@xiaoyankonling/ssh-mcp 2.0.0

package/build/index.js

@@ -0,0 +1,145 @@
+#!/usr/bin/env node
+import { readFile } from 'fs/promises';
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { ErrorCode, McpError } from '@modelcontextprotocol/sdk/types.js';
+import { determineStartupMode, parseArgv, resolveRuntimeOptions, } from './cli/args.js';
+import { resolveKeyPath } from './config/loader.js';
+import { ProfileManager } from './profile/profile-manager.js';
+import { DEFAULT_MAX_CHARS, DEFAULT_TIMEOUT_MS, sanitizeCommand, sanitizePassword, } from './ssh/command-utils.js';
+import { SSHConnectionManager, execSshCommand, execSshCommandWithConnection, } from './ssh/connection-manager.js';
+import { registerExecTool } from './tools/exec.js';
+import { registerProfileTools } from './tools/profiles.js';
+import { registerSudoExecTool } from './tools/sudo-exec.js';
+const isTestMode = process.env.SSH_MCP_TEST === '1';
+const isCliEnabled = process.env.SSH_MCP_DISABLE_MAIN !== '1';
+const shouldBootServer = isCliEnabled || isTestMode;
+const argvConfig = shouldBootServer ? parseArgv() : {};
+const server = new McpServer({
+    name: 'SSH MCP Server',
+    version: '1.5.0',
+    capabilities: {
+        resources: {},
+        tools: {},
+    },
+});
+let startupMode = null;
+let profileManager = null;
+let connectionManager = null;
+let initialRuntimeOptions = {
+    timeoutMs: DEFAULT_TIMEOUT_MS,
+    maxChars: DEFAULT_MAX_CHARS,
+    disableSudo: false,
+};
+function getRuntimeOptions() {
+    if (profileManager) {
+        return resolveRuntimeOptions(argvConfig, profileManager.getDefaults());
+    }
+    return initialRuntimeOptions;
+}
+async function closeConnectionManager() {
+    if (!connectionManager)
+        return;
+    connectionManager.close();
+    connectionManager = null;
+}
+async function buildSshConfig(mode) {
+    if (!profileManager) {
+        throw new McpError(ErrorCode.InternalError, 'Profile mode not initialized');
+    }
+    const profile = profileManager.getActiveProfile();
+    const sshConfig = {
+        host: profile.host,
+        port: profile.port,
+        username: profile.user,
+    };
+    if (profile.auth.type === 'password') {
+        sshConfig.password = sanitizePassword(profile.auth.password);
+    }
+    else {
+        const keyPath = resolveKeyPath(profile.auth.keyPath, profileManager.getConfigPath());
+        sshConfig.privateKey = await readFile(keyPath, 'utf8');
+    }
+    if (profile.suPassword !== undefined) {
+        sshConfig.suPassword = sanitizePassword(profile.suPassword);
+    }
+    if (profile.sudoPassword !== undefined) {
+        sshConfig.sudoPassword = sanitizePassword(profile.sudoPassword);
+    }
+    return sshConfig;
+}
+async function getConnectionManager() {
+    if (!startupMode) {
+        throw new McpError(ErrorCode.InternalError, 'Server startup mode is not initialized');
+    }
+    if (connectionManager) {
+        return connectionManager;
+    }
+    const sshConfig = await buildSshConfig(startupMode);
+    connectionManager = new SSHConnectionManager(sshConfig);
+    return connectionManager;
+}
+async function initializeRuntime() {
+    startupMode = determineStartupMode(argvConfig);
+    profileManager = new ProfileManager(startupMode.configPath, startupMode.profileIdOverride);
+    await profileManager.initialize();
+    initialRuntimeOptions = resolveRuntimeOptions(argvConfig, profileManager.getDefaults());
+}
+function registerTools() {
+    registerExecTool(server, {
+        getConnectionManager,
+        getRuntimeOptions,
+    });
+    if (!getRuntimeOptions().disableSudo) {
+        registerSudoExecTool(server, {
+            getConnectionManager,
+            getRuntimeOptions,
+        });
+    }
+    if (profileManager) {
+        registerProfileTools(server, {
+            profileManager,
+            onTargetChanged: closeConnectionManager,
+        });
+    }
+}
+async function bootstrapServer() {
+    await initializeRuntime();
+    registerTools();
+}
+async function runMain() {
+    await bootstrapServer();
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    console.error('SSH MCP Server running on stdio');
+    const cleanup = () => {
+        closeConnectionManager()
+            .catch(() => undefined)
+            .finally(() => process.exit(0));
+    };
+    process.on('SIGINT', cleanup);
+    process.on('SIGTERM', cleanup);
+    process.on('exit', () => {
+        if (connectionManager) {
+            connectionManager.close();
+        }
+    });
+}
+if (isTestMode) {
+    bootstrapServer()
+        .then(async () => {
+        const transport = new StdioServerTransport();
+        await server.connect(transport);
+    })
+        .catch((error) => {
+        console.error('Fatal error connecting server:', error);
+        process.exit(1);
+    });
+}
+else if (isCliEnabled) {
+    runMain().catch((error) => {
+        console.error('Fatal error in main():', error);
+        closeConnectionManager().finally(() => process.exit(1));
+    });
+}
+export { parseArgv, sanitizeCommand, SSHConnectionManager, execSshCommandWithConnection, execSshCommand, };

package/build/profile/profile-manager.js

@@ -0,0 +1,385 @@
+import { loadProfilesConfig, profileSummary, saveRawProfilesConfig, validateRawProfilesConfig, } from '../config/loader.js';
+import { profileSchema } from '../config/types.js';
+import { chmod, mkdir, readFile, writeFile } from 'fs/promises';
+import path from 'path';
+import { randomUUID } from 'crypto';
+function hasProfile(profiles, profileId) {
+    return profiles.some((profile) => profile.id === profileId);
+}
+function assertObject(value, message) {
+    if (!value || typeof value !== 'object' || Array.isArray(value)) {
+        throw new Error(message);
+    }
+}
+function cloneRawConfig(rawConfig) {
+    return JSON.parse(JSON.stringify(rawConfig));
+}
+function sanitizeBackupReason(reason) {
+    const sanitized = reason
+        .replace(/[^a-zA-Z0-9._-]+/g, '_')
+        .replace(/\.\.+/g, '_')
+        .replace(/_+/g, '_')
+        .replace(/^_+|_+$/g, '');
+    if (sanitized.length === 0)
+        return 'backup';
+    return sanitized.slice(0, 80);
+}
+function readPersistedActiveProfileId(rawConfig, fallback) {
+    const rawActive = rawConfig.activeProfile;
+    if (typeof rawActive === 'string' && rawActive.trim().length > 0) {
+        return rawActive;
+    }
+    return fallback;
+}
+function toShortNote(input) {
+    const normalized = input.replace(/\s+/g, ' ').trim();
+    if (normalized.length <= 120)
+        return normalized;
+    return `${normalized.slice(0, 117)}...`;
+}
+function defaultNoteForProfile(input) {
+    if (input.note && input.note.trim().length > 0) {
+        return toShortNote(input.note);
+    }
+    const hints = [];
+    if (input.contextSummary && input.contextSummary.trim().length > 0) {
+        hints.push(input.contextSummary.trim());
+    }
+    if (input.tags && input.tags.length > 0) {
+        hints.push(`tags:${input.tags.join(',')}`);
+    }
+    hints.push(`${input.name}(${input.host})`);
+    return toShortNote(hints.join(' | '));
+}
+export class ProfileManager {
+    loadedConfig = null;
+    activeProfileId = null;
+    profileOverride;
+    configPath;
+    pendingDeletes = new Map();
+    constructor(configPath, profileOverride) {
+        this.configPath = configPath;
+        this.profileOverride = profileOverride;
+    }
+    async initialize() {
+        const loaded = await loadProfilesConfig(this.configPath);
+        this.loadedConfig = loaded;
+        this.activeProfileId = this.pickActiveProfileId(loaded, this.profileOverride);
+    }
+    ensureLoaded() {
+        if (!this.loadedConfig || !this.activeProfileId) {
+            throw new Error('ProfileManager is not initialized');
+        }
+        return this.loadedConfig;
+    }
+    pickActiveProfileId(loaded, preferred) {
+        const candidates = [preferred, this.profileOverride, loaded.config.activeProfile];
+        for (const candidate of candidates) {
+            if (!candidate)
+                continue;
+            if (hasProfile(loaded.config.profiles, candidate)) {
+                return candidate;
+            }
+        }
+        throw new Error('Unable to resolve an active profile from configuration');
+    }
+    getRawProfiles(rawConfig) {
+        const rawProfiles = rawConfig.profiles;
+        if (!Array.isArray(rawProfiles)) {
+            throw new Error('Invalid raw config: profiles is not an array');
+        }
+        for (const item of rawProfiles) {
+            assertObject(item, 'Invalid raw profile item');
+        }
+        return rawProfiles;
+    }
+    findRawProfile(rawConfig, profileId) {
+        const rawProfiles = this.getRawProfiles(rawConfig);
+        return rawProfiles.find((item) => item.id === profileId);
+    }
+    async persistRawConfig(rawConfig, preferredActiveId) {
+        const currentLoaded = this.ensureLoaded();
+        const parsedConfig = await validateRawProfilesConfig(rawConfig, this.configPath);
+        const nextLoaded = {
+            ...currentLoaded,
+            rawConfig,
+            config: parsedConfig,
+        };
+        await saveRawProfilesConfig(nextLoaded);
+        this.loadedConfig = nextLoaded;
+        this.activeProfileId = this.pickActiveProfileId(nextLoaded, preferredActiveId ?? this.activeProfileId ?? undefined);
+    }
+    getConfigPath() {
+        return this.configPath;
+    }
+    getActiveProfileId() {
+        this.ensureLoaded();
+        return this.activeProfileId;
+    }
+    getActiveProfile() {
+        const loaded = this.ensureLoaded();
+        const activeId = this.activeProfileId;
+        const profile = loaded.config.profiles.find((item) => item.id === activeId);
+        if (!profile) {
+            throw new Error(`Active profile "${activeId}" not found`);
+        }
+        return profile;
+    }
+    getDefaults() {
+        const loaded = this.ensureLoaded();
+        return loaded.config.defaults ?? {};
+    }
+    listProfiles() {
+        const loaded = this.ensureLoaded();
+        const activeId = this.activeProfileId;
+        return loaded.config.profiles.map((profile) => profileSummary(profile, activeId));
+    }
+    useProfile(profileId) {
+        const loaded = this.ensureLoaded();
+        const profile = loaded.config.profiles.find((item) => item.id === profileId);
+        if (!profile) {
+            throw new Error(`Profile "${profileId}" does not exist`);
+        }
+        this.activeProfileId = profileId;
+        return profileSummary(profile, profileId);
+    }
+    async setActiveProfile(profileId, persist = true) {
+        const profile = this.getProfile(profileId);
+        if (persist) {
+            const loaded = this.ensureLoaded();
+            const nextRawConfig = cloneRawConfig(loaded.rawConfig);
+            nextRawConfig.activeProfile = profileId;
+            await this.persistRawConfig(nextRawConfig, profileId);
+        }
+        else {
+            this.activeProfileId = profileId;
+        }
+        return profileSummary(profile, this.getActiveProfileId());
+    }
+    findProfiles(query) {
+        const normalized = query.trim().toLowerCase();
+        const all = this.listProfiles();
+        if (!normalized) {
+            return all;
+        }
+        const scored = all
+            .map((profile) => {
+            const record = profile;
+            const fields = {
+                id: String(record.id ?? '').toLowerCase(),
+                name: String(record.name ?? '').toLowerCase(),
+                host: String(record.host ?? '').toLowerCase(),
+                user: String(record.user ?? '').toLowerCase(),
+                note: String(record.note ?? '').toLowerCase(),
+                tags: Array.isArray(record.tags) ? record.tags.map((item) => item.toLowerCase()) : [],
+            };
+            let score = 0;
+            if (fields.id === normalized)
+                score += 100;
+            if (fields.id.includes(normalized))
+                score += 50;
+            if (fields.host === normalized)
+                score += 40;
+            if (fields.host.includes(normalized))
+                score += 20;
+            if (fields.name.includes(normalized))
+                score += 15;
+            if (fields.user.includes(normalized))
+                score += 10;
+            if (fields.note.includes(normalized))
+                score += 8;
+            if (fields.tags.some((tag) => tag.includes(normalized)))
+                score += 12;
+            return {
+                score,
+                profile: record,
+            };
+        })
+            .filter((item) => item.score > 0)
+            .sort((a, b) => b.score - a.score)
+            .map((item) => ({
+            ...item.profile,
+            matchScore: item.score,
+        }));
+        return scored;
+    }
+    async reload() {
+        const previousActiveId = this.activeProfileId ?? undefined;
+        const loaded = await loadProfilesConfig(this.configPath);
+        this.loadedConfig = loaded;
+        this.activeProfileId = this.pickActiveProfileId(loaded, previousActiveId);
+        return {
+            configPath: this.configPath,
+            activeProfile: this.activeProfileId,
+            profileCount: loaded.config.profiles.length,
+            profiles: this.listProfiles(),
+        };
+    }
+    async updateNote(profileId, note) {
+        this.getProfile(profileId);
+        const loaded = this.ensureLoaded();
+        const nextRawConfig = cloneRawConfig(loaded.rawConfig);
+        const rawProfile = this.findRawProfile(nextRawConfig, profileId);
+        if (!rawProfile) {
+            throw new Error(`Raw config profile "${profileId}" not found`);
+        }
+        rawProfile.note = note;
+        await this.persistRawConfig(nextRawConfig);
+        return profileSummary(this.getProfile(profileId), this.getActiveProfileId());
+    }
+    async createProfile(input) {
+        const loaded = this.ensureLoaded();
+        if (this.getProfileMaybe(input.id)) {
+            throw new Error(`Profile "${input.id}" already exists`);
+        }
+        const parsed = profileSchema.parse({
+            id: input.id,
+            name: input.name,
+            host: input.host,
+            port: input.port ?? 22,
+            user: input.user,
+            auth: input.auth,
+            suPassword: input.suPassword,
+            sudoPassword: input.sudoPassword,
+            note: defaultNoteForProfile(input),
+            tags: input.tags ?? [],
+        });
+        const nextRawConfig = cloneRawConfig(loaded.rawConfig);
+        const rawProfiles = this.getRawProfiles(nextRawConfig);
+        const rawProfile = {
+            id: input.id,
+            name: input.name,
+            host: input.host,
+            port: input.port ?? 22,
+            user: input.user,
+            auth: input.auth.type === 'password'
+                ? { type: 'password', password: input.auth.password }
+                : { type: 'key', keyPath: input.auth.keyPath },
+            note: parsed.note,
+            tags: input.tags ?? [],
+        };
+        if (input.suPassword)
+            rawProfile.suPassword = input.suPassword;
+        if (input.sudoPassword)
+            rawProfile.sudoPassword = input.sudoPassword;
+        rawProfiles.push(rawProfile);
+        const shouldActivate = input.activate ?? true;
+        if (shouldActivate) {
+            nextRawConfig.activeProfile = input.id;
+        }
+        await this.persistRawConfig(nextRawConfig, shouldActivate ? input.id : this.activeProfileId ?? undefined);
+        return profileSummary(this.getProfile(input.id), this.getActiveProfileId());
+    }
+    async prepareDeleteProfile(profileId) {
+        const loaded = this.ensureLoaded();
+        const profile = this.getProfile(profileId);
+        if (loaded.config.profiles.length <= 1) {
+            throw new Error('Cannot delete the last profile in config');
+        }
+        const backupPath = await this.backupCurrentConfig(`delete-${profileId}`);
+        const createdAt = Date.now();
+        const expiresAt = createdAt + 10 * 60 * 1000;
+        const requestId = randomUUID();
+        this.pendingDeletes.set(requestId, {
+            requestId,
+            profileId,
+            backupPath,
+            createdAt,
+            expiresAt,
+        });
+        return {
+            deleteRequestId: requestId,
+            profile: profileSummary(profile, this.getActiveProfileId()),
+            backupPath,
+            expiresAt: new Date(expiresAt).toISOString(),
+            confirmationText: `DELETE ${profileId}`,
+            warning: 'Deletion is destructive. Confirm with the user before calling profiles-delete-confirm.',
+        };
+    }
+    async confirmDeleteProfile(deleteRequestId, profileId, confirmationText) {
+        const pending = this.pendingDeletes.get(deleteRequestId);
+        if (!pending) {
+            throw new Error(`Delete request "${deleteRequestId}" does not exist or expired`);
+        }
+        if (pending.expiresAt < Date.now()) {
+            this.pendingDeletes.delete(deleteRequestId);
+            throw new Error(`Delete request "${deleteRequestId}" has expired`);
+        }
+        if (pending.profileId !== profileId) {
+            throw new Error('Delete request profile mismatch');
+        }
+        const expected = `DELETE ${profileId}`;
+        if (confirmationText.trim() !== expected) {
+            throw new Error(`Invalid confirmationText. Expected exactly: "${expected}"`);
+        }
+        const loaded = this.ensureLoaded();
+        const profileToDelete = this.getProfile(profileId);
+        const nextProfiles = loaded.config.profiles.filter((item) => item.id !== profileId);
+        if (nextProfiles.length === 0) {
+            throw new Error('Cannot delete the last profile in config');
+        }
+        const runtimeActiveId = this.getActiveProfileId();
+        const persistedActiveId = readPersistedActiveProfileId(loaded.rawConfig, loaded.config.activeProfile);
+        const nextPersistedActiveId = persistedActiveId === profileId
+            ? nextProfiles[0].id
+            : persistedActiveId;
+        const normalizedPersistedActiveId = hasProfile(nextProfiles, nextPersistedActiveId)
+            ? nextPersistedActiveId
+            : nextProfiles[0].id;
+        const nextRuntimeActiveId = runtimeActiveId === profileId
+            ? normalizedPersistedActiveId
+            : runtimeActiveId;
+        const normalizedRuntimeActiveId = hasProfile(nextProfiles, nextRuntimeActiveId)
+            ? nextRuntimeActiveId
+            : normalizedPersistedActiveId;
+        const nextRawConfig = cloneRawConfig(loaded.rawConfig);
+        const rawProfiles = this.getRawProfiles(nextRawConfig);
+        const filteredRawProfiles = rawProfiles.filter((item) => item.id !== profileId);
+        if (filteredRawProfiles.length === rawProfiles.length) {
+            throw new Error(`Raw config profile "${profileId}" not found`);
+        }
+        nextRawConfig.profiles = filteredRawProfiles;
+        nextRawConfig.activeProfile = normalizedPersistedActiveId;
+        await this.persistRawConfig(nextRawConfig, normalizedRuntimeActiveId);
+        this.pendingDeletes.delete(deleteRequestId);
+        return {
+            deletedProfileId: profileId,
+            deletedProfile: profileSummary(profileToDelete, normalizedRuntimeActiveId),
+            activeProfile: normalizedRuntimeActiveId,
+            persistedActiveProfile: normalizedPersistedActiveId,
+            backupPath: pending.backupPath,
+        };
+    }
+    getProfile(profileId) {
+        const loaded = this.ensureLoaded();
+        const profile = loaded.config.profiles.find((item) => item.id === profileId);
+        if (!profile) {
+            throw new Error(`Profile "${profileId}" does not exist`);
+        }
+        return profile;
+    }
+    getProfileMaybe(profileId) {
+        const loaded = this.ensureLoaded();
+        return loaded.config.profiles.find((item) => item.id === profileId);
+    }
+    async backupCurrentConfig(reason) {
+        const directory = path.dirname(this.configPath);
+        const fileName = path.basename(this.configPath);
+        const stamp = new Date().toISOString().replace(/[:.]/g, '-');
+        const safeReason = sanitizeBackupReason(reason);
+        const backupDir = path.resolve(directory, '.ssh-mcp-backups');
+        await mkdir(backupDir, { recursive: true, mode: 0o700 });
+        const backupFileName = `${fileName}.${stamp}.${safeReason}.bak`;
+        const backupPath = path.resolve(backupDir, backupFileName);
+        const relativePath = path.relative(backupDir, backupPath);
+        if (relativePath.startsWith('..') || path.isAbsolute(relativePath)) {
+            throw new Error('Backup path escaped backup directory');
+        }
+        const content = await readFile(this.configPath, 'utf8');
+        await writeFile(backupPath, content, { encoding: 'utf8', mode: 0o600 });
+        if (process.platform !== 'win32') {
+            await chmod(backupPath, 0o600);
+        }
+        return backupPath;
+    }
+}

package/build/ssh/command-utils.js

@@ -0,0 +1,49 @@
+import { ErrorCode, McpError } from '@modelcontextprotocol/sdk/types.js';
+export const DEFAULT_MAX_CHARS = 1000;
+export const DEFAULT_TIMEOUT_MS = 60000;
+export function parseMaxChars(value, fallback = DEFAULT_MAX_CHARS) {
+    if (value === undefined || value === null)
+        return fallback;
+    if (typeof value === 'number') {
+        if (!Number.isFinite(value))
+            return fallback;
+        if (value <= 0)
+            return Infinity;
+        return Math.floor(value);
+    }
+    if (typeof value === 'string') {
+        const trimmed = value.trim().toLowerCase();
+        if (trimmed === 'none')
+            return Infinity;
+        const parsed = Number.parseInt(trimmed, 10);
+        if (Number.isNaN(parsed))
+            return fallback;
+        if (parsed <= 0)
+            return Infinity;
+        return parsed;
+    }
+    return fallback;
+}
+export function sanitizeCommand(command, maxChars = DEFAULT_MAX_CHARS) {
+    if (typeof command !== 'string') {
+        throw new McpError(ErrorCode.InvalidParams, 'Command must be a string');
+    }
+    const trimmedCommand = command.trim();
+    if (!trimmedCommand) {
+        throw new McpError(ErrorCode.InvalidParams, 'Command cannot be empty');
+    }
+    if (Number.isFinite(maxChars) && trimmedCommand.length > maxChars) {
+        throw new McpError(ErrorCode.InvalidParams, `Command is too long (max ${maxChars} characters)`);
+    }
+    return trimmedCommand;
+}
+export function sanitizePassword(password) {
+    if (typeof password !== 'string')
+        return undefined;
+    if (password.length === 0)
+        return undefined;
+    return password;
+}
+export function escapeCommandForShell(command) {
+    return command.replace(/'/g, "'\"'\"'");
+}