defense-mcp-server 0.9.2 → 0.9.4

package/build/tools/sudo-management.js

@@ -84,7 +84,7 @@ export function registerSudoManagementTools(server) {
                         const status = session.getStatus();
                         return {
                             content: [
-                                createTextContent(`🔓 Already elevated as '${status.username}'.\n` +
+                                createTextContent(`Already elevated as '${status.username}'.\n` +
                                     `Session expires at: ${status.expiresAt ?? "never"}\n` +
                                     `Remaining: ${status.remainingSeconds !== null ? `${status.remainingSeconds}s` : "∞"}\n\n` +
                                     `Use sudo_session action=drop to end the current session before re-elevating.`),
@@ -100,7 +100,7 @@ export function registerSudoManagementTools(server) {
                             : "unknown";
                         return {
                             content: [
-                                createErrorContent(`❌ Authentication rate limit exceeded.\n\n` +
+                                createErrorContent(`Authentication rate limit exceeded.\n\n` +
                                     `Too many failed attempts were detected within the last 5 minutes.\n` +
                                     `Please wait until ${resetAt} before trying again.\n\n` +
                                     `For security, this lockout cannot be bypassed.\n` +
@@ -120,7 +120,7 @@ export function registerSudoManagementTools(server) {
                         invalidatePreflightCaches();
                         const status = session.getStatus();
                         const lines = [
-                            `🔓 Privileges elevated successfully!`,
+                            `Privileges elevated successfully!`,
                             ``,
                             `  User: ${status.username}`,
                             `  Expires: ${status.expiresAt ?? "never (running as root)"}`,
@@ -142,7 +142,7 @@ export function registerSudoManagementTools(server) {
                             : "unknown";
                         return {
                             content: [
-                                createErrorContent(`❌ Authentication rate limit exceeded.\n\n` +
+                                createErrorContent(`Authentication rate limit exceeded.\n\n` +
                                     `Too many failed attempts. Please wait until ${resetAt} before retrying.\n\n` +
                                     `For security, this lockout cannot be bypassed.`),
                             ],
@@ -160,7 +160,7 @@ export function registerSudoManagementTools(server) {
                         : "";
                     return {
                         content: [
-                            createErrorContent(`❌ Authentication failed: ${result.error}\n\n` +
+                            createErrorContent(`Authentication failed: ${result.error}\n\n` +
                                 `${attemptsLine}\n\n` +
                                 `Please verify:\n` +
                                 `  1. The password is correct\n` +
@@ -197,7 +197,7 @@ export function registerSudoManagementTools(server) {
                         const status = session.getStatus();
                         return {
                             content: [
-                                createTextContent(`🔓 Already elevated as '${status.username}'.\n` +
+                                createTextContent(`Already elevated as '${status.username}'.\n` +
                                     `Session expires at: ${status.expiresAt ?? "never"}\n` +
                                     `Remaining: ${status.remainingSeconds !== null ? `${status.remainingSeconds}s` : "∞"}\n\n` +
                                     `Use sudo_session action=drop to end the current session before re-elevating.`),
@@ -212,7 +212,7 @@ export function registerSudoManagementTools(server) {
                             : "unknown";
                         return {
                             content: [
-                                createErrorContent(`❌ Authentication rate limit exceeded.\n\n` +
+                                createErrorContent(`Authentication rate limit exceeded.\n\n` +
                                     `Too many failed attempts. Please wait until ${resetAt} before retrying.`),
                             ],
                             isError: true,
@@ -226,7 +226,7 @@ export function registerSudoManagementTools(server) {
                     if (!hasDisplay) {
                         return {
                             content: [
-                                createErrorContent(`❌ GUI elevation is not available — no graphical session detected.\n\n` +
+                                createErrorContent(`GUI elevation is not available — no graphical session detected.\n\n` +
                                     `Could not find DISPLAY or WAYLAND_DISPLAY in the current process\n` +
                                     `or any desktop session process (gnome-shell, plasmashell, etc.).\n\n` +
                                     `Use sudo_session action=elevate with your password instead.`),
@@ -239,7 +239,7 @@ export function registerSudoManagementTools(server) {
                     if (!guiTool) {
                         return {
                             content: [
-                                createErrorContent(`❌ No GUI password dialog tool found.\n\n` +
+                                createErrorContent(`No GUI password dialog tool found.\n\n` +
                                     `Install one of: zenity, kdialog, or ssh-askpass\n` +
                                     `  sudo apt install zenity    # GNOME/GTK\n` +
                                     `  sudo apt install kdialog   # KDE/Qt\n\n` +
@@ -257,7 +257,7 @@ export function registerSudoManagementTools(server) {
                     if (!password) {
                         return {
                             content: [
-                                createErrorContent(`❌ Password dialog was cancelled or timed out.\n\n` +
+                                createErrorContent(`Password dialog was cancelled or timed out.\n\n` +
                                     `No password was entered. Try again with:\n` +
                                     `  sudo_session action=elevate_gui\n\n` +
                                     `Or provide your password directly with:\n` +
@@ -278,7 +278,7 @@ export function registerSudoManagementTools(server) {
                         const status = session.getStatus();
                         return {
                             content: [
-                                createTextContent(`🔓 Privileges elevated successfully!\n\n` +
+                                createTextContent(`Privileges elevated successfully!\n\n` +
                                     `  User: ${status.username}\n` +
                                     `  Expires: ${status.expiresAt ?? "never (running as root)"}\n` +
                                     `  Timeout: ${timeout_minutes} minutes\n` +
@@ -295,7 +295,7 @@ export function registerSudoManagementTools(server) {
                         : `Attempts remaining before lockout: ${rlAfter.attemptsRemaining}`;
                     return {
                         content: [
-                            createErrorContent(`❌ Authentication failed: ${result.error}\n\n` +
+                            createErrorContent(`Authentication failed: ${result.error}\n\n` +
                                 `${attemptsLine}\n\n` +
                                 `The password was securely wiped. Please try again.`),
                         ],
@@ -319,7 +319,7 @@ export function registerSudoManagementTools(server) {
                     if (!status.elevated) {
                         const rlLines = [];
                         if (rl.limited) {
-                            rlLines.push(`  ⚠️  Rate limit ACTIVE — elevation blocked`);
+                            rlLines.push(`  WARNING: Rate limit ACTIVE — elevation blocked`);
                             rlLines.push(`     Unlocks at: ${rl.resetAt ? new Date(rl.resetAt).toLocaleTimeString() : "unknown"}`);
                         }
                         else {
@@ -327,7 +327,7 @@ export function registerSudoManagementTools(server) {
                         }
                         return {
                             content: [
-                                createTextContent(`🔒 Not elevated — sudo credentials are not cached.\n\n` +
+                                createTextContent(`Not elevated — sudo credentials are not cached.\n\n` +
                                     rlLines.join("\n") + "\n\n" +
                                     `Use sudo_session action=elevate to provide your password and enable\n` +
                                     `transparent sudo for all defensive security tools.`),
@@ -335,8 +335,8 @@ export function registerSudoManagementTools(server) {
                         };
                     }
                     const sections = [];
-                    sections.push("🔓 Sudo Session Active");
-                    sections.push("═".repeat(40));
+                    sections.push("Sudo Session Active");
+                    sections.push("");
                     sections.push(`  User: ${status.username}`);
                     sections.push(`  Expires: ${status.expiresAt ?? "never (root)"}`);
                     sections.push(`  Auth method: password (sudo -S)`);
@@ -345,7 +345,7 @@ export function registerSudoManagementTools(server) {
                         const secs = status.remainingSeconds % 60;
                         sections.push(`  Remaining: ${mins}m ${secs}s`);
                         if (status.remainingSeconds < 120) {
-                            sections.push(`\n  ⚠️ Session expiring soon! Use sudo_session action=extend to continue.`);
+                            sections.push(`\n  Session expiring soon! Use sudo_session action=extend to continue.`);
                         }
                     }
                     else {
@@ -374,7 +374,7 @@ export function registerSudoManagementTools(server) {
                     if (wasElevated) {
                         return {
                             content: [
-                                createTextContent(`🔒 Privileges dropped successfully.\n\n` +
+                                createTextContent(`Privileges dropped successfully.\n\n` +
                                     `  Previous user: ${prevStatus.username}\n` +
                                     `  Password buffer: zeroed\n` +
                                     `  System sudo cache: invalidated\n\n` +
@@ -384,7 +384,7 @@ export function registerSudoManagementTools(server) {
                     }
                     return {
                         content: [
-                            createTextContent(`🔒 No active sudo session to drop.\n` +
+                            createTextContent(`No active sudo session to drop.\n` +
                                 `The system is already in an unprivileged state.`),
                         ],
                     };
@@ -405,7 +405,7 @@ export function registerSudoManagementTools(server) {
                     if (!session.isElevated()) {
                         return {
                             content: [
-                                createErrorContent(`🔒 No active sudo session to extend.\n\n` +
+                                createErrorContent(`No active sudo session to extend.\n\n` +
                                     `Use sudo_session action=elevate to provide your password and start a session first.`),
                             ],
                             isError: true,
@@ -428,7 +428,7 @@ export function registerSudoManagementTools(server) {
                     const status = session.getStatus();
                     return {
                         content: [
-                            createTextContent(`🔓 Session extended by ${minutes} minutes.\n\n` +
+                            createTextContent(`Session extended by ${minutes} minutes.\n\n` +
                                 `  User: ${status.username}\n` +
                                 `  New expiry: ${status.expiresAt ?? "never (root)"}\n` +
                                 `  Remaining: ${status.remainingSeconds !== null ? `${Math.floor(status.remainingSeconds / 60)}m ${status.remainingSeconds % 60}s` : "∞"}`),
@@ -501,26 +501,26 @@ export function registerSudoManagementTools(server) {
                     const otherFails = results.filter((r) => !r.ready && !r.needsSudo && r.missingDeps.length === 0);
                     // Build report
                     const lines = [];
-                    lines.push("🔍 Pre-flight Batch Check Results");
-                    lines.push("═".repeat(50));
+                    lines.push("Pre-flight Batch Check Results");
+                    lines.push("");
                     lines.push(`Checked: ${toolNames.length} tools`);
-                    lines.push(`  ✅ Ready: ${ready.length}`);
-                    lines.push(`  🔒 Need sudo: ${needSudo.length}`);
-                    lines.push(`  📦 Missing deps: ${needDeps.length}`);
+                    lines.push(`  Ready: ${ready.length}`);
+                    lines.push(`  Need sudo: ${needSudo.length}`);
+                    lines.push(`  Missing deps: ${needDeps.length}`);
                     if (otherFails.length > 0) {
-                        lines.push(`  ❌ Other issues: ${otherFails.length}`);
+                        lines.push(`  Other issues: ${otherFails.length}`);
                     }
                     // Section: Tools that need sudo elevation
                     if (needSudo.length > 0) {
                         lines.push("");
-                        lines.push("🛑 SUDO ELEVATION REQUIRED");
-                        lines.push("─".repeat(50));
+                        lines.push("SUDO ELEVATION REQUIRED");
+                        lines.push("");
                         lines.push("The following tools need sudo privileges.");
                         lines.push("Call sudo_session action=elevate with the user's password BEFORE");
                         lines.push("executing any of these tools:");
                         lines.push("");
                         for (const r of needSudo) {
-                            lines.push(`  🔒 ${r.tool}`);
+                            lines.push(`  ${r.tool}`);
                             if (r.sudoReason) {
                                 lines.push(`     Reason: ${r.sudoReason}`);
                             }
@@ -532,10 +532,10 @@ export function registerSudoManagementTools(server) {
                     // Section: Missing dependencies
                     if (needDeps.length > 0) {
                         lines.push("");
-                        lines.push("📦 MISSING DEPENDENCIES");
-                        lines.push("─".repeat(50));
+                        lines.push("MISSING DEPENDENCIES");
+                        lines.push("");
                         for (const r of needDeps) {
-                            lines.push(`  ❌ ${r.tool}`);
+                            lines.push(`  ${r.tool}`);
                             for (const dep of r.missingDeps) {
                                 lines.push(`     Missing: ${dep}`);
                             }
@@ -547,10 +547,10 @@ export function registerSudoManagementTools(server) {
                     // Section: Ready tools
                     if (ready.length > 0) {
                         lines.push("");
-                        lines.push("✅ READY TO EXECUTE");
-                        lines.push("─".repeat(50));
+                        lines.push("READY TO EXECUTE");
+                        lines.push("");
                         for (const r of ready) {
-                            lines.push(`  ✅ ${r.tool}`);
+                            lines.push(`  ${r.tool}`);
                         }
                     }
                     // Build machine-readable metadata

package/build/tools/threat-intel.js

@@ -8,7 +8,7 @@
  * feeds, feed management, and blocklist application to iptables/fail2ban/hosts.
  */
 import { z } from "zod";
-import { spawnSafe } from "../core/spawn-safe.js";
+import { runCommand } from "../core/run-command.js";
 import { createTextContent, createErrorContent, formatToolOutput, } from "../core/parsers.js";
 import { existsSync, readFileSync, readdirSync, statSync } from "node:fs";
 // ── Constants ──────────────────────────────────────────────────────────────────
@@ -26,53 +26,7 @@ const MAX_BATCH_SIZE = 1000;
 const SINKHOLE_IPS = new Set(["0.0.0.0", "127.0.0.1"]);
 /** Basic IPv4 regex for validation */
 const IPV4_REGEX = /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/;
-/**
- * Run a command via spawnSafe and collect output as a promise.
- * Handles errors gracefully — returns error info instead of throwing.
- */
-async function runCommand(command, args, timeoutMs = 30_000) {
-    return new Promise((resolve) => {
-        let child;
-        try {
-            child = spawnSafe(command, args);
-        }
-        catch (err) {
-            const msg = err instanceof Error ? err.message : String(err);
-            resolve({ stdout: "", stderr: msg, exitCode: -1 });
-            return;
-        }
-        let stdout = "";
-        let stderr = "";
-        let resolved = false;
-        const timer = setTimeout(() => {
-            if (!resolved) {
-                resolved = true;
-                child.kill("SIGTERM");
-                resolve({ stdout, stderr: stderr + "\n[TIMEOUT]", exitCode: -1 });
-            }
-        }, timeoutMs);
-        child.stdout?.on("data", (data) => {
-            stdout += data.toString();
-        });
-        child.stderr?.on("data", (data) => {
-            stderr += data.toString();
-        });
-        child.on("close", (code) => {
-            if (!resolved) {
-                resolved = true;
-                clearTimeout(timer);
-                resolve({ stdout, stderr, exitCode: code ?? -1 });
-            }
-        });
-        child.on("error", (err) => {
-            if (!resolved) {
-                resolved = true;
-                clearTimeout(timer);
-                resolve({ stdout, stderr: err.message, exitCode: -1 });
-            }
-        });
-    });
-}
+// ── Helpers ────────────────────────────────────────────────────────────────────
 // ── Validation ─────────────────────────────────────────────────────────────────
 /**
  * Validate an IPv4 address.

package/build/tools/vulnerability-management.js

@@ -7,59 +7,13 @@
  * using nmap, nikto, and searchsploit.
  */
 import { z } from "zod";
-import { spawnSafe } from "../core/spawn-safe.js";
+import { runCommand } from "../core/run-command.js";
 import { secureWriteFileSync } from "../core/secure-fs.js";
 import { createTextContent, createErrorContent, formatToolOutput, } from "../core/parsers.js";
 import { existsSync, readFileSync } from "node:fs";
 // ── Constants ──────────────────────────────────────────────────────────────────
 const VULN_TRACKER_PATH = "/var/lib/defense-mcp/vuln-tracker.json";
-/**
- * Run a command via spawnSafe and collect output as a promise.
- * Handles errors gracefully — returns error info instead of throwing.
- */
-async function runCommand(command, args, timeoutMs = 60_000) {
-    return new Promise((resolve) => {
-        let child;
-        try {
-            child = spawnSafe(command, args);
-        }
-        catch (err) {
-            const msg = err instanceof Error ? err.message : String(err);
-            resolve({ stdout: "", stderr: msg, exitCode: -1 });
-            return;
-        }
-        let stdout = "";
-        let stderr = "";
-        let resolved = false;
-        const timer = setTimeout(() => {
-            if (!resolved) {
-                resolved = true;
-                child.kill("SIGTERM");
-                resolve({ stdout, stderr: stderr + "\n[TIMEOUT]", exitCode: -1 });
-            }
-        }, timeoutMs);
-        child.stdout?.on("data", (data) => {
-            stdout += data.toString();
-        });
-        child.stderr?.on("data", (data) => {
-            stderr += data.toString();
-        });
-        child.on("close", (code) => {
-            if (!resolved) {
-                resolved = true;
-                clearTimeout(timer);
-                resolve({ stdout, stderr, exitCode: code ?? -1 });
-            }
-        });
-        child.on("error", (err) => {
-            if (!resolved) {
-                resolved = true;
-                clearTimeout(timer);
-                resolve({ stdout, stderr: err.message, exitCode: -1 });
-            }
-        });
-    });
-}
+// ── Helpers ────────────────────────────────────────────────────────────────────
 /**
  * Load the vulnerability tracker database from disk.
  */
@@ -551,7 +505,7 @@ export function registerVulnerabilityManagementTools(server) {
                                     .map((v, i) => `${i + 1}. [${v.severity.toUpperCase()}] ${v.vuln_id} (score: ${v.priority_score})\n` +
                                     `   ${v.description}\n` +
                                     `   Action: ${v.recommended_action}` +
-                                    (v.exploit_available ? "\n   ⚠ EXPLOIT AVAILABLE" : ""))
+                                    (v.exploit_available ? "\n   WARNING: EXPLOIT AVAILABLE" : ""))
                                     .join("\n\n"))],
                     };
                 }