npm - @usex/mikrotik-mcp - Versions diffs - 2.2.0 → 2.4.0 - Mend

@usex/mikrotik-mcp 2.2.0 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/cli.js +160 -894
package/dist/index.js +20 -882
package/dist/ui/observability.html +7 -7
package/package.json +2 -1

package/dist/cli.js CHANGED Viewed

@@ -258,880 +258,8 @@ var logger = {
   error: (m) => emit("error", m)
 };
-// src/mac-telnet/protocol.ts
-import { createHash as createHash2, randomBytes as randomBytes2, randomInt } from "crypto";
-import { createSocket } from "dgram";
-import { readFileSync as readFileSync2 } from "fs";
-import { networkInterfaces } from "os";
-// src/mac-telnet/ec-srp5.ts
-import { createHash, randomBytes } from "crypto";
-var EC_SRP5_PUBKEY_LEN = 33;
-var P = BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed");
-var A = BigInt("0x2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa984914a144");
-var B = BigInt("0x7b425ed097b425ed097b425ed097b425ed097b425ed097b4260b5e9c7710c864");
-var N = BigInt("0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed");
-var GX = BigInt("0x2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad245a");
-var GY = BigInt("0x5f51e65e475f794b1fe122d388b72eb36dc2b28192839e4dd6163a5d81312c14");
-var W2M = BigInt("0x555555555555555555555555555555555555555555555555555555555552db9c");
-var M2W = BigInt("0x2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad2451");
-var SQRT_M1 = modPow(2n, (P - 1n) / 4n, P);
-var G = { x: GX, y: GY };
-function mod(value, m) {
-  const r = value % m;
-  return r < 0n ? r + m : r;
-}
-function modPow(base, exp, m) {
-  let result = 1n;
-  let b = mod(base, m);
-  let e = exp;
-  while (e > 0n) {
-    if (e & 1n)
-      result = result * b % m;
-    b = b * b % m;
-    e >>= 1n;
-  }
-  return result;
-}
-function modInv(value) {
-  return modPow(value, P - 2n, P);
-}
-function modSqrt(a) {
-  const aa = mod(a, P);
-  if (aa === 0n)
-    return 0n;
-  let x = modPow(aa, (P + 3n) / 8n, P);
-  if (x * x % P === aa)
-    return x;
-  x = mod(x * SQRT_M1, P);
-  if (x * x % P === aa)
-    return x;
-  return null;
-}
-function bytesToBigIntBE(bytes) {
-  let value = 0n;
-  for (const byte of bytes)
-    value = value << 8n | BigInt(byte);
-  return value;
-}
-function bigIntToBytesBE(value, length) {
-  const out = new Uint8Array(length);
-  let v = value;
-  for (let i = length - 1;i >= 0; i -= 1) {
-    out[i] = Number(v & 0xffn);
-    v >>= 8n;
-  }
-  return out;
-}
-function sha256(...chunks) {
-  const hash = createHash("sha256");
-  for (const chunk of chunks)
-    hash.update(chunk);
-  return new Uint8Array(hash.digest());
-}
-function concatBytes(parts) {
-  const total = parts.reduce((sum, part) => sum + part.length, 0);
-  const out = new Uint8Array(total);
-  let cursor = 0;
-  for (const part of parts) {
-    out.set(part, cursor);
-    cursor += part.length;
-  }
-  return out;
-}
-function pointAdd(p, q) {
-  if (p === null)
-    return q;
-  if (q === null)
-    return p;
-  if (p.x === q.x) {
-    if (mod(p.y + q.y, P) === 0n)
-      return null;
-    return pointDouble(p);
-  }
-  const slope = mod((q.y - p.y) * modInv(mod(q.x - p.x, P)), P);
-  const x = mod(slope * slope - p.x - q.x, P);
-  const y = mod(slope * (p.x - x) - p.y, P);
-  return { x, y };
-}
-function pointDouble(p) {
-  if (p === null)
-    return null;
-  if (p.y === 0n)
-    return null;
-  const slope = mod((3n * p.x * p.x + A) * modInv(mod(2n * p.y, P)), P);
-  const x = mod(slope * slope - 2n * p.x, P);
-  const y = mod(slope * (p.x - x) - p.y, P);
-  return { x, y };
-}
-function scalarMul(scalar, point) {
-  let result = null;
-  let addend = point;
-  let k = scalar;
-  while (k > 0n) {
-    if (k & 1n)
-      result = pointAdd(result, addend);
-    addend = pointDouble(addend);
-    k >>= 1n;
-  }
-  return result;
-}
-function liftX(xWeier, parity) {
-  const x = mod(xWeier, P);
-  const rhs = mod(x * x * x + A * x + B, P);
-  const y0 = modSqrt(rhs);
-  if (y0 === null)
-    return null;
-  const y = Number(y0 & 1n) === (parity & 1) ? y0 : mod(-y0, P);
-  return { x, y };
-}
-function encodePoint(point) {
-  if (point === null) {
-    throw new Error("Cannot encode the EC-SRP5 point at infinity.");
-  }
-  const out = new Uint8Array(EC_SRP5_PUBKEY_LEN);
-  out.set(bigIntToBytesBE(mod(point.x + W2M, P), 32), 0);
-  out[32] = Number(point.y & 1n);
-  return out;
-}
-function decodePoint(key) {
-  if (key.length !== EC_SRP5_PUBKEY_LEN) {
-    throw new Error(`EC-SRP5 public key must be ${EC_SRP5_PUBKEY_LEN} bytes (got ${key.length}).`);
-  }
-  const xWeier = mod(bytesToBigIntBE(key.subarray(0, 32)) + M2W, P);
-  const point = liftX(xWeier, key[32]);
-  if (point === null) {
-    throw new Error("EC-SRP5 public key X is not a valid curve point.");
-  }
-  return point;
-}
-function ecSrp5Keygen(privBytes) {
-  const priv = privBytes ? Uint8Array.from(privBytes) : new Uint8Array(randomBytes(32));
-  if (priv.length !== 32) {
-    throw new Error("EC-SRP5 private key seed must be 32 bytes.");
-  }
-  priv[0] = priv[0] & 248;
-  priv[31] = priv[31] & 127;
-  priv[31] = priv[31] | 64;
-  const privateKey = bytesToBigIntBE(priv);
-  return { privateKey, publicKey: encodePoint(scalarMul(privateKey, G)) };
-}
-function ecSrp5Id(username, password, salt) {
-  const inner = sha256(new TextEncoder().encode(`${username}:${password}`));
-  return sha256(salt, inner);
-}
-function redp1(montgomeryX, parity) {
-  let seed = bytesToBigIntBE(sha256(montgomeryX));
-  for (;; ) {
-    const candidate = sha256(bigIntToBytesBE(seed, 32));
-    const xWeier = mod(bytesToBigIntBE(candidate) + M2W, P);
-    const point = liftX(xWeier, parity);
-    if (point !== null)
-      return point;
-    seed = mod(seed + 1n, 1n << 256n);
-  }
-}
-function ecSrp5ClientShared(privateKey, serverKey, clientKey, validator) {
-  const serverPoint = decodePoint(serverKey);
-  const v = bytesToBigIntBE(validator);
-  const vG = scalarMul(v, G);
-  if (vG === null) {
-    throw new Error("EC-SRP5 validator produced the point at infinity.");
-  }
-  const gamma = redp1(bigIntToBytesBE(mod(vG.x + W2M, P), 32), 1);
-  const wB = pointAdd(serverPoint, gamma);
-  const j = sha256(clientKey.subarray(0, 32), serverKey.subarray(0, 32));
-  const scalar = mod(v * bytesToBigIntBE(j) + privateKey, N);
-  const pt = scalarMul(scalar, wB);
-  if (pt === null) {
-    throw new Error("EC-SRP5 shared point computed as infinity.");
-  }
-  const z2 = bigIntToBytesBE(mod(pt.x + W2M, P), 32);
-  return { j, z: z2 };
-}
-function ecSrp5ClientProof(privateKey, serverKey, clientKey, validator) {
-  const { j, z: z2 } = ecSrp5ClientShared(privateKey, serverKey, clientKey, validator);
-  return sha256(j, z2);
-}
-// src/mac-telnet/mtwei.ts
-function mtweiOfferValue(username, publicKey) {
-  return concatBytes([new TextEncoder().encode(username), Uint8Array.of(0), publicKey]);
-}
-// src/mac-telnet/protocol.ts
-var MAC_TELNET_PORT = 20561;
-var MAC_TELNET_HEADER_LEN = 22;
-var MAC_TELNET_CONTROL_HEADER_LEN = 9;
-var MAC_TELNET_CONTROL_MAGIC = Uint8Array.of(86, 52, 18, 255);
-var MAC_TELNET_CLIENT_TYPE = Uint8Array.of(0, 21);
-var MAC_TELNET_RETRANSMIT_SCHEDULE_MS = [
-  15,
-  20,
-  30,
-  50,
-  90,
-  170,
-  330,
-  660,
-  1000
-];
-var MAC_TELNET_KEEPALIVE_IDLE_MS = 8000;
-var MacTelnetPacketType = {
-  sessionStart: 0,
-  data: 1,
-  ack: 2,
-  ping: 4,
-  pong: 5,
-  end: 255
-};
-var MacTelnetControlType = {
-  beginAuth: 0,
-  passwordSalt: 1,
-  password: 2,
-  username: 3,
-  terminalType: 4,
-  terminalWidth: 5,
-  terminalHeight: 6,
-  packetError: 7,
-  endAuth: 9
-};
-function parseMac(value) {
-  const parts = value.trim().split(/[:\-.]/);
-  if (parts.length !== 6) {
-    throw new Error(`"${value}" is not a 6-octet MAC address. Provide a MAC like aa:bb:cc:dd:ee:ff.`);
-  }
-  const octets = new Uint8Array(6);
-  for (let index = 0;index < 6; index += 1) {
-    const octet = Number.parseInt(parts[index], 16);
-    if (!Number.isInteger(octet) || octet < 0 || octet > 255) {
-      throw new Error(`"${value}" has an invalid octet "${parts[index]}". Each octet must be a two-digit hex value (00\u2013ff).`);
-    }
-    octets[index] = octet;
-  }
-  return octets;
-}
-function macEquals(a, b) {
-  if (a.length !== b.length)
-    return false;
-  for (let index = 0;index < a.length; index += 1) {
-    if (a[index] !== b[index])
-      return false;
-  }
-  return true;
-}
-function encodeHeader(options) {
-  const data = new Uint8Array(MAC_TELNET_HEADER_LEN);
-  const view = new DataView(data.buffer);
-  data[0] = 1;
-  data[1] = options.type;
-  data.set(options.sourceMac, 2);
-  data.set(options.destinationMac, 8);
-  const sessionKeyOffset = options.fromServer ? 16 : 14;
-  const clientTypeOffset = options.fromServer ? 14 : 16;
-  view.setUint16(sessionKeyOffset, options.sessionKey & 65535, false);
-  data.set(MAC_TELNET_CLIENT_TYPE, clientTypeOffset);
-  view.setUint32(18, options.counter >>> 0, false);
-  return data;
-}
-function decodeHeader(bytes, options = {}) {
-  if (bytes.length < MAC_TELNET_HEADER_LEN) {
-    throw new Error(`MAC-Telnet packet is too short (${bytes.length} bytes, need at least ${MAC_TELNET_HEADER_LEN}).`);
-  }
-  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
-  const fromServer = options.fromServer ?? true;
-  const sessionKeyOffset = fromServer ? 16 : 14;
-  return {
-    version: bytes[0],
-    type: bytes[1],
-    sourceMac: bytes.slice(2, 8),
-    destinationMac: bytes.slice(8, 14),
-    sessionKey: view.getUint16(sessionKeyOffset, false),
-    counter: view.getUint32(18, false)
-  };
-}
-function encodeControlBlock(type, value = new Uint8Array(0)) {
-  const block = new Uint8Array(MAC_TELNET_CONTROL_HEADER_LEN + value.length);
-  block.set(MAC_TELNET_CONTROL_MAGIC, 0);
-  block[4] = type;
-  new DataView(block.buffer).setUint32(5, value.length >>> 0, false);
-  block.set(value, MAC_TELNET_CONTROL_HEADER_LEN);
-  return block;
-}
-function parseControlBlocks(payload) {
-  const blocks = [];
-  let offset = 0;
-  while (offset < payload.length) {
-    const remaining = payload.length - offset;
-    const hasMagic = remaining >= MAC_TELNET_CONTROL_HEADER_LEN && payload[offset] === MAC_TELNET_CONTROL_MAGIC[0] && payload[offset + 1] === MAC_TELNET_CONTROL_MAGIC[1] && payload[offset + 2] === MAC_TELNET_CONTROL_MAGIC[2] && payload[offset + 3] === MAC_TELNET_CONTROL_MAGIC[3];
-    if (!hasMagic) {
-      blocks.push({ type: "plaindata", value: payload.slice(offset) });
-      break;
-    }
-    const type = payload[offset + 4];
-    const length = new DataView(payload.buffer, payload.byteOffset + offset + 5, 4).getUint32(0, false);
-    const valueStart = offset + MAC_TELNET_CONTROL_HEADER_LEN;
-    const valueEnd = valueStart + length;
-    if (valueEnd > payload.length) {
-      throw new Error(`MAC-Telnet control block claims ${length} bytes but only ${payload.length - valueStart} remain.`);
-    }
-    blocks.push({ type, value: payload.slice(valueStart, valueEnd) });
-    offset = valueEnd;
-  }
-  return blocks;
-}
-function macTelnetPasswordHash(password, salt) {
-  const digest = createHash2("md5").update(Buffer.from([0])).update(Buffer.from(password, "utf8")).update(salt).digest();
-  const out = new Uint8Array(17);
-  out[0] = 0;
-  out.set(digest, 1);
-  return out;
-}
-function encodeTerminalDimension(value) {
-  const out = new Uint8Array(2);
-  new DataView(out.buffer).setUint16(0, value & 65535, true);
-  return out;
-}
-function concatBytes2(parts) {
-  const total = parts.reduce((sum, part) => sum + part.length, 0);
-  const out = new Uint8Array(total);
-  let cursor = 0;
-  for (const part of parts) {
-    out.set(part, cursor);
-    cursor += part.length;
-  }
-  return out;
-}
-function buildPacket(options) {
-  const header = encodeHeader({
-    type: options.type,
-    sourceMac: options.sourceMac,
-    destinationMac: options.destinationMac,
-    sessionKey: options.sessionKey,
-    counter: options.counter
-  });
-  if (!options.payload || options.payload.length === 0)
-    return header;
-  return concatBytes2([header, options.payload]);
-}
-function createUdpMacTelnetTransport(options) {
-  const socket = createSocket({ type: "udp4", reuseAddr: true });
-  let handler;
-  socket.on("message", (message) => {
-    handler?.(new Uint8Array(message));
-  });
-  const readyPromise = new Promise((resolve, reject) => {
-    socket.once("error", reject);
-    socket.bind(0, () => {
-      if (options.broadcast) {
-        try {
-          socket.setBroadcast(true);
-        } catch {}
-      }
-      resolve();
-    });
-  });
-  return {
-    send(bytes) {
-      socket.send(bytes, options.port, options.host);
-    },
-    close() {
-      try {
-        socket.close();
-      } catch {}
-    },
-    onMessage(next) {
-      handler = next;
-    },
-    ready() {
-      return readyPromise;
-    }
-  };
-}
-function isZeroMac(mac) {
-  return mac.every((octet) => octet === 0);
-}
-function tryParseMac(value) {
-  if (!value)
-    return;
-  try {
-    return parseMac(value);
-  } catch {
-    return;
-  }
-}
-function hardwareMacOf(name) {
-  try {
-    const sys = readFileSync2(`/sys/class/net/${name}/address`, "utf8").trim();
-    const mac = tryParseMac(sys);
-    if (mac && !isZeroMac(mac))
-      return mac;
-  } catch {}
-  return;
-}
-function ipv4ToInt(addr) {
-  const parts = addr.split(".");
-  if (parts.length !== 4)
-    return;
-  let value = 0;
-  for (const part of parts) {
-    const octet = Number(part);
-    if (!Number.isInteger(octet) || octet < 0 || octet > 255)
-      return;
-    value = value << 8 | octet;
-  }
-  return value >>> 0;
-}
-function intToIpv4(value) {
-  return [24, 16, 8, 0].map((shift) => value >>> shift & 255).join(".");
-}
-function directedBroadcast(address, netmask) {
-  const addr = ipv4ToInt(address);
-  const mask = ipv4ToInt(netmask);
-  if (addr === undefined || mask === undefined)
-    return;
-  return intToIpv4((addr & mask | ~mask >>> 0) >>> 0);
-}
-function listBroadcastInterfaces() {
-  const out = [];
-  for (const [name, infos] of Object.entries(networkInterfaces())) {
-    for (const info of infos ?? []) {
-      if (info.family !== "IPv4" || info.internal)
-        continue;
-      let mac = tryParseMac(info.mac);
-      if (!mac || isZeroMac(mac))
-        mac = hardwareMacOf(name);
-      if (!mac || isZeroMac(mac))
-        continue;
-      const broadcast = directedBroadcast(info.address, info.netmask);
-      if (!broadcast)
-        continue;
-      out.push({ name, address: info.address, broadcast, mac });
-    }
-  }
-  return out;
-}
-async function egressAddressFor(host, port) {
-  return await new Promise((resolve) => {
-    const probe = createSocket("udp4");
-    const done = (addr) => {
-      try {
-        probe.close();
-      } catch {}
-      resolve(addr);
-    };
-    probe.on("error", () => done(undefined));
-    try {
-      probe.connect(port, host, () => {
-        try {
-          done(probe.address().address);
-        } catch {
-          done(undefined);
-        }
-      });
-    } catch {
-      done(undefined);
-    }
-  });
-}
-async function resolveEgressMac(host, port) {
-  const localAddr = await egressAddressFor(host, port);
-  if (!localAddr)
-    return;
-  for (const ifc of listBroadcastInterfaces()) {
-    if (ifc.address === localAddr)
-      return ifc.mac;
-  }
-  return;
-}
-async function discoverMacTelnetRoute(opts) {
-  const interfaces = listBroadcastInterfaces();
-  if (interfaces.length === 0)
-    return;
-  const sessionKey = opts.sessionKey ?? randomInt(65536);
-  return await new Promise((resolve) => {
-    const socket = createSocket({ type: "udp4", reuseAddr: true });
-    let settled = false;
-    const timers = [];
-    const finish = (route) => {
-      if (settled)
-        return;
-      settled = true;
-      for (const t of timers)
-        clearTimeout(t);
-      try {
-        socket.close();
-      } catch {}
-      resolve(route);
-    };
-    socket.on("error", () => finish(undefined));
-    socket.on("message", (message) => {
-      let header;
-      try {
-        header = decodeHeader(new Uint8Array(message), { fromServer: true });
-      } catch {
-        return;
-      }
-      if (header.version !== 1 || header.sessionKey !== sessionKey)
-        return;
-      if (header.type !== MacTelnetPacketType.ack && header.type !== MacTelnetPacketType.data) {
-        return;
-      }
-      if (!macEquals(header.sourceMac, opts.destinationMac))
-        return;
-      const winner = interfaces.find((ifc) => macEquals(ifc.mac, header.destinationMac));
-      if (winner)
-        finish({ sourceMac: winner.mac, host: winner.broadcast });
-    });
-    const spray = () => {
-      for (const ifc of interfaces) {
-        const packet = buildPacket({
-          type: MacTelnetPacketType.sessionStart,
-          sourceMac: ifc.mac,
-          destinationMac: opts.destinationMac,
-          sessionKey,
-          counter: 0
-        });
-        try {
-          socket.send(packet, opts.port, ifc.broadcast);
-        } catch {}
-      }
-    };
-    socket.bind(0, () => {
-      try {
-        socket.setBroadcast(true);
-      } catch {}
-      spray();
-      timers.push(setTimeout(spray, 250));
-      timers.push(setTimeout(spray, 700));
-      timers.push(setTimeout(() => finish(undefined), opts.timeoutMs));
-    });
-  });
-}
-var DEFAULT_MAC_TELNET_BROADCAST = "255.255.255.255";
-function randomLocalMac() {
-  const octets = new Uint8Array(randomBytes2(6));
-  octets[0] = octets[0] & 254 | 2;
-  return octets;
-}
-function isBroadcastHost(host) {
-  return host === DEFAULT_MAC_TELNET_BROADCAST || host.endsWith(".255");
-}
-async function resolveMacTelnetRoute(config) {
-  if (config.explicitSourceMac) {
-    return { sourceMac: config.explicitSourceMac, host: config.host };
-  }
-  if (config.host === DEFAULT_MAC_TELNET_BROADCAST) {
-    const route = await discoverMacTelnetRoute({
-      destinationMac: config.destinationMac,
-      port: config.port,
-      timeoutMs: Math.min(config.timeoutMs, 5000)
-    });
-    if (route)
-      return route;
-  }
-  const sourceMac = await resolveEgressMac(config.host, config.port) ?? randomLocalMac();
-  return { sourceMac, host: config.host };
-}
-class MacTelnetSession {
-  options;
-  sessionKey;
-  state = "init";
-  outCounter = 0;
-  lastInCounter = null;
-  mtweiKeypair;
-  lastAckCounter = 0;
-  maxOutAck = -1;
-  pending;
-  activitySinceTick = false;
-  idleMs = 0;
-  lastTickMs;
-  constructor(options) {
-    this.options = options;
-    this.sessionKey = options.sessionKey ?? randomInt(65536);
-  }
-  get key() {
-    return this.sessionKey;
-  }
-  start() {
-    if (this.state !== "init")
-      return;
-    const bytes = this.sendPacket(MacTelnetPacketType.sessionStart);
-    this.pending = { bytes, ackTarget: 0, attempts: 0, elapsedMs: 0 };
-    this.state = "session-start-sent";
-  }
-  handlePacket(bytes) {
-    if (this.state === "closed")
-      return;
-    let header;
-    try {
-      header = decodeHeader(bytes, { fromServer: true });
-    } catch {
-      return;
-    }
-    switch (header.type) {
-      case MacTelnetPacketType.ack:
-        if (this.matchesSession(header))
-          this.onAck(header);
-        return;
-      case MacTelnetPacketType.data:
-        if (this.matchesSession(header))
-          this.onDataPacket(header, bytes);
-        return;
-      case MacTelnetPacketType.end:
-        if (this.matchesSession(header))
-          this.onEnd(header);
-        return;
-      case MacTelnetPacketType.ping:
-        if (header.version === 1 && macEquals(header.destinationMac, this.options.sourceMac)) {
-          this.onPing(header);
-        }
-    }
-  }
-  matchesSession(header) {
-    return header.version === 1 && header.sessionKey === this.sessionKey && macEquals(header.sourceMac, this.options.destinationMac) && macEquals(header.destinationMac, this.options.sourceMac);
-  }
-  onPing(header) {
-    this.activitySinceTick = true;
-    this.emit(encodeHeader({
-      type: MacTelnetPacketType.pong,
-      sourceMac: this.options.sourceMac,
-      destinationMac: this.options.destinationMac,
-      sessionKey: header.sessionKey,
-      counter: header.counter
-    }));
-  }
-  onAck(header) {
-    this.activitySinceTick = true;
-    this.maxOutAck = Math.max(this.maxOutAck, header.counter);
-    if (this.pending && this.maxOutAck >= this.pending.ackTarget) {
-      this.pending = undefined;
-    }
-    if (this.state !== "session-start-sent")
-      return;
-    const blocks = [encodeControlBlock(MacTelnetControlType.beginAuth)];
-    if (this.options.offerMtwei !== false) {
-      this.mtweiKeypair = ecSrp5Keygen();
-      blocks.push(encodeControlBlock(MacTelnetControlType.passwordSalt, mtweiOfferValue(this.identityUsername(), this.mtweiKeypair.publicKey)));
-    }
-    this.sendData(blocks);
-    this.state = "auth-begin-sent";
-  }
-  identityUsername() {
-    return this.options.username.split("+", 1)[0] ?? this.options.username;
-  }
-  onDataPacket(header, bytes) {
-    this.activitySinceTick = true;
-    const payload = bytes.subarray(MAC_TELNET_HEADER_LEN);
-    this.acknowledge(header.counter, payload.length);
-    if (!this.acceptCounter(header.counter))
-      return;
-    let blocks;
-    try {
-      blocks = parseControlBlocks(payload);
-    } catch (error) {
-      this.fail(error);
-      return;
-    }
-    for (const block of blocks)
-      this.handleControlBlock(block);
-  }
-  handleControlBlock(block) {
-    switch (block.type) {
-      case MacTelnetControlType.passwordSalt:
-        this.handlePasswordSalt(block.value);
-        return;
-      case MacTelnetControlType.endAuth:
-        if (this.state === "auth-sent") {
-          this.state = "auth-complete";
-        }
-        return;
-      case "plaindata":
-        this.handleTerminalData(block.value);
-        return;
-      case MacTelnetControlType.packetError:
-        this.fail(new Error(`The device reported a MAC-Telnet error: ${new TextDecoder().decode(block.value)}. ` + "Check the credentials and that MAC-Telnet is enabled on the device."));
-    }
-  }
-  handleTerminalData(data) {
-    if (this.state === "auth-complete") {
-      if (/login failed/i.test(new TextDecoder().decode(data))) {
-        this.fail(new Error("MAC-Telnet login failed: incorrect username or password."));
-        return;
-      }
-      this.state = "ready";
-      this.options.onReady?.();
-      if (data.length > 0)
-        this.options.onData?.(data);
-      return;
-    }
-    if (this.state === "ready" && data.length > 0)
-      this.options.onData?.(data);
-  }
-  handlePasswordSalt(salt) {
-    if (this.state !== "auth-begin-sent")
-      return;
-    let passwordValue;
-    if (salt.length === 16) {
-      passwordValue = macTelnetPasswordHash(this.options.password, salt);
-    } else if (salt.length === EC_SRP5_PUBKEY_LEN + 16) {
-      if (!this.mtweiKeypair) {
-        this.fail(new Error("The device requires MTWEI but this session did not offer it. " + "Leave MTWEI enabled (the default) so the client advertises a public key."));
-        return;
-      }
-      const serverKey = salt.subarray(0, EC_SRP5_PUBKEY_LEN);
-      const mtweiSalt = salt.subarray(EC_SRP5_PUBKEY_LEN);
-      const validator = ecSrp5Id(this.identityUsername(), this.options.password, mtweiSalt);
-      passwordValue = ecSrp5ClientProof(this.mtweiKeypair.privateKey, serverKey, this.mtweiKeypair.publicKey, validator);
-    } else {
-      this.fail(new Error(`The device offered an unsupported MAC-Telnet salt length (${salt.length}). ` + "Expected 16 (MD5) or 49 (MTWEI); confirm the device and RouterOS version."));
-      return;
-    }
-    const username = new TextEncoder().encode(this.options.username);
-    const terminalType = new TextEncoder().encode(this.options.terminalType ?? "vt102");
-    const blocks = [
-      encodeControlBlock(MacTelnetControlType.password, passwordValue),
-      encodeControlBlock(MacTelnetControlType.username, username),
-      encodeControlBlock(MacTelnetControlType.terminalType, terminalType),
-      encodeControlBlock(MacTelnetControlType.terminalWidth, encodeTerminalDimension(this.options.terminalWidth ?? 80)),
-      encodeControlBlock(MacTelnetControlType.terminalHeight, encodeTerminalDimension(this.options.terminalHeight ?? 24))
-    ];
-    this.sendData(blocks);
-    this.state = "auth-sent";
-  }
-  onEnd(header) {
-    this.emit(encodeHeader({
-      type: MacTelnetPacketType.end,
-      sourceMac: this.options.sourceMac,
-      destinationMac: this.options.destinationMac,
-      sessionKey: header.sessionKey,
-      counter: 0
-    }));
-    if (this.state === "auth-complete") {
-      this.fail(new Error("MAC-Telnet login failed: the device closed the session after authentication. " + "Check the credentials configured for this device."));
-      return;
-    }
-    this.close();
-  }
-  sendInput(bytes) {
-    if (this.state !== "ready") {
-      throw new Error("Cannot send input before the MAC-Telnet session is ready.");
-    }
-    this.sendData([bytes]);
-  }
-  end() {
-    if (this.state === "closed")
-      return;
-    this.emit(encodeHeader({
-      type: MacTelnetPacketType.end,
-      sourceMac: this.options.sourceMac,
-      destinationMac: this.options.destinationMac,
-      sessionKey: this.sessionKey,
-      counter: this.outCounter
-    }));
-    this.close();
-  }
-  close(error) {
-    if (this.state === "closed")
-      return;
-    this.state = "closed";
-    this.pending = undefined;
-    this.options.sink.close();
-    this.options.onClose?.(error);
-  }
-  fail(error) {
-    this.close(error);
-  }
-  emit(bytes) {
-    try {
-      this.options.sink.send(bytes);
-    } catch {}
-  }
-  acceptCounter(counter) {
-    if (this.lastInCounter === null) {
-      this.lastInCounter = counter;
-      return true;
-    }
-    if (counter > this.lastInCounter) {
-      this.lastInCounter = counter;
-      return true;
-    }
-    return false;
-  }
-  acknowledge(counter, payloadLength) {
-    this.lastAckCounter = counter + payloadLength >>> 0;
-    this.activitySinceTick = true;
-    this.emit(encodeHeader({
-      type: MacTelnetPacketType.ack,
-      sourceMac: this.options.sourceMac,
-      destinationMac: this.options.destinationMac,
-      sessionKey: this.sessionKey,
-      counter: this.lastAckCounter
-    }));
-  }
-  sendPacket(type, payload) {
-    const bytes = buildPacket({
-      type,
-      sourceMac: this.options.sourceMac,
-      destinationMac: this.options.destinationMac,
-      sessionKey: this.sessionKey,
-      counter: this.outCounter,
-      payload
-    });
-    this.activitySinceTick = true;
-    this.emit(bytes);
-    return bytes;
-  }
-  sendData(parts) {
-    const payload = concatBytes2(parts);
-    const bytes = this.sendPacket(MacTelnetPacketType.data, payload);
-    this.outCounter = this.outCounter + payload.length >>> 0;
-    this.pending = {
-      bytes,
-      ackTarget: this.outCounter,
-      attempts: 0,
-      elapsedMs: 0
-    };
-  }
-  tick(nowMs) {
-    if (this.state === "closed")
-      return;
-    const delta = this.lastTickMs === undefined ? 0 : Math.max(0, nowMs - this.lastTickMs);
-    this.lastTickMs = nowMs;
-    if (this.activitySinceTick) {
-      this.idleMs = 0;
-      this.activitySinceTick = false;
-    } else {
-      this.idleMs += delta;
-    }
-    if (this.idleMs >= MAC_TELNET_KEEPALIVE_IDLE_MS) {
-      this.sendKeepalive();
-      this.idleMs = 0;
-    }
-    const pending = this.pending;
-    if (pending && pending.attempts < MAC_TELNET_RETRANSMIT_SCHEDULE_MS.length) {
-      pending.elapsedMs += delta;
-      const wait = MAC_TELNET_RETRANSMIT_SCHEDULE_MS[pending.attempts];
-      if (pending.elapsedMs >= wait) {
-        this.emit(pending.bytes);
-        pending.attempts += 1;
-        pending.elapsedMs = 0;
-      }
-    }
-  }
-  sendKeepalive() {
-    this.emit(encodeHeader({
-      type: MacTelnetPacketType.ack,
-      sourceMac: this.options.sourceMac,
-      destinationMac: this.options.destinationMac,
-      sessionKey: this.sessionKey,
-      counter: this.lastAckCounter
-    }));
-  }
-}
 // src/mac-telnet/console.ts
+import { MacTelnetSession } from "@tikoci/centrs/protocols";
 var ESC = "\x1B";
 var enc = new TextEncoder;
 var ANSI_CSI = new RegExp(`${ESC}\\[[0-9;?]*[ -/]*[@-~]`, "g");
@@ -1384,6 +512,15 @@ class MacTelnetConsole {
 }
 // src/mac-telnet/client.ts
+import {
+  DEFAULT_MAC_TELNET_BROADCAST,
+  isBroadcastHost,
+  MAC_TELNET_PORT,
+  createUdpMacTelnetTransport,
+  parseMac,
+  resolveMacTelnetRoute
+} from "@tikoci/centrs/protocols";
 class MikroTikMacTelnetClient {
   transport = null;
   console = null;
@@ -1456,7 +593,7 @@ class MikroTikMacTelnetClient {
 }
 // src/ssh/client.ts
-import { readFileSync as readFileSync3 } from "fs";
+import { readFileSync as readFileSync2 } from "fs";
 import { Client } from "ssh2";
 function decodeOutput(data) {
   if (!data || data.length === 0)
@@ -1491,7 +628,7 @@ class MikroTikSSHClient {
         cfg.privateKey = this.opts.privateKey;
       } else if (this.opts.keyFilename) {
         try {
-          cfg.privateKey = readFileSync3(this.opts.keyFilename);
+          cfg.privateKey = readFileSync2(this.opts.keyFilename);
         } catch (e) {
           this.lastError = `could not read key file ${this.opts.keyFilename}: ${e instanceof Error ? e.message : String(e)}`;
           logger.error(`Failed to read SSH key file ${this.opts.keyFilename}: ${String(e)}`);
@@ -2350,8 +1487,8 @@ function defineTool(def) {
 function registerTools(server, modules, opts = {}) {
   let count = 0;
   const seen = new Set;
-  for (const mod2 of modules) {
-    for (const tool of mod2) {
+  for (const mod of modules) {
+    for (const tool of mod) {
       if (seen.has(tool.name)) {
         throw new Error(`Duplicate tool name registered: ${tool.name}`);
       }
@@ -2486,7 +1623,7 @@ ${result}`;
 ];
 // src/core/ui-resources.ts
-import { readFileSync as readFileSync4 } from "fs";
+import { readFileSync as readFileSync3 } from "fs";
 import { join as join3 } from "path";
 import { registerAppResource, RESOURCE_MIME_TYPE } from "@modelcontextprotocol/ext-apps/server";
@@ -2533,7 +1670,7 @@ function registerUiResources(server) {
     registerAppResource(server, view.name, uri, { description: view.description, mimeType: RESOURCE_MIME_TYPE }, () => {
       let html;
       try {
-        html = readFileSync4(file, "utf8");
+        html = readFileSync3(file, "utf8");
       } catch {
         html = placeholderHtml(view);
       }
@@ -18499,19 +17636,74 @@ var moduleCatalog = [
 var allToolModules = moduleCatalog.map((m) => m.tools);
 // src/observability/dashboard.ts
-import { readFileSync as readFileSync5 } from "fs";
+import { readFileSync as readFileSync4 } from "fs";
 import { join as join4 } from "path";
 var {serve } = globalThis.Bun;
 // src/observability/health.ts
+var HISTORY_CAP = 60;
 var statuses = new Map;
+var histories = new Map;
 var timer = null;
 var inFlight = false;
 var UNKNOWN = { reachable: null, checkedAt: null, latencyMs: null };
 function getDeviceStatus(name) {
   return statuses.get(name) ?? UNKNOWN;
 }
+function getDeviceHistory(name) {
+  return histories.get(name) ?? [];
+}
+function pushHistory(name, sample) {
+  const arr = histories.get(name) ?? [];
+  arr.push(sample);
+  if (arr.length > HISTORY_CAP)
+    arr.splice(0, arr.length - HISTORY_CAP);
+  histories.set(name, arr);
+}
+function parseSize(s) {
+  if (!s)
+    return;
+  const m = s.trim().match(/^([\d.]+)\s*([KMGT]i?B|B)?$/i);
+  if (!m)
+    return;
+  const val = Number.parseFloat(m[1]);
+  if (!Number.isFinite(val))
+    return;
+  const mult = {
+    B: 1,
+    KIB: 1024,
+    MIB: 1024 ** 2,
+    GIB: 1024 ** 3,
+    TIB: 1024 ** 4,
+    KB: 1000,
+    MB: 1e6,
+    GB: 1e9,
+    TB: 1000000000000
+  };
+  return val * (mult[(m[2] ?? "B").toUpperCase()] ?? 1);
+}
+function parsePercent(s) {
+  if (!s)
+    return;
+  const m = s.trim().match(/^([\d.]+)\s*%?$/);
+  return m ? Number.parseFloat(m[1]) : undefined;
+}
+function usedPct(total, free) {
+  if (total == null || free == null || total <= 0)
+    return;
+  return Math.max(0, Math.min(100, (total - free) / total * 100));
+}
 async function probeDevice(name, dc) {
+  if (dc.mac) {
+    const status2 = {
+      reachable: null,
+      checkedAt: Date.now(),
+      latencyMs: null,
+      error: "MAC-Telnet device \u2014 reachability is verified on tool use, not background-probed."
+    };
+    statuses.set(name, status2);
+    return status2;
+  }
   const client = createDeviceClient({
     ...dc,
     timeoutMs: Math.min(dc.timeoutMs ?? 1e4, 8000)
@@ -18529,14 +17721,42 @@ async function probeDevice(name, dc) {
       };
     } else {
       const identity = parseKeyValues(await client.run("/system identity print")).name;
-      const version = parseKeyValues(await client.run("/system resource print")).version;
+      const r = parseKeyValues(await client.run("/system resource print"));
+      const checkedAt = Date.now();
+      const latencyMs = checkedAt - t0;
+      const totalMemory = parseSize(r["total-memory"]);
+      const freeMemory = parseSize(r["free-memory"]);
+      const totalHdd = parseSize(r["total-hdd-space"]);
+      const freeHdd = parseSize(r["free-hdd-space"]);
+      const cpuLoad = parsePercent(r["cpu-load"]);
+      const memUsedPct = usedPct(totalMemory, freeMemory);
+      const hddUsedPct = usedPct(totalHdd, freeHdd);
+      const cpuCount = Number.parseInt(r["cpu-count"] ?? "", 10);
       status = {
         reachable: true,
-        checkedAt: Date.now(),
-        latencyMs: Date.now() - t0,
+        checkedAt,
+        latencyMs,
         identity,
-        version
+        version: r.version,
+        boardName: r["board-name"] || undefined,
+        architecture: r["architecture-name"] || undefined,
+        cpuCount: Number.isFinite(cpuCount) ? cpuCount : undefined,
+        cpuLoad,
+        freeMemory,
+        totalMemory,
+        memUsedPct,
+        freeHdd,
+        totalHdd,
+        hddUsedPct,
+        uptime: r.uptime || undefined
       };
+      pushHistory(name, {
+        ts: checkedAt,
+        cpuLoad: cpuLoad ?? null,
+        memUsedPct: memUsedPct ?? null,
+        hddUsedPct: hddUsedPct ?? null,
+        latencyMs
+      });
     }
   } catch (e) {
     status = {
@@ -18695,6 +17915,28 @@ class SqliteEventStore {
     const r = this.db.query("SELECT COUNT(*) AS n FROM events").get();
     return r.n;
   }
+  delete(ids) {
+    if (ids.length === 0)
+      return 0;
+    let removed = 0;
+    const CHUNK = 500;
+    for (let i = 0;i < ids.length; i += CHUNK) {
+      const chunk = ids.slice(i, i + CHUNK);
+      const placeholders = chunk.map((_, j) => `$id${j}`).join(",");
+      const params = {};
+      chunk.forEach((id, j) => {
+        params[`$id${j}`] = id;
+      });
+      const res = this.db.query(`DELETE FROM events WHERE id IN (${placeholders})`).run(params);
+      removed += Number(res.changes ?? 0);
+    }
+    return removed;
+  }
+  clear() {
+    const n = this.total();
+    this.db.run("DELETE FROM events");
+    return n;
+  }
   prune(maxEvents2) {
     const n = this.total();
     if (n <= maxEvents2)
@@ -18819,7 +18061,7 @@ function json(body, status = 200) {
 }
 function dashboardHtml() {
   try {
-    return readFileSync5(join4(UI_DIST_DIR, "observability.html"), "utf8");
+    return readFileSync4(join4(UI_DIST_DIR, "observability.html"), "utf8");
   } catch {
     return `<!doctype html><meta charset=utf-8><body style="font:14px system-ui;padding:24px;background:#0b0d10;color:#e8eaed">
 <h2>MikroTik MCP \u2014 Observability Dashboard</h2>
@@ -18866,7 +18108,12 @@ function deviceActivity(store2) {
   for (const e of recent) {
     if (!e.device)
       continue;
-    const a = map.get(e.device) ?? { calls: 0, errors: 0, lastSeen: 0, sumMs: 0 };
+    const a = map.get(e.device) ?? {
+      calls: 0,
+      errors: 0,
+      lastSeen: 0,
+      sumMs: 0
+    };
     a.calls++;
     if (e.isError)
       a.errors++;
@@ -18892,12 +18139,21 @@ function devicesPayload(store2) {
     name,
     host: dc.host,
     port: dc.port,
+    mac: dc.mac,
+    transport: dc.mac ? "mac-telnet" : "ssh",
+    address: dc.mac ? dc.mac : `${dc.host}:${dc.port}`,
     username: dc.username,
-    authMode: dc.keyFilename || dc.privateKey ? "key" : dc.password ? "password" : "none",
+    authMode: dc.mac ? "mac-telnet" : dc.keyFilename || dc.privateKey ? "key" : dc.password ? "password" : "none",
     isDefault: name === cfg.defaultDevice,
     description: dc.description,
     status: getDeviceStatus(name),
-    activity: activity.get(name) ?? { calls: 0, errors: 0, lastSeen: 0, avgMs: 0 }
+    history: getDeviceHistory(name),
+    activity: activity.get(name) ?? {
+      calls: 0,
+      errors: 0,
+      lastSeen: 0,
+      avgMs: 0
+    }
   }));
   return { server: SERVER_TAG, defaultDevice: cfg.defaultDevice, devices };
 }
@@ -18972,7 +18228,7 @@ async function runDashboard(cfg, transportLabel) {
     hostname: cfg.host,
     port: cfg.port,
     idleTimeout: 0,
-    fetch(req, srv) {
+    async fetch(req, srv) {
       const url = new URL(req.url);
       if (url.pathname === "/health")
         return new Response("OK");
@@ -18990,6 +18246,15 @@ async function runDashboard(cfg, transportLabel) {
       const db = getEventStore();
       if (!db)
         return json({ error: "recorder not active" }, 503);
+      if (url.pathname === "/api/events" && req.method === "DELETE") {
+        let body = {};
+        try {
+          body = await req.json();
+        } catch {}
+        const ids = Array.isArray(body.ids) ? body.ids.filter((x) => typeof x === "string") : [];
+        const removed = body.all === true ? db.clear() : db.delete(ids);
+        return json({ removed, total: db.total() });
+      }
       if (url.pathname === "/api/devices") {
         return json(devicesPayload(db));
       }
@@ -19104,7 +18369,7 @@ function corsHeaders(origin, configured) {
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 // src/prompts/index.ts
-import { readFileSync as readFileSync6, readdirSync } from "fs";
+import { readFileSync as readFileSync5, readdirSync } from "fs";
 import { join as join5 } from "path";
 import { z as z87 } from "zod";
 function parseFrontmatter(raw) {
@@ -19176,7 +18441,7 @@ function registerPrompts(server) {
   for (const file of files) {
     let parsed;
     try {
-      parsed = parseFrontmatter(readFileSync6(join5(PROMPTS_DIR, file), "utf8"));
+      parsed = parseFrontmatter(readFileSync5(join5(PROMPTS_DIR, file), "utf8"));
     } catch (e) {
       logger.warn(`Skipping prompt ${file}: ${String(e)}`);
       continue;
@@ -19208,7 +18473,7 @@ function registerPrompts(server) {
 // package.json
 var package_default = {
   name: "@usex/mikrotik-mcp",
-  version: "2.2.0",
+  version: "2.4.0",
   description: "Bun-native MCP server for MikroTik RouterOS \u2014 200+ tools over SSH for firewall, NAT, routing, DHCP, DNS, WireGuard, wireless, QoS and more.",
   keywords: [
     "ai",
@@ -19282,6 +18547,7 @@ var package_default = {
   dependencies: {
     "@modelcontextprotocol/ext-apps": "^1.7.4",
     "@modelcontextprotocol/sdk": "^1.29.0",
+    "@tikoci/centrs": "^0.1.0",
     ssh2: "^1.17.0",
     zod: "^4.4.3"
   },
@@ -19525,8 +18791,8 @@ function warnIfPlaintextPasswordInContainer(anyPassword) {
 function listTools() {
   const risk = (a) => a.readOnlyHint ? "READ" : a.destructiveHint ? "DESTRUCTIVE" : "WRITE";
   let total = 0;
-  for (const mod2 of allToolModules) {
-    for (const t of mod2) {
+  for (const mod of allToolModules) {
+    for (const t of mod) {
       total++;
       process.stdout.write(`${risk(t.annotations).padEnd(12)} ${t.name.padEnd(34)} ${t.title}
 `);