@usex/mikrotik-mcp 2.1.0 → 2.3.0

package/dist/cli.js

@@ -29,6 +29,10 @@ var DeviceConfigSchema = z.object({
   privateKey: z.string().optional(),
   keyPassphrase: z.string().optional(),
   timeoutMs: z.coerce.number().int().positive().default(1e4),
+  mac: z.string().optional(),
+  sourceMac: z.string().optional(),
+  macHost: z.string().optional(),
+  macPort: z.coerce.number().int().positive().optional(),
   description: z.string().optional()
 });
 var S3ConfigSchema = z.object({
@@ -116,7 +120,11 @@ function loadConfig(argv = process.argv.slice(2)) {
     keyFilename: pick("key-filename", "MIKROTIK_KEY_FILENAME"),
     privateKey: pick("private-key", "MIKROTIK_PRIVATE_KEY"),
     keyPassphrase: pick("key-passphrase", "MIKROTIK_KEY_PASSPHRASE"),
-    timeoutMs: pick("timeout-ms", "MIKROTIK_TIMEOUT_MS")
+    timeoutMs: pick("timeout-ms", "MIKROTIK_TIMEOUT_MS"),
+    mac: pick("mac", "MIKROTIK_MAC"),
+    sourceMac: pick("source-mac", "MIKROTIK_SOURCE_MAC"),
+    macHost: pick("mac-host", "MIKROTIK_MAC_HOST"),
+    macPort: pick("mac-port", "MIKROTIK_MAC_PORT")
   };
   const hasSingle = Object.values(single).some((v) => v !== undefined);
   const devices = {};
@@ -250,6 +258,340 @@ var logger = {
   error: (m) => emit("error", m)
 };
 
+// src/mac-telnet/console.ts
+import { MacTelnetSession } from "@tikoci/centrs/protocols";
+var ESC = "\x1B";
+var enc = new TextEncoder;
+var ANSI_CSI = new RegExp(`${ESC}\\[[0-9;?]*[ -/]*[@-~]`, "g");
+var ANSI_ESC2 = new RegExp(`${ESC}[@-_]`, "g");
+var ROUTEROS_PROMPT_RE = /\[[^\]@\r\n]+@[^\]\r\n]*\][^\r\n]*>\s*$/;
+var TICK_INTERVAL_MS = 15;
+var LICENSE_RE = /do you want to see the software license/i;
+function emulateScreen(text) {
+  const clean = text.replace(ANSI_CSI, "").replace(ANSI_ESC2, "");
+  const lines = [[]];
+  let row = 0;
+  let col = 0;
+  for (const ch of clean) {
+    const code = ch.charCodeAt(0);
+    if (ch === `
+`) {
+      row += 1;
+      if (!lines[row])
+        lines[row] = [];
+      col = 0;
+    } else if (ch === "\r") {
+      col = 0;
+    } else if (code === 8) {
+      col = Math.max(0, col - 1);
+    } else if (code >= 32 && code !== 127) {
+      const line = lines[row];
+      line[col] = ch;
+      col += 1;
+    }
+  }
+  return lines.map((line) => Array.from(line, (c) => c ?? " ").join("").replace(/\s+$/, ""));
+}
+function extractCommandOutput(raw, command) {
+  const lines = emulateScreen(raw);
+  let start = 1;
+  if (command !== undefined && lines.length > 0) {
+    const first = lines[0] ?? "";
+    const promptMatch = first.match(/^\[[^\]\r\n]*\][^\r\n]*?>\s?/);
+    const echoedOnFirst = promptMatch ? first.slice(promptMatch[0].length) : first;
+    let consumed = echoedOnFirst.length;
+    while (consumed < command.length && start < lines.length) {
+      consumed += (lines[start] ?? "").length;
+      start += 1;
+    }
+  }
+  const body = lines.slice(start);
+  while (body.length > 0) {
+    const last = body[body.length - 1];
+    if (last.length === 0 || ROUTEROS_PROMPT_RE.test(last)) {
+      body.pop();
+      continue;
+    }
+    break;
+  }
+  return body.join(`
+`);
+}
+
+class MacTelnetConsole {
+  options;
+  session;
+  buffer = "";
+  ready = false;
+  closed = false;
+  closeError;
+  waiter;
+  tickTimer;
+  readyWaiters = [];
+  decoder = new TextDecoder;
+  probeTail = "";
+  constructor(options) {
+    this.options = {
+      rows: 9999,
+      cols: 512,
+      primeTimeoutMs: 30000,
+      commandTimeoutMs: 15000,
+      settleMs: 150,
+      acceptLicense: true,
+      ...options
+    };
+    this.session = new MacTelnetSession({
+      sink: options.sink,
+      sourceMac: options.sourceMac,
+      destinationMac: options.destinationMac,
+      username: options.username,
+      password: options.password,
+      sessionKey: options.sessionKey,
+      terminalType: "vt102",
+      terminalWidth: this.options.cols,
+      terminalHeight: this.options.rows,
+      onReady: () => this.onReady(),
+      onData: (bytes) => this.onData(bytes),
+      onClose: (error) => this.onClose(error)
+    });
+  }
+  handlePacket(bytes) {
+    try {
+      this.session.handlePacket(bytes);
+    } catch (error) {
+      this.onClose(error instanceof Error ? error : new Error("Failed to process a MAC-Telnet datagram."));
+    }
+  }
+  async open() {
+    this.tickTimer = setInterval(() => {
+      try {
+        this.session.tick(Date.now());
+      } catch {}
+    }, TICK_INTERVAL_MS);
+    this.tickTimer.unref?.();
+    this.session.start();
+    await this.waitReady(this.options.primeTimeoutMs);
+    await this.waitFor((buffer) => this.endsWithPrompt(buffer) || LICENSE_RE.test(buffer), this.options.primeTimeoutMs, "waiting for the RouterOS console prompt");
+    if (this.options.acceptLicense && LICENSE_RE.test(this.buffer)) {
+      this.buffer = "";
+      this.session.sendInput(enc.encode("n\r"));
+      await this.waitFor((buffer) => this.endsWithPrompt(buffer), this.options.primeTimeoutMs, "waiting for the prompt after the license screen");
+    }
+    this.buffer = "";
+    this.session.sendInput(enc.encode("\r"));
+    await this.waitFor((buffer) => this.endsWithPrompt(buffer), this.options.commandTimeoutMs, "waiting for a clean prompt");
+    this.buffer = "";
+  }
+  async run(cli) {
+    this.assertOpen();
+    this.buffer = "";
+    this.session.sendInput(enc.encode(`${cli}\r`));
+    await this.waitFor((buffer) => this.endsWithPrompt(buffer), this.options.commandTimeoutMs, `running over mac-telnet: ${cli}`);
+    const raw = this.buffer;
+    return { output: extractCommandOutput(raw, cli), raw };
+  }
+  close() {
+    if (this.tickTimer) {
+      clearInterval(this.tickTimer);
+      this.tickTimer = undefined;
+    }
+    if (!this.closed)
+      this.session.end();
+  }
+  get isReady() {
+    return this.ready && !this.closed;
+  }
+  onReady() {
+    this.ready = true;
+    for (const w of this.readyWaiters.splice(0))
+      w.resolve();
+  }
+  onData(bytes) {
+    const chunk = this.decoder.decode(bytes, { stream: true });
+    const combined = `${this.probeTail}${chunk}`;
+    this.answerSizeProbe(combined);
+    this.probeTail = combined.slice(-3);
+    this.buffer += chunk;
+    this.checkWaiter();
+  }
+  onClose(error) {
+    this.closed = true;
+    this.closeError = error;
+    if (this.tickTimer) {
+      clearInterval(this.tickTimer);
+      this.tickTimer = undefined;
+    }
+    const failure = error ?? new Error("The MAC-Telnet console session closed.");
+    for (const w of this.readyWaiters.splice(0))
+      w.reject(failure);
+    if (this.waiter) {
+      const waiter = this.waiter;
+      this.waiter = undefined;
+      clearTimeout(waiter.timeout);
+      if (waiter.settle)
+        clearTimeout(waiter.settle);
+      waiter.reject(failure);
+    }
+  }
+  answerSizeProbe(chunk) {
+    if (chunk.includes(`${ESC}[6n`)) {
+      this.session.sendInput(enc.encode(`${ESC}[${this.options.rows};${this.options.cols}R`));
+    }
+    if (chunk.includes(`${ESC}Z`) || chunk.includes(`${ESC}[c`)) {
+      this.session.sendInput(enc.encode(`${ESC}[?6c`));
+    }
+  }
+  endsWithPrompt(buffer) {
+    const lines = emulateScreen(buffer).filter((line) => line.length > 0);
+    return ROUTEROS_PROMPT_RE.test(lines[lines.length - 1] ?? "");
+  }
+  waitReady(timeoutMs) {
+    if (this.ready)
+      return Promise.resolve();
+    if (this.closed) {
+      return Promise.reject(this.closeError ?? new Error("The MAC-Telnet session closed before login completed."));
+    }
+    return new Promise((resolve, reject) => {
+      let timer;
+      const entry = {
+        resolve: () => {
+          clearTimeout(timer);
+          resolve();
+        },
+        reject: (error) => {
+          clearTimeout(timer);
+          reject(error);
+        }
+      };
+      timer = setTimeout(() => {
+        this.readyWaiters = this.readyWaiters.filter((w) => w !== entry);
+        reject(new Error("MAC-Telnet login did not complete \u2014 no console response from the device. " + "Confirm the device is reachable over mac-telnet (mac-server interface list) and the credentials are correct."));
+      }, timeoutMs);
+      this.readyWaiters.push(entry);
+    });
+  }
+  waitFor(predicate, timeoutMs, label) {
+    if (this.closed) {
+      return Promise.reject(this.closeError ?? new Error(`MAC-Telnet session closed while ${label}.`));
+    }
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        this.waiter = undefined;
+        reject(new Error(`Timed out ${label}. The RouterOS console did not return a prompt in time; ` + "raise the timeout or confirm the device is responsive over mac-telnet."));
+      }, timeoutMs);
+      this.waiter = { predicate, resolve, reject, timeout };
+      this.checkWaiter();
+    });
+  }
+  checkWaiter() {
+    const waiter = this.waiter;
+    if (!waiter)
+      return;
+    if (!waiter.predicate(this.buffer)) {
+      if (waiter.settle) {
+        clearTimeout(waiter.settle);
+        waiter.settle = undefined;
+      }
+      return;
+    }
+    if (waiter.settle)
+      clearTimeout(waiter.settle);
+    waiter.settle = setTimeout(() => {
+      if (this.waiter !== waiter)
+        return;
+      this.waiter = undefined;
+      clearTimeout(waiter.timeout);
+      waiter.resolve();
+    }, this.options.settleMs);
+  }
+  assertOpen() {
+    if (!this.ready || this.closed) {
+      throw new Error("The MAC-Telnet console is not open. Call open() and await it before running commands.");
+    }
+  }
+}
+
+// src/mac-telnet/client.ts
+import {
+  DEFAULT_MAC_TELNET_BROADCAST,
+  isBroadcastHost,
+  MAC_TELNET_PORT,
+  createUdpMacTelnetTransport,
+  parseMac,
+  resolveMacTelnetRoute
+} from "@tikoci/centrs/protocols";
+
+class MikroTikMacTelnetClient {
+  transport = null;
+  console = null;
+  opts;
+  lastError;
+  constructor(opts) {
+    this.opts = {
+      port: MAC_TELNET_PORT,
+      timeoutMs: 1e4,
+      ...opts
+    };
+  }
+  async connect() {
+    this.lastError = undefined;
+    try {
+      const destinationMac = parseMac(this.opts.mac);
+      const explicitSourceMac = this.opts.sourceMac ? parseMac(this.opts.sourceMac) : undefined;
+      const host = this.opts.host ?? DEFAULT_MAC_TELNET_BROADCAST;
+      const route = await resolveMacTelnetRoute({
+        destinationMac,
+        host,
+        port: this.opts.port,
+        timeoutMs: this.opts.timeoutMs,
+        explicitSourceMac
+      });
+      const transport = createUdpMacTelnetTransport({
+        host: route.host,
+        port: this.opts.port,
+        broadcast: isBroadcastHost(route.host)
+      });
+      this.transport = transport;
+      await transport.ready();
+      const console = new MacTelnetConsole({
+        sink: transport,
+        sourceMac: route.sourceMac,
+        destinationMac,
+        username: this.opts.username,
+        password: this.opts.password ?? "",
+        primeTimeoutMs: Math.max(this.opts.timeoutMs, 30000),
+        commandTimeoutMs: Math.max(this.opts.timeoutMs, 15000)
+      });
+      this.console = console;
+      transport.onMessage((bytes) => console.handlePacket(bytes));
+      await console.open();
+      return true;
+    } catch (e) {
+      this.lastError = e instanceof Error ? e.message : String(e);
+      logger.error(`Failed to connect to MikroTik over MAC-Telnet: ${this.lastError}`);
+      this.disconnect();
+      return false;
+    }
+  }
+  async run(command) {
+    if (!this.console || !this.console.isReady) {
+      throw new Error("Not connected to MikroTik device (MAC-Telnet)");
+    }
+    const { output } = await this.console.run(command);
+    return output;
+  }
+  disconnect() {
+    try {
+      this.console?.close();
+    } catch {}
+    try {
+      this.transport?.close();
+    } catch {}
+    this.console = null;
+    this.transport = null;
+  }
+}
+
 // src/ssh/client.ts
 import { readFileSync as readFileSync2 } from "fs";
 import { Client } from "ssh2";
@@ -352,6 +694,45 @@ class MikroTikSSHClient {
   }
 }
 
+// src/core/transport.ts
+function isMacTelnetDevice(dc) {
+  return Boolean(dc.mac);
+}
+function createDeviceClient(dc) {
+  if (isMacTelnetDevice(dc)) {
+    return new MikroTikMacTelnetClient({
+      mac: dc.mac,
+      username: dc.username,
+      password: dc.password,
+      sourceMac: dc.sourceMac,
+      host: dc.macHost,
+      port: dc.macPort,
+      timeoutMs: dc.timeoutMs
+    });
+  }
+  return new MikroTikSSHClient({
+    host: dc.host,
+    username: dc.username,
+    password: dc.password,
+    keyFilename: dc.keyFilename,
+    privateKey: dc.privateKey,
+    keyPassphrase: dc.keyPassphrase,
+    port: dc.port,
+    timeoutMs: dc.timeoutMs
+  });
+}
+function describeTransport(dc) {
+  return dc.mac ? `MAC ${dc.mac} (mac-telnet)` : `${dc.host}:${dc.port}`;
+}
+function connectErrorMessage(name, dc, lastError) {
+  const reason = lastError ? ` \u2014 ${lastError}` : "";
+  if (dc.mac) {
+    return `Failed to connect to MikroTik device '${name}' over MAC-Telnet at ${dc.mac}${reason}. ` + "Check you are on the same Layer-2 segment, MAC-Telnet is enabled (/tool mac-server) on a reachable interface, and the credentials are correct.";
+  }
+  const authMode = dc.keyFilename || dc.privateKey ? "SSH key" : dc.password ? "password" : "no credentials";
+  return `Failed to connect to MikroTik device '${name}' at ${dc.host}:${dc.port} (auth: ${authMode})${reason}. ` + "Check the host/port are reachable, the SSH service is enabled (/ip service), and the credentials are correct.";
+}
+
 // src/tools/address-list.ts
 import { z as z3 } from "zod";
 
@@ -389,6 +770,9 @@ class SafeModeManager {
       if (this.active)
         return "Safe mode is already active.";
       const dc = getDevice(this.deviceName);
+      if (dc.mac) {
+        return "Error: Safe Mode is not supported for a MAC-Telnet device " + `('${this.deviceName}' is reached by MAC ${dc.mac}). ` + "Connect over SSH (configure host/credentials) to use Safe Mode.";
+      }
       const ssh = new MikroTikSSHClient({
         host: dc.host,
         username: dc.username,
@@ -523,25 +907,14 @@ function getSafeModeManager(deviceName) {
 async function runOnce(command, deviceName) {
   const name = resolveDeviceName(deviceName);
   const dc = getDevice(deviceName);
-  const ssh = new MikroTikSSHClient({
-    host: dc.host,
-    username: dc.username,
-    password: dc.password,
-    keyFilename: dc.keyFilename,
-    privateKey: dc.privateKey,
-    keyPassphrase: dc.keyPassphrase,
-    port: dc.port,
-    timeoutMs: dc.timeoutMs
-  });
+  const client = createDeviceClient(dc);
   try {
-    if (!await ssh.connect()) {
-      const authMode = dc.keyFilename || dc.privateKey ? "SSH key" : dc.password ? "password" : "no credentials";
-      const reason = ssh.lastError ? ` \u2014 ${ssh.lastError}` : "";
-      throw new Error(`Failed to connect to MikroTik device '${name}' at ${dc.host}:${dc.port} (auth: ${authMode})${reason}. ` + "Check the host/port are reachable, the SSH service is enabled (/ip service), and the credentials are correct.");
+    if (!await client.connect()) {
+      throw new Error(connectErrorMessage(name, dc, client.lastError));
     }
-    return await ssh.run(command);
+    return await client.run(command);
   } finally {
-    ssh.disconnect();
+    client.disconnect();
   }
 }
 async function executeMikrotikCommand(command, ctx) {
@@ -17276,30 +17649,34 @@ function getDeviceStatus(name) {
   return statuses.get(name) ?? UNKNOWN;
 }
 async function probeDevice(name, dc) {
-  const ssh = new MikroTikSSHClient({
-    host: dc.host,
-    username: dc.username,
-    password: dc.password,
-    port: dc.port,
-    keyFilename: dc.keyFilename,
-    privateKey: dc.privateKey,
-    keyPassphrase: dc.keyPassphrase,
+  if (dc.mac) {
+    const status2 = {
+      reachable: null,
+      checkedAt: Date.now(),
+      latencyMs: null,
+      error: "MAC-Telnet device \u2014 reachability is verified on tool use, not background-probed."
+    };
+    statuses.set(name, status2);
+    return status2;
+  }
+  const client = createDeviceClient({
+    ...dc,
     timeoutMs: Math.min(dc.timeoutMs ?? 1e4, 8000)
   });
   const t0 = Date.now();
   let status;
   try {
-    const ok = await ssh.connect();
+    const ok = await client.connect();
     if (!ok) {
       status = {
         reachable: false,
         checkedAt: Date.now(),
         latencyMs: null,
-        error: ssh.lastError ?? "connection failed"
+        error: client.lastError ?? "connection failed"
       };
     } else {
-      const identity = parseKeyValues(await ssh.run("/system identity print")).name;
-      const version = parseKeyValues(await ssh.run("/system resource print")).version;
+      const identity = parseKeyValues(await client.run("/system identity print")).name;
+      const version = parseKeyValues(await client.run("/system resource print")).version;
       status = {
         reachable: true,
         checkedAt: Date.now(),
@@ -17316,7 +17693,7 @@ async function probeDevice(name, dc) {
       error: e instanceof Error ? e.message : String(e)
     };
   } finally {
-    ssh.disconnect();
+    client.disconnect();
   }
   statuses.set(name, status);
   return status;
@@ -17662,8 +18039,11 @@ function devicesPayload(store2) {
     name,
     host: dc.host,
     port: dc.port,
+    mac: dc.mac,
+    transport: dc.mac ? "mac-telnet" : "ssh",
+    address: dc.mac ? dc.mac : `${dc.host}:${dc.port}`,
     username: dc.username,
-    authMode: dc.keyFilename || dc.privateKey ? "key" : dc.password ? "password" : "none",
+    authMode: dc.mac ? "mac-telnet" : dc.keyFilename || dc.privateKey ? "key" : dc.password ? "password" : "none",
     isDefault: name === cfg.defaultDevice,
     description: dc.description,
     status: getDeviceStatus(name),
@@ -17687,10 +18067,10 @@ function sseResponse(transportLabel) {
   let ping;
   const stream = new ReadableStream({
     start(controller) {
-      const enc = new TextEncoder;
+      const enc2 = new TextEncoder;
       const send = (text) => {
         try {
-          controller.enqueue(enc.encode(text));
+          controller.enqueue(enc2.encode(text));
         } catch {}
       };
       send(`event: hello
@@ -17978,7 +18358,7 @@ function registerPrompts(server) {
 // package.json
 var package_default = {
   name: "@usex/mikrotik-mcp",
-  version: "2.1.0",
+  version: "2.3.0",
   description: "Bun-native MCP server for MikroTik RouterOS \u2014 200+ tools over SSH for firewall, NAT, routing, DHCP, DNS, WireGuard, wireless, QoS and more.",
   keywords: [
     "ai",
@@ -18052,6 +18432,7 @@ var package_default = {
   dependencies: {
     "@modelcontextprotocol/ext-apps": "^1.7.4",
     "@modelcontextprotocol/sdk": "^1.29.0",
+    "@tikoci/centrs": "^0.1.0",
     ssh2: "^1.17.0",
     zod: "^4.4.3"
   },
@@ -18310,9 +18691,9 @@ function listDevicesCli() {
   const cfg = loadConfig();
   for (const [name, d] of Object.entries(cfg.devices)) {
     const tag = name === cfg.defaultDevice ? " (default)" : "";
-    const auth = d.keyFilename || d.privateKey ? "key" : d.password ? "password" : "none";
+    const auth = d.mac ? "mac-telnet" : d.keyFilename || d.privateKey ? "key" : d.password ? "password" : "none";
     const desc = d.description ? ` \u2014 ${d.description}` : "";
-    process.stdout.write(`${name}${tag}	${d.username}@${d.host}:${d.port} [auth: ${auth}]${desc}
+    process.stdout.write(`${name}${tag}	${d.username}@${describeTransport(d)} [auth: ${auth}]${desc}
 `);
   }
   process.stdout.write(`
@@ -18320,31 +18701,22 @@ ${Object.keys(cfg.devices).length} device(s)
 `);
 }
 async function probeDevice2(name, d) {
-  const authMode = d.keyFilename || d.privateKey ? "SSH key" : "password";
-  logger.info(`[${name}] Connecting to ${d.username}@${d.host}:${d.port} (auth: ${authMode}) \u2026`);
-  const ssh = new MikroTikSSHClient({
-    host: d.host,
-    username: d.username,
-    password: d.password,
-    keyFilename: d.keyFilename,
-    privateKey: d.privateKey,
-    keyPassphrase: d.keyPassphrase,
-    port: d.port,
-    timeoutMs: d.timeoutMs
-  });
-  if (!await ssh.connect()) {
-    logger.error(`[${name}] Connection FAILED. Check host/credentials/reachability.`);
+  const authMode = d.mac ? "mac-telnet" : d.keyFilename || d.privateKey ? "SSH key" : "password";
+  logger.info(`[${name}] Connecting to ${d.username}@${describeTransport(d)} (auth: ${authMode}) \u2026`);
+  const client = createDeviceClient(d);
+  if (!await client.connect()) {
+    logger.error(`[${name}] Connection FAILED. ${client.lastError ?? "Check credentials/reachability."}`);
     return false;
   }
   try {
-    const identity = (await ssh.run("/system identity print")).trim();
+    const identity = (await client.run("/system identity print")).trim();
     process.stdout.write(`
 [${name}] Connection OK.
 ${identity}
 `);
     return true;
   } finally {
-    ssh.disconnect();
+    client.disconnect();
   }
 }
 async function authCheck() {