDir - Base samples directory on REMnux
+ * @param hostPath - Absolute path on the host filesystem
+ * @param filename - Override filename (defaults to basename of hostPath)
+ * @param overwrite - Whether to overwrite if file exists (default: false)
+ * @returns Upload result with file path, size, and SHA256 hash
+ */
+export async function uploadSampleFromHost(connector, samplesDir, hostPath, filename, overwrite = false) {
+    // Validate host path
+    const pathValidation = validateHostPath(hostPath);
+    if (!pathValidation.valid) {
+        return { success: false, error: pathValidation.error };
+    }
+    // Reject symlinks
+    let stat;
+    try {
+        stat = lstatSync(hostPath);
+    }
+    catch (_err) {
+        return { success: false, error: `File not found: ${hostPath}` };
+    }
+    if (stat.isSymbolicLink()) {
+        return { success: false, error: "Symlinks are not allowed" };
+    }
+    if (!stat.isFile()) {
+        return { success: false, error: "host_path must point to a regular file" };
+    }
+    // Check file size via stat (no buffering)
+    if (stat.size > MAX_FILE_SIZE) {
+        const sizeMB = (stat.size / 1024 / 1024).toFixed(0);
+        const limitMB = MAX_FILE_SIZE / 1024 / 1024;
+        return {
+            success: false,
+            error: `File size (${sizeMB}MB) exceeds the ${limitMB}MB upload limit. ` +
+                `For large files such as memory images, mount a host directory into the container instead:\n` +
+                `  docker run -v /path/to/evidence:/home/remnux/files/samples/evidence remnux/remnux-distro\n` +
+                `Then reference files as: evidence/<filename>`,
+        };
+    }
+    // Determine target filename
+    const targetFilename = filename ?? basename(hostPath);
+    // Validate target filename
+    const filenameValidation = validateFilename(targetFilename);
+    if (!filenameValidation.valid) {
+        return { success: false, error: filenameValidation.error };
+    }
+    // Calculate SHA256 hash via streaming
+    let sha256;
+    try {
+        const hash = createHash("sha256");
+        await pipeline(createReadStream(hostPath), hash);
+        sha256 = hash.digest("hex");
+    }
+    catch (err) {
+        return {
+            success: false,
+            error: `Failed to read file: ${err instanceof Error ? err.message : "Unknown error"}`,
+        };
+    }
+    // Build full file path
+    const filePath = `${samplesDir}/${targetFilename}`;
+    // Check if file already exists (unless overwrite is true)
+    if (!overwrite) {
+        try {
+            const checkResult = await connector.execute(["test", "-e", filePath], {
+                timeout: 5000,
+            });
+            if (checkResult.exitCode === 0) {
+                return {
+                    success: false,
+                    error: "File already exists. Use overwrite=true to replace.",
+                };
+            }
+        }
+        catch {
+            // test command failed, file probably doesn't exist
+        }
+    }
+    // Ensure target directory exists (fresh containers may lack it)
+    try {
+        await connector.execute(["mkdir", "-p", samplesDir], { timeout: 5000 });
+    }
+    catch {
+        // Ignore — real errors surface in writeFileFromPath
+    }
+    // Write file using connector's streaming path-based method
+    try {
+        await connector.writeFileFromPath(filePath, hostPath);
+    }
+    catch (err) {
+        return {
+            success: false,
+            error: `Failed to write file: ${err instanceof Error ? err.message : "Unknown error"}`,
+        };
+    }
+    return {
+        success: true,
+        path: filePath,
+        size_bytes: stat.size,
+        sha256,
+    };
+}
+//# sourceMappingURL=file-upload.js.map

package/dist/file-upload.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"file-upload.js","sourceRoot":"","sources":["../src/file-upload.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAG5C,4EAA4E;AAC5E,MAAM,aAAa,GAAG,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC;AAUxC;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC;IAC7D,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,wCAAwC,EAAE,CAAC;IAC3E,CAAC;IAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACtD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC;IAC5E,CAAC;IAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC;IACjE,CAAC;IAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC;IACvE,CAAC;IAED,yDAAyD;IACzD,IAAI,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAC;IACzE,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;IAC9D,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC;IACvE,CAAC;IAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC;IACxE,CAAC;IAED,wDAAwD;IACxD,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,8CAA8C,EAAE,CAAC;IACjF,CAAC;IAED,8BAA8B;IAC9B,IAAI,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC;IAC1E,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,SAAoB,EACpB,UAAkB,EAClB,QAAgB,EAChB,QAAiB,EACjB,YAAqB,KAAK;IAE1B,qBAAqB;IACrB,MAAM,cAAc,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAClD,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAC1B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,CAAC,KAAK,EAAE,CAAC;IACzD,CAAC;IAED,kBAAkB;IAClB,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACH,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,IAAI,EAAE,CAAC;QACd,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,QAAQ,EAAE,EAAE,CAAC;IAClE,CAAC;IAED,IAAI,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;QAC1B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QACnB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,wCAAwC,EAAE,CAAC;IAC7E,CAAC;IAED,0CAA0C;IAC1C,IAAI,IAAI,CAAC,IAAI,GAAG,aAAa,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,aAAa,GAAG,IAAI,GAAG,IAAI,CAAC;QAC5C,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EACH,cAAc,MAAM,mBAAmB,OAAO,mBAAmB;gBACjE,6FAA6F;gBAC7F,8FAA8F;gBAC9F,8CAA8C;SACjD,CAAC;IACJ,CAAC;IAED,4BAA4B;IAC5B,MAAM,cAAc,GAAG,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAEtD,2BAA2B;IAC3B,MAAM,kBAAkB,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;IAC5D,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;QAC9B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,kBAAkB,CAAC,KAAK,EAAE,CAAC;IAC7D,CAAC;IAED,sCAAsC;IACtC,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;QAClC,MAAM,QAAQ,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC;QACjD,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,wBAAwB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;SACtF,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,MAAM,QAAQ,GAAG,GAAG,UAAU,IAAI,cAAc,EAAE,CAAC;IAEnD,0DAA0D;IAC1D,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,EAAE;gBACpE,OAAO,EAAE,IAAI;aACd,CAAC,CAAC;YACH,IAAI,WAAW,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;gBAC/B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,qDAAqD;iBAC7D,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,mDAAmD;QACrD,CAAC;IACH,CAAC;IAED,gEAAgE;IAChE,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,UAAU,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACP,oDAAoD;IACtD,CAAC;IAED,2DAA2D;IAC3D,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACxD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,yBAAyB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;SACvF,CAAC;IACJ,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI;QACb,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE,IAAI,CAAC,IAAI;QACrB,MAAM;KACP,CAAC;AACJ,CAAC"}

package/dist/handlers/analyze-file.d.ts

@@ -0,0 +1,10 @@
+import type { HandlerDeps } from "./types.js";
+import type { AnalyzeFileArgs } from "../schemas/tools.js";
+export declare function handleAnalyzeFile(deps: HandlerDeps, args: AnalyzeFileArgs): Promise<{
+    content: Array<{
+        type: "text";
+        text: string;
+    }>;
+    isError?: boolean;
+}>;
+//# sourceMappingURL=analyze-file.d.ts.map

package/dist/handlers/analyze-file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyze-file.d.ts","sourceRoot":"","sources":["../../src/handlers/analyze-file.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAwC3D,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,WAAW,EACjB,IAAI,EAAE,eAAe;;;;;;GAwJtB"}

package/dist/handlers/analyze-file.js

@@ -0,0 +1,149 @@
+import { validateFilePath } from "../security/blocklist.js";
+import { matchFileType, CATEGORY_TAG_MAP } from "../file-type-mappings.js";
+import { toolRegistry } from "../tools/registry.js";
+import { buildCommandFromDefinition } from "../tools/invoker.js";
+import { parseToolOutput } from "../parsers/index.js";
+import { formatResponse, formatError } from "../response.js";
+import { REMnuxError } from "../errors/remnux-error.js";
+import { toREMnuxError } from "../errors/error-mapper.js";
+import { extractIOCs } from "../ioc/extractor.js";
+const DEFAULT_OUTPUT_BUDGET = 80 * 1024; // 80KB default
+const TOTAL_RESPONSE_BUDGET = 200 * 1024; // 200KB total across all tools
+/** Per-tool output budgets — tools known to produce large output get tighter limits. */
+const TOOL_OUTPUT_BUDGETS = {
+    floss: 20 * 1024,
+    ilspycmd: 15 * 1024,
+    rtfdump: 10 * 1024,
+    olevba: 30 * 1024,
+    oledump: 20 * 1024,
+    exiftool: 10 * 1024,
+    zipdump: 15 * 1024,
+};
+export async function handleAnalyzeFile(deps, args) {
+    const startTime = Date.now();
+    try {
+        const { connector, config } = deps;
+        const depth = (args.depth ?? "standard");
+        // Validate file path (skip unless --sandbox)
+        if (!config.noSandbox) {
+            const validation = validateFilePath(args.file, config.samplesDir);
+            if (!validation.safe) {
+                return formatError("analyze_file", new REMnuxError(validation.error || "Invalid file path", "INVALID_PATH", "validation", "Use a relative path within the samples directory"), startTime);
+            }
+        }
+        const filePath = `${config.samplesDir}/${args.file}`;
+        const perToolTimeout = (args.timeout_per_tool || 60) * 1000;
+        // Step 1: Detect file type
+        let fileOutput;
+        try {
+            const result = await connector.execute(["file", filePath], { timeout: 30000 });
+            fileOutput = result.stdout?.trim() || "";
+            if (!fileOutput) {
+                return formatError("analyze_file", new REMnuxError("Could not determine file type (empty `file` output)", "EMPTY_OUTPUT", "tool_failure", "Check that the file exists and is readable"), startTime);
+            }
+        }
+        catch (error) {
+            const msg = `Error running file command: ${error instanceof Error ? error.message : "Unknown error"}`;
+            return formatError("analyze_file", new REMnuxError(msg, "EMPTY_OUTPUT", "tool_failure", "Check that the file exists and is readable"), startTime);
+        }
+        // Step 2: Match to category and get tools from registry by tag + depth
+        const category = matchFileType(fileOutput, args.file);
+        const tag = CATEGORY_TAG_MAP[category.name] ?? "fallback";
+        const tools = toolRegistry.byTagAndTier(tag, depth);
+        const toolsRun = [];
+        const toolsFailed = [];
+        const toolsSkipped = [];
+        let totalOutputSize = 0;
+        // Step 3: Run each tool
+        for (const tool of tools) {
+            const cmd = buildCommandFromDefinition(tool, filePath);
+            // Use the greater of user-specified timeout and tool's own timeout
+            const effectiveTimeout = Math.max(perToolTimeout, (tool.timeout ?? 60) * 1000);
+            try {
+                const result = await connector.executeShell(cmd, {
+                    timeout: effectiveTimeout,
+                    cwd: config.samplesDir,
+                });
+                let stderr = result.stderr || "";
+                // Filter Volatility 3 progress bar noise from stderr
+                stderr = stderr.replace(/^Progress:\s+[\d.]+\s+.*$/gm, "").trim();
+                // Detect missing tools by exit code or error messages
+                if (result.exitCode === 127 || stderr.includes("not found") || stderr.includes("No such file or directory")) {
+                    toolsSkipped.push({ name: tool.name, command: cmd, reason: "Tool not installed" });
+                    continue;
+                }
+                let output = result.stdout || stderr || "(no output)";
+                const fullLen = output.length;
+                // Per-tool budget, further reduced if approaching total response budget
+                const remainingBudget = Math.max(5 * 1024, TOTAL_RESPONSE_BUDGET - totalOutputSize);
+                const budget = Math.min(TOOL_OUTPUT_BUDGETS[tool.name] ?? DEFAULT_OUTPUT_BUDGET, remainingBudget);
+                const outputTruncated = output.length > budget;
+                let savedOutputFile;
+                if (outputTruncated) {
+                    // Save full output to output dir for later retrieval
+                    const safeFile = args.file.replace(/[^a-zA-Z0-9._-]/g, "_");
+                    const outFilename = `${tool.name}-${safeFile}.txt`;
+                    try {
+                        const outPath = `${config.outputDir}/${outFilename}`;
+                        await connector.writeFile(outPath, Buffer.from(output, "utf-8"));
+                        savedOutputFile = outFilename;
+                    }
+                    catch {
+                        // Non-fatal: truncation hint won't include file reference
+                    }
+                    output = output.slice(0, budget) +
+                        `\n\n[Truncated at ${Math.round(budget / 1024)}KB of ${Math.round(fullLen / 1024)}KB total` +
+                        (savedOutputFile ? `. Full output: output/${savedOutputFile} — use download_file to retrieve]` : "]");
+                }
+                totalOutputSize += output.length;
+                const parsed = parseToolOutput(tool.name, output);
+                // capa exit code 14 = packed file detected
+                const extraMetadata = {};
+                if ((tool.name === "capa" || tool.name === "capa-json") && result.exitCode === 14) {
+                    extraMetadata.analyst_note = "capa detected a packed file — capabilities analysis may be incomplete. Consider unpacking first.";
+                }
+                toolsRun.push({
+                    name: tool.name,
+                    command: cmd,
+                    output,
+                    exit_code: result.exitCode,
+                    ...(outputTruncated && { truncated: true, full_output_length: fullLen }),
+                    ...(parsed.parsed && {
+                        findings: parsed.findings,
+                        metadata: { ...parsed.metadata, ...extraMetadata },
+                    }),
+                    ...(!parsed.parsed && Object.keys(extraMetadata).length > 0 && { metadata: extraMetadata }),
+                });
+            }
+            catch (error) {
+                const msg = error instanceof Error ? error.message : "Unknown error";
+                if (msg.toLowerCase().includes("timeout")) {
+                    toolsFailed.push({ name: tool.name, command: cmd, error: "Timed out" });
+                }
+                else {
+                    toolsFailed.push({ name: tool.name, command: cmd, error: msg });
+                }
+            }
+        }
+        const combinedOutput = toolsRun.map(t => t.output).join("\n\n");
+        const iocResult = extractIOCs(combinedOutput);
+        return formatResponse("analyze_file", {
+            file: args.file,
+            detected_type: fileOutput,
+            matched_category: category.name,
+            depth,
+            ...(tools.length === 0 && {
+                warning: `No tools registered for category "${category.name}" at depth "${depth}". Try depth "deep" or use run_tool directly.`,
+            }),
+            iocs: iocResult.iocs,
+            ioc_summary: iocResult.summary,
+            tools_run: toolsRun,
+            tools_failed: toolsFailed,
+            tools_skipped: toolsSkipped,
+        }, startTime);
+    }
+    catch (error) {
+        return formatError("analyze_file", toREMnuxError(error), startTime);
+    }
+}
+//# sourceMappingURL=analyze-file.js.map

package/dist/handlers/analyze-file.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyze-file.js","sourceRoot":"","sources":["../../src/handlers/analyze-file.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAE3E,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AACjE,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAEtD,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAelD,MAAM,qBAAqB,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,eAAe;AACxD,MAAM,qBAAqB,GAAG,GAAG,GAAG,IAAI,CAAC,CAAC,+BAA+B;AAEzE,wFAAwF;AACxF,MAAM,mBAAmB,GAA2B;IAClD,KAAK,EAAE,EAAE,GAAG,IAAI;IAChB,QAAQ,EAAE,EAAE,GAAG,IAAI;IACnB,OAAO,EAAE,EAAE,GAAG,IAAI;IAClB,MAAM,EAAE,EAAE,GAAG,IAAI;IACjB,OAAO,EAAE,EAAE,GAAG,IAAI;IAClB,QAAQ,EAAE,EAAE,GAAG,IAAI;IACnB,OAAO,EAAE,EAAE,GAAG,IAAI;CACnB,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,IAAiB,EACjB,IAAqB;IAErB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,CAAC;QACL,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;QACnC,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,KAAK,IAAI,UAAU,CAAc,CAAC;QAEtD,6CAA6C;QAC7C,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YACtB,MAAM,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;YAClE,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;gBACrB,OAAO,WAAW,CAAC,cAAc,EAAE,IAAI,WAAW,CAChD,UAAU,CAAC,KAAK,IAAI,mBAAmB,EACvC,cAAc,EACd,YAAY,EACZ,kDAAkD,CACnD,EAAE,SAAS,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,GAAG,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACrD,MAAM,cAAc,GAAG,CAAC,IAAI,CAAC,gBAAgB,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QAE5D,2BAA2B;QAC3B,IAAI,UAAkB,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/E,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YACzC,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,WAAW,CAAC,cAAc,EAAE,IAAI,WAAW,CAChD,qDAAqD,EACrD,cAAc,EACd,cAAc,EACd,4CAA4C,CAC7C,EAAE,SAAS,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,+BAA+B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC;YACtG,OAAO,WAAW,CAAC,cAAc,EAAE,IAAI,WAAW,CAChD,GAAG,EACH,cAAc,EACd,cAAc,EACd,4CAA4C,CAC7C,EAAE,SAAS,CAAC,CAAC;QAChB,CAAC;QAED,uEAAuE;QACvE,MAAM,QAAQ,GAAG,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACtD,MAAM,GAAG,GAAG,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC;QAC1D,MAAM,KAAK,GAAG,YAAY,CAAC,YAAY,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAEpD,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAiB,EAAE,CAAC;QACrC,MAAM,YAAY,GAAkB,EAAE,CAAC;QACvC,IAAI,eAAe,GAAG,CAAC,CAAC;QAExB,wBAAwB;QACxB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,0BAA0B,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;YACvD,mEAAmE;YACnE,MAAM,gBAAgB,GAAG,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;YAE/E,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,GAAG,EAAE;oBAC/C,OAAO,EAAE,gBAAgB;oBACzB,GAAG,EAAE,MAAM,CAAC,UAAU;iBACvB,CAAC,CAAC;gBAEH,IAAI,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;gBACjC,qDAAqD;gBACrD,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,6BAA6B,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;gBAClE,sDAAsD;gBACtD,IAAI,MAAM,CAAC,QAAQ,KAAK,GAAG,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,2BAA2B,CAAC,EAAE,CAAC;oBAC5G,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC,CAAC;oBACnF,SAAS;gBACX,CAAC;gBAED,IAAI,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,IAAI,aAAa,CAAC;gBACtD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC9B,wEAAwE;gBACxE,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,EAAE,qBAAqB,GAAG,eAAe,CAAC,CAAC;gBACpF,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,qBAAqB,EAAE,eAAe,CAAC,CAAC;gBAClG,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;gBAC/C,IAAI,eAAmC,CAAC;gBACxC,IAAI,eAAe,EAAE,CAAC;oBACpB,qDAAqD;oBACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC;oBAC5D,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,IAAI,IAAI,QAAQ,MAAM,CAAC;oBACnD,IAAI,CAAC;wBACH,MAAM,OAAO,GAAG,GAAG,MAAM,CAAC,SAAS,IAAI,WAAW,EAAE,CAAC;wBACrD,MAAM,SAAS,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;wBACjE,eAAe,GAAG,WAAW,CAAC;oBAChC,CAAC;oBAAC,MAAM,CAAC;wBACP,0DAA0D;oBAC5D,CAAC;oBACD,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC;wBAC9B,qBAAqB,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC,UAAU;wBAC3F,CAAC,eAAe,CAAC,CAAC,CAAC,yBAAyB,eAAe,mCAAmC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBAC1G,CAAC;gBAED,eAAe,IAAI,MAAM,CAAC,MAAM,CAAC;gBAEjC,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;gBAElD,2CAA2C;gBAC3C,MAAM,aAAa,GAA4B,EAAE,CAAC;gBAClD,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,CAAC,IAAI,MAAM,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;oBAClF,aAAa,CAAC,YAAY,GAAG,kGAAkG,CAAC;gBAClI,CAAC;gBAED,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,OAAO,EAAE,GAAG;oBACZ,MAAM;oBACN,SAAS,EAAE,MAAM,CAAC,QAAQ;oBAC1B,GAAG,CAAC,eAAe,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,CAAC;oBACxE,GAAG,CAAC,MAAM,CAAC,MAAM,IAAI;wBACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ;wBACzB,QAAQ,EAAE,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,GAAG,aAAa,EAAE;qBACnD,CAAC;oBACF,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC;iBAC5F,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBACrE,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC1C,WAAW,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;gBAC1E,CAAC;qBAAM,CAAC;oBACN,WAAW,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;gBAClE,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,cAAc,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChE,MAAM,SAAS,GAAG,WAAW,CAAC,cAAc,CAAC,CAAC;QAE9C,OAAO,cAAc,CAAC,cAAc,EAAE;YACpC,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,aAAa,EAAE,UAAU;YACzB,gBAAgB,EAAE,QAAQ,CAAC,IAAI;YAC/B,KAAK;YACL,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI;gBACxB,OAAO,EAAE,qCAAqC,QAAQ,CAAC,IAAI,eAAe,KAAK,+CAA+C;aAC/H,CAAC;YACF,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,WAAW,EAAE,SAAS,CAAC,OAAO;YAC9B,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,WAAW;YACzB,aAAa,EAAE,YAAY;SAC5B,EAAE,SAAS,CAAC,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,WAAW,CAAC,cAAc,EAAE,aAAa,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC;IACtE,CAAC;AACH,CAAC"}

package/dist/handlers/check-tools.d.ts

@@ -0,0 +1,9 @@
+import type { HandlerDeps } from "./types.js";
+export declare function handleCheckTools(deps: HandlerDeps): Promise<{
+    content: Array<{
+        type: "text";
+        text: string;
+    }>;
+    isError?: boolean;
+}>;
+//# sourceMappingURL=check-tools.d.ts.map

package/dist/handlers/check-tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-tools.d.ts","sourceRoot":"","sources":["../../src/handlers/check-tools.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAK9C,wBAAsB,gBAAgB,CAAC,IAAI,EAAE,WAAW;;;;;;GA+CvD"}

package/dist/handlers/check-tools.js

@@ -0,0 +1,47 @@
+import { toolRegistry } from "../tools/registry.js";
+import { formatResponse, formatError } from "../response.js";
+import { toREMnuxError } from "../errors/error-mapper.js";
+export async function handleCheckTools(deps) {
+    const startTime = Date.now();
+    const { connector } = deps;
+    // Collect unique command names from the tool registry
+    const toolNames = new Set();
+    for (const def of toolRegistry.all()) {
+        // Extract the command name (first word)
+        const cmdName = def.command.split(/\s/)[0];
+        toolNames.add(cmdName);
+    }
+    const tools = [];
+    // Verify container connectivity before checking individual tools
+    try {
+        await connector.execute(["true"], { timeout: 5000 });
+    }
+    catch (error) {
+        return formatError("check_tools", toREMnuxError(error), startTime);
+    }
+    try {
+        const results = await Promise.all([...toolNames].map(async (name) => {
+            try {
+                const result = await connector.execute(["which", name], { timeout: 5000 });
+                if (result.exitCode === 0 && result.stdout?.trim()) {
+                    return { tool: name, available: true, path: result.stdout.trim() };
+                }
+                return { tool: name, available: false };
+            }
+            catch {
+                return { tool: name, available: false };
+            }
+        }));
+        tools.push(...results);
+        const available = tools.filter(t => t.available).length;
+        const missing = tools.filter(t => !t.available).length;
+        return formatResponse("check_tools", {
+            summary: { total: tools.length, available, missing },
+            tools: tools.sort((a, b) => a.tool.localeCompare(b.tool)),
+        }, startTime);
+    }
+    catch (error) {
+        return formatError("check_tools", toREMnuxError(error), startTime);
+    }
+}
+//# sourceMappingURL=check-tools.js.map

package/dist/handlers/check-tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-tools.js","sourceRoot":"","sources":["../../src/handlers/check-tools.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE1D,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,IAAiB;IACtD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;IAE3B,sDAAsD;IACtD,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,KAAK,MAAM,GAAG,IAAI,YAAY,CAAC,GAAG,EAAE,EAAE,CAAC;QACrC,wCAAwC;QACxC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;IAED,MAAM,KAAK,GAA+D,EAAE,CAAC;IAE7E,iEAAiE;IACjE,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,WAAW,CAAC,aAAa,EAAE,aAAa,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC;IACrE,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,CAAC,GAAG,SAAS,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;YAChC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC3E,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC;oBACnD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;gBACrE,CAAC;gBACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;YAC1C,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;YAC1C,CAAC;QACH,CAAC,CAAC,CACH,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;QAEvB,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC;QACxD,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC;QAEvD,OAAO,cAAc,CAAC,aAAa,EAAE;YACnC,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE;YACpD,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;SAC1D,EAAE,SAAS,CAAC,CAAC;IAChB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,WAAW,CAAC,aAAa,EAAE,aAAa,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC;IACrE,CAAC;AACH,CAAC"}

package/dist/handlers/download-file.d.ts

@@ -0,0 +1,10 @@
+import type { HandlerDeps } from "./types.js";
+import type { DownloadFileArgs } from "../schemas/tools.js";
+export declare function handleDownloadFile(deps: HandlerDeps, args: DownloadFileArgs): Promise<{
+    content: Array<{
+        type: "text";
+        text: string;
+    }>;
+    isError?: boolean;
+}>;
+//# sourceMappingURL=download-file.d.ts.map

package/dist/handlers/download-file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"download-file.d.ts","sourceRoot":"","sources":["../../src/handlers/download-file.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAiC5D,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,WAAW,EACjB,IAAI,EAAE,gBAAgB;;;;;;GA0IvB"}

package/dist/handlers/download-file.js

@@ -0,0 +1,113 @@
+import { existsSync, statSync } from "fs";
+import { join, basename } from "path";
+import { validateFilePath } from "../security/blocklist.js";
+import { validateHostPath } from "../file-upload.js";
+import { formatResponse, formatError } from "../response.js";
+import { REMnuxError } from "../errors/remnux-error.js";
+import { toREMnuxError } from "../errors/error-mapper.js";
+import { DEFAULT_ARCHIVE_PASSWORD, DEFAULT_ARCHIVE_FORMAT } from "../state/session.js";
+const MAX_DOWNLOAD_SIZE = 200 * 1024 * 1024; // 200MB
+/**
+ * Build the command to create a password-protected archive inside REMnux.
+ */
+function getArchiveCommand(format, archivePath, sourcePath, password) {
+    switch (format) {
+        case "zip":
+            return ["zip", "-j", "-P", password, archivePath, sourcePath];
+        case "7z":
+            return ["7z", "a", `-p${password}`, "-mhe=on", archivePath, sourcePath];
+        case "rar":
+            return ["rar", "a", `-p${password}`, "-hp", archivePath, sourcePath];
+    }
+}
+function archiveExtension(format) {
+    return `.${format}`;
+}
+export async function handleDownloadFile(deps, args) {
+    const startTime = Date.now();
+    const { connector, config } = deps;
+    const shouldArchive = args.archive !== false;
+    // Validate file path (skip unless --sandbox)
+    if (!config.noSandbox) {
+        const validation = validateFilePath(args.file_path, config.outputDir);
+        if (!validation.safe) {
+            return formatError("download_file", new REMnuxError(validation.error || "Invalid file path", "INVALID_PATH", "validation", "Use a relative path within the output directory"), startTime);
+        }
+    }
+    // Validate outputPath
+    const pathValidation = validateHostPath(args.output_path);
+    if (!pathValidation.valid) {
+        return formatError("download_file", new REMnuxError(pathValidation.error || "Invalid output path", "INVALID_PATH", "validation", "Provide an absolute path to a directory on the host filesystem"), startTime);
+    }
+    // Verify output directory exists and is a directory
+    if (!existsSync(args.output_path) || !statSync(args.output_path).isDirectory()) {
+        return formatError("download_file", new REMnuxError(`Output path does not exist or is not a directory: ${args.output_path}`, "INVALID_PATH", "validation", "Provide an absolute path to an existing directory"), startTime);
+    }
+    const fullPath = `${config.outputDir}/${args.file_path}`;
+    try {
+        // Get file size and hash (separate calls to avoid shell interpolation)
+        const statResult = await connector.execute(["stat", "-c", "%s", fullPath], { timeout: 30000 });
+        const hashResult = await connector.execute(["sha256sum", fullPath], { timeout: 30000 });
+        const sizeBytes = parseInt((statResult.stdout || "0").trim(), 10);
+        // Guard against oversized downloads
+        if (sizeBytes > MAX_DOWNLOAD_SIZE) {
+            return formatError("download_file", new REMnuxError(`File exceeds ${MAX_DOWNLOAD_SIZE / 1024 / 1024}MB download limit (got ${(sizeBytes / 1024 / 1024).toFixed(2)}MB)`, "FILE_TOO_LARGE", "validation", "Use run_tool with 'split' to break the file into smaller parts first"), startTime);
+        }
+        const sha256 = (hashResult.stdout || "").trim().split(/\s+/)[0] || "unknown";
+        const filename = basename(args.file_path);
+        if (shouldArchive) {
+            // Determine archive format and password from session state
+            const archiveMeta = deps.sessionState.getArchiveInfo(filename);
+            const archiveFormat = archiveMeta?.format ?? DEFAULT_ARCHIVE_FORMAT;
+            const archivePassword = archiveMeta?.password ?? DEFAULT_ARCHIVE_PASSWORD;
+            // Defense-in-depth: reject passwords with shell metacharacters
+            if (/[;&|`$\n\r'"\\]/.test(archivePassword)) {
+                return formatError("download_file", new REMnuxError("Archive password contains unsafe characters", "INVALID_PASSWORD", "validation", "Try downloading with archive: false"), startTime);
+            }
+            // Create temp archive path inside REMnux
+            const timestamp = Date.now();
+            const archiveName = `${filename}${archiveExtension(archiveFormat)}`;
+            const remoteTmpArchive = `/tmp/dl_${timestamp}_${archiveName}`;
+            // Create password-protected archive
+            const archiveCmd = getArchiveCommand(archiveFormat, remoteTmpArchive, fullPath, archivePassword);
+            const archiveResult = await connector.execute(archiveCmd, {
+                timeout: Math.max(60000, sizeBytes / 1024),
+            });
+            if (archiveResult.exitCode !== 0) {
+                return formatError("download_file", new REMnuxError(`Failed to create archive: ${archiveResult.stderr || archiveResult.stdout}`, "ARCHIVE_FAILED", "tool_failure", "Try downloading with archive: false"), startTime);
+            }
+            // Transfer archive to host
+            const hostPath = join(args.output_path, archiveName);
+            try {
+                await connector.readFileToPath(remoteTmpArchive, hostPath);
+            }
+            finally {
+                // Clean up temp archive inside REMnux
+                await connector.execute(["rm", "-f", remoteTmpArchive], { timeout: 10000 }).catch(() => { });
+            }
+            return formatResponse("download_file", {
+                file_path: args.file_path,
+                size_bytes: sizeBytes,
+                sha256,
+                host_path: hostPath,
+                archived: true,
+                archive_format: archiveFormat,
+                archive_password: archivePassword,
+            }, startTime);
+        }
+        // No archiving — transfer raw file
+        const hostPath = join(args.output_path, filename);
+        await connector.readFileToPath(fullPath, hostPath);
+        return formatResponse("download_file", {
+            file_path: args.file_path,
+            size_bytes: sizeBytes,
+            sha256,
+            host_path: hostPath,
+            archived: false,
+        }, startTime);
+    }
+    catch (error) {
+        return formatError("download_file", toREMnuxError(error), startTime);
+    }
+}
+//# sourceMappingURL=download-file.js.map

package/dist/handlers/download-file.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"download-file.js","sourceRoot":"","sources":["../../src/handlers/download-file.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AAC1C,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AAGtC,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,wBAAwB,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAEvF,MAAM,iBAAiB,GAAG,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,QAAQ;AAErD;;GAEG;AACH,SAAS,iBAAiB,CACxB,MAA4B,EAC5B,WAAmB,EACnB,UAAkB,EAClB,QAAgB;IAEhB,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,KAAK;YACR,OAAO,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;QAChE,KAAK,IAAI;YACP,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,QAAQ,EAAE,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;QAC1E,KAAK,KAAK;YACR,OAAO,CAAC,KAAK,EAAE,GAAG,EAAE,KAAK,QAAQ,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,MAA4B;IACpD,OAAO,IAAI,MAAM,EAAE,CAAC;AACtB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAAiB,EACjB,IAAsB;IAEtB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACnC,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,KAAK,KAAK,CAAC;IAE7C,6CAA6C;IAC7C,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QACtB,MAAM,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;QACtE,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;YACrB,OAAO,WAAW,CAAC,eAAe,EAAE,IAAI,WAAW,CACjD,UAAU,CAAC,KAAK,IAAI,mBAAmB,EACvC,cAAc,EACd,YAAY,EACZ,iDAAiD,CAClD,EAAE,SAAS,CAAC,CAAC;QAChB,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,cAAc,GAAG,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC1D,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAC1B,OAAO,WAAW,CAAC,eAAe,EAAE,IAAI,WAAW,CACjD,cAAc,CAAC,KAAK,IAAI,qBAAqB,EAC7C,cAAc,EACd,YAAY,EACZ,gEAAgE,CACjE,EAAE,SAAS,CAAC,CAAC;IAChB,CAAC;IAED,oDAAoD;IACpD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/E,OAAO,WAAW,CAAC,eAAe,EAAE,IAAI,WAAW,CACjD,qDAAqD,IAAI,CAAC,WAAW,EAAE,EACvE,cAAc,EACd,YAAY,EACZ,mDAAmD,CACpD,EAAE,SAAS,CAAC,CAAC;IAChB,CAAC;IAED,MAAM,QAAQ,GAAG,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;IAEzD,IAAI,CAAC;QACH,uEAAuE;QACvE,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,OAAO,CACxC,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,EAC9B,EAAE,OAAO,EAAE,KAAK,EAAE,CACnB,CAAC;QACF,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,OAAO,CACxC,CAAC,WAAW,EAAE,QAAQ,CAAC,EACvB,EAAE,OAAO,EAAE,KAAK,EAAE,CACnB,CAAC;QAEF,MAAM,SAAS,GAAG,QAAQ,CAAC,CAAC,UAAU,CAAC,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAElE,oCAAoC;QACpC,IAAI,SAAS,GAAG,iBAAiB,EAAE,CAAC;YAClC,OAAO,WAAW,CAAC,eAAe,EAAE,IAAI,WAAW,CACjD,gBAAgB,iBAAiB,GAAG,IAAI,GAAG,IAAI,0BAA0B,CAAC,SAAS,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAClH,gBAAgB,EAChB,YAAY,EACZ,sEAAsE,CACvE,EAAE,SAAS,CAAC,CAAC;QAChB,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,UAAU,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;QAC7E,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE1C,IAAI,aAAa,EAAE,CAAC;YAClB,2DAA2D;YAC3D,MAAM,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAC/D,MAAM,aAAa,GAAG,WAAW,EAAE,MAAM,IAAI,sBAAsB,CAAC;YACpE,MAAM,eAAe,GAAG,WAAW,EAAE,QAAQ,IAAI,wBAAwB,CAAC;YAE1E,+DAA+D;YAC/D,IAAI,iBAAiB,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;gBAC5C,OAAO,WAAW,CAAC,eAAe,EAAE,IAAI,WAAW,CACjD,6CAA6C,EAC7C,kBAAkB,EAClB,YAAY,EACZ,qCAAqC,CACtC,EAAE,SAAS,CAAC,CAAC;YAChB,CAAC;YAED,yCAAyC;YACzC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC7B,MAAM,WAAW,GAAG,GAAG,QAAQ,GAAG,gBAAgB,CAAC,aAAa,CAAC,EAAE,CAAC;YACpE,MAAM,gBAAgB,GAAG,WAAW,SAAS,IAAI,WAAW,EAAE,CAAC;YAE/D,oCAAoC;YACpC,MAAM,UAAU,GAAG,iBAAiB,CAAC,aAAa,EAAE,gBAAgB,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;YACjG,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE;gBACxD,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,GAAG,IAAI,CAAC;aAC3C,CAAC,CAAC;YAEH,IAAI,aAAa,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;gBACjC,OAAO,WAAW,CAAC,eAAe,EAAE,IAAI,WAAW,CACjD,6BAA6B,aAAa,CAAC,MAAM,IAAI,aAAa,CAAC,MAAM,EAAE,EAC3E,gBAAgB,EAChB,cAAc,EACd,qCAAqC,CACtC,EAAE,SAAS,CAAC,CAAC;YAChB,CAAC;YAED,2BAA2B;YAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;YACrD,IAAI,CAAC;gBACH,MAAM,SAAS,CAAC,cAAc,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;YAC7D,CAAC;oBAAS,CAAC;gBACT,sCAAsC;gBACtC,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,gBAAgB,CAAC,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YAC9F,CAAC;YAED,OAAO,cAAc,CAAC,eAAe,EAAE;gBACrC,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,UAAU,EAAE,SAAS;gBACrB,MAAM;gBACN,SAAS,EAAE,QAAQ;gBACnB,QAAQ,EAAE,IAAI;gBACd,cAAc,EAAE,aAAa;gBAC7B,gBAAgB,EAAE,eAAe;aAClC,EAAE,SAAS,CAAC,CAAC;QAChB,CAAC;QAED,mCAAmC;QACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QAClD,MAAM,SAAS,CAAC,cAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAEnD,OAAO,cAAc,CAAC,eAAe,EAAE;YACrC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,UAAU,EAAE,SAAS;YACrB,MAAM;YACN,SAAS,EAAE,QAAQ;YACnB,QAAQ,EAAE,KAAK;SAChB,EAAE,SAAS,CAAC,CAAC;IAChB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,WAAW,CAAC,eAAe,EAAE,aAAa,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC;IACvE,CAAC;AACH,CAAC"}

package/dist/handlers/download-from-url.d.ts

@@ -0,0 +1,30 @@
+import type { HandlerDeps } from "./types.js";
+import type { DownloadFromUrlArgs } from "../schemas/tools.js";
+/**
+ * Validate a URL for download: must be http(s), no control chars, no single quotes.
+ */
+export declare function validateUrl(url: string): {
+    valid: boolean;
+    error?: string;
+};
+/**
+ * Validate a single HTTP header string.
+ * Must be "Name: value" with no injection characters.
+ */
+export declare function validateHeader(header: string): {
+    valid: boolean;
+    error?: string;
+};
+/**
+ * Derive a filename from a URL path.
+ * Falls back to "downloaded_sample" if no basename can be extracted.
+ */
+export declare function deriveFilename(url: string): string;
+export declare function handleDownloadFromUrl(deps: HandlerDeps, args: DownloadFromUrlArgs): Promise<{
+    content: Array<{
+        type: "text";
+        text: string;
+    }>;
+    isError?: boolean;
+}>;
+//# sourceMappingURL=download-from-url.d.ts.map

package/dist/handlers/download-from-url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"download-from-url.d.ts","sourceRoot":"","sources":["../../src/handlers/download-from-url.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AA4B/D;;GAEG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAkB3E;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAYjF;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAkBlD;AAED,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,WAAW,EACjB,IAAI,EAAE,mBAAmB;;;;;;GA0H1B"}