opencode-pair-autonomy 1.0.0

package/vendor/mcp/ssh-mcp/package.json

@@ -0,0 +1,18 @@
+{
+  "name": "ssh-mcp-server",
+  "version": "2.0.0",
+  "description": "Validated SSH MCP server with secure defaults",
+  "type": "module",
+  "main": "src/index.js",
+  "bin": {
+    "ssh-mcp": "./src/index.js"
+  },
+  "scripts": {
+    "start": "node src/index.js",
+    "check": "node --check src/index.js && node --check src/config.js && node --check src/ssh.js"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "zod": "^3.24.2"
+  }
+}

package/vendor/mcp/ssh-mcp/src/config.js

@@ -0,0 +1,140 @@
+import { existsSync, readFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { z } from "zod";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+const hostSchema = z.object({
+  host: z.string().min(1),
+  port: z.coerce.number().int().min(1).max(65535).default(22),
+  user: z.string().min(1).default("root"),
+  description: z.string().default(""),
+  keyPath: z.string().optional(),
+  password: z.string().optional(),
+  passwordEnv: z.string().optional(),
+  connect_timeout_seconds: z.coerce.number().int().min(1).max(120).optional(),
+  default_timeout_seconds: z.coerce.number().int().min(1).max(600).optional(),
+  max_timeout_seconds: z.coerce.number().int().min(1).max(3600).optional(),
+  max_output_bytes: z.coerce
+    .number()
+    .int()
+    .min(1024)
+    .max(10_000_000)
+    .optional(),
+  ready_command: z.string().min(1).default("echo SSH_OK"),
+  strict_host_key_checking: z
+    .enum(["yes", "accept-new", "no"])
+    .default("accept-new"),
+  command_allowlist: z.array(z.string().min(1)).optional(),
+});
+
+const configSchema = z.object({
+  default_timeout_seconds: z.coerce.number().int().min(1).max(600).default(60),
+  max_timeout_seconds: z.coerce.number().int().min(1).max(3600).default(600),
+  max_output_bytes: z.coerce
+    .number()
+    .int()
+    .min(1024)
+    .max(10_000_000)
+    .default(131072),
+  hosts: z.record(z.string(), hostSchema).default({}),
+});
+
+function expandHome(pathValue) {
+  if (!pathValue || !pathValue.startsWith("~/")) return pathValue;
+  return join(process.env.HOME || "", pathValue.slice(2));
+}
+
+function resolvePassword(host, hostName) {
+  if (host.password) return host.password;
+  if (!host.passwordEnv) return undefined;
+
+  const value = process.env[host.passwordEnv];
+  if (!value) {
+    throw new Error(
+      `Host '${hostName}' expects env var '${host.passwordEnv}' but it is not set.`,
+    );
+  }
+
+  return value;
+}
+
+function loadRawConfig() {
+  const candidates = [
+    process.env.SSH_MCP_CONFIG_PATH,
+    join(__dirname, "../config.json"),
+    join(process.cwd(), "config.json"),
+  ].filter(Boolean);
+
+  for (const configPath of candidates) {
+    if (!existsSync(configPath)) continue;
+    try {
+      return {
+        configPath,
+        raw: JSON.parse(readFileSync(configPath, "utf8")),
+      };
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      throw new Error(
+        `Could not read SSH MCP config '${configPath}': ${message}`,
+      );
+    }
+  }
+
+  throw new Error(
+    "SSH MCP config not found. Set SSH_MCP_CONFIG_PATH or create config.json next to this server.",
+  );
+}
+
+export function loadConfig() {
+  const { configPath, raw } = loadRawConfig();
+  const parsed = configSchema.parse(raw);
+
+  const hosts = Object.fromEntries(
+    Object.entries(parsed.hosts).map(([name, host]) => {
+      const normalized = {
+        ...host,
+        keyPath: host.keyPath ? expandHome(host.keyPath) : undefined,
+        password: resolvePassword(host, name),
+        default_timeout_seconds:
+          host.default_timeout_seconds ?? parsed.default_timeout_seconds,
+        max_timeout_seconds:
+          host.max_timeout_seconds ?? parsed.max_timeout_seconds,
+        max_output_bytes: host.max_output_bytes ?? parsed.max_output_bytes,
+      };
+
+      if (normalized.default_timeout_seconds > normalized.max_timeout_seconds) {
+        throw new Error(
+          `Host '${name}' has default_timeout_seconds greater than max_timeout_seconds.`,
+        );
+      }
+
+      return [name, normalized];
+    }),
+  );
+
+  return {
+    configPath,
+    hosts,
+    default_timeout_seconds: parsed.default_timeout_seconds,
+    max_timeout_seconds: parsed.max_timeout_seconds,
+    max_output_bytes: parsed.max_output_bytes,
+  };
+}
+
+export function getHost(config, connection) {
+  const host = config.hosts[connection];
+  if (host) return host;
+
+  const available = Object.keys(config.hosts);
+  if (available.length === 0) {
+    throw new Error(
+      "No SSH hosts configured. Update ssh-mcp/config.json first.",
+    );
+  }
+
+  throw new Error(
+    `Unknown connection '${connection}'. Available: ${available.join(", ")}`,
+  );
+}

package/vendor/mcp/ssh-mcp/src/index.js

@@ -0,0 +1,130 @@
+#!/usr/bin/env node
+
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { CallToolRequestSchema, ListToolsRequestSchema } from "@modelcontextprotocol/sdk/types.js";
+import { z } from "zod";
+import { getHost, loadConfig } from "./config.js";
+import { runSshCommand, testSshConnection } from "./ssh.js";
+
+const config = loadConfig();
+const hostNames = Object.keys(config.hosts);
+
+const runCommandSchema = z.object({
+  connection: z.string().min(1),
+  command: z.string().min(1),
+  timeout_seconds: z.coerce.number().int().min(1).max(3600).optional(),
+});
+
+const connectionSchema = z.object({
+  connection: z.string().min(1),
+});
+
+function ok(payload) {
+  const text = typeof payload === "string" ? payload : JSON.stringify(payload, null, 2);
+  return { content: [{ type: "text", text }] };
+}
+
+function fail(message) {
+  return { content: [{ type: "text", text: message }], isError: true };
+}
+
+const server = new Server(
+  { name: "ssh-mcp-server", version: "2.0.0" },
+  { capabilities: { tools: {} } }
+);
+
+server.setRequestHandler(ListToolsRequestSchema, async () => ({
+  tools: [
+    {
+      name: "list_hosts",
+      description: "List configured SSH hosts",
+      inputSchema: { type: "object", properties: {} },
+    },
+    {
+      name: "test_connection",
+      description: "Test SSH connectivity with each host's ready command",
+      inputSchema: {
+        type: "object",
+        properties: {
+          connection: { type: "string", enum: hostNames.length > 0 ? hostNames : undefined },
+        },
+        required: ["connection"],
+      },
+    },
+    {
+      name: "run_command",
+      description: "Run a command on a configured SSH host",
+      inputSchema: {
+        type: "object",
+        properties: {
+          connection: { type: "string", enum: hostNames.length > 0 ? hostNames : undefined },
+          command: { type: "string" },
+          timeout_seconds: { type: "number", minimum: 1, maximum: 3600 },
+        },
+        required: ["connection", "command"],
+      },
+    },
+  ],
+}));
+
+server.setRequestHandler(CallToolRequestSchema, async (request) => {
+  const { name, arguments: args } = request.params;
+
+  try {
+    switch (name) {
+      case "list_hosts": {
+        const hosts = Object.entries(config.hosts).map(([connectionName, host]) => ({
+          connection: connectionName,
+          host: host.host,
+          port: host.port,
+          user: host.user,
+          description: host.description,
+          auth: host.password ? "password" : host.keyPath ? "key" : "agent/default",
+          has_allowlist: Boolean(host.command_allowlist && host.command_allowlist.length > 0),
+          default_timeout_seconds: host.default_timeout_seconds,
+          max_timeout_seconds: host.max_timeout_seconds,
+          max_output_bytes: host.max_output_bytes,
+        }));
+
+        return ok({
+          config_path: config.configPath,
+          host_count: hosts.length,
+          hosts,
+        });
+      }
+
+      case "test_connection": {
+        const parsed = connectionSchema.parse(args || {});
+        const host = getHost(config, parsed.connection);
+        const result = await testSshConnection(host);
+        return ok(result);
+      }
+
+      case "run_command": {
+        const parsed = runCommandSchema.parse(args || {});
+        const host = getHost(config, parsed.connection);
+        const result = await runSshCommand(host, parsed.command, {
+          timeout_seconds: parsed.timeout_seconds,
+        });
+        return ok(result);
+      }
+
+      default:
+        return fail(`Unknown tool: ${name}`);
+    }
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    return fail(message);
+  }
+});
+
+async function main() {
+  await server.connect(new StdioServerTransport());
+}
+
+main().catch((error) => {
+  const message = error instanceof Error ? error.message : String(error);
+  console.error(`Failed to start ssh-mcp-server: ${message}`);
+  process.exit(1);
+});

package/vendor/mcp/ssh-mcp/src/ssh.js

@@ -0,0 +1,163 @@
+import { spawn } from "node:child_process";
+
+function quoteSingle(value) {
+  return `'${String(value).replace(/'/g, "'\\''")}'`;
+}
+
+function clampTimeout(requested, host) {
+  const parsed = Number(requested);
+  const fallback = host.default_timeout_seconds;
+  const timeout = Number.isFinite(parsed) && parsed > 0 ? Math.floor(parsed) : fallback;
+  return Math.min(timeout, host.max_timeout_seconds);
+}
+
+function toWildcardRegex(pattern) {
+  const escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
+  return new RegExp(`^${escaped}$`);
+}
+
+function commandAllowed(command, allowlist) {
+  if (!allowlist || allowlist.length === 0) return true;
+  const normalized = command.trim();
+  return allowlist.some((pattern) => toWildcardRegex(pattern).test(normalized));
+}
+
+function buildSshInvocation(host, command) {
+  const sshArgs = [
+    "-p",
+    String(host.port),
+    "-o",
+    `StrictHostKeyChecking=${host.strict_host_key_checking}`,
+    "-o",
+    "ServerAliveInterval=15",
+    "-o",
+    "ServerAliveCountMax=2",
+    "-o",
+    "LogLevel=ERROR",
+  ];
+
+  if (typeof host.connect_timeout_seconds === "number") {
+    sshArgs.push("-o", `ConnectTimeout=${host.connect_timeout_seconds}`);
+  }
+
+  if (host.keyPath) {
+    sshArgs.push("-i", host.keyPath);
+  }
+
+  const target = `${host.user}@${host.host}`;
+  const remoteCommand = `bash -lc ${quoteSingle(command)}`;
+  sshArgs.push(target, remoteCommand);
+
+  if (!host.password) {
+    return {
+      cmd: "ssh",
+      args: sshArgs,
+      env: process.env,
+      auth: host.keyPath ? "key" : "agent/default",
+    };
+  }
+
+  return {
+    cmd: "sshpass",
+    args: ["-e", "ssh", ...sshArgs],
+    env: { ...process.env, SSHPASS: host.password },
+    auth: host.keyPath ? "key+password" : "password",
+  };
+}
+
+function appendChunk(buffer, chunk, maxBytes) {
+  if (buffer.length >= maxBytes) return { text: buffer, full: false };
+  const remaining = maxBytes - buffer.length;
+  const slice = chunk.length > remaining ? chunk.slice(0, remaining) : chunk;
+  return {
+    text: buffer + slice,
+    full: chunk.length <= remaining,
+  };
+}
+
+export async function runSshCommand(host, command, options = {}) {
+  if (!commandAllowed(command, host.command_allowlist)) {
+    throw new Error(
+      "Command rejected by allowlist. Update command_allowlist in ssh-mcp config for this host."
+    );
+  }
+
+  const timeoutSeconds = clampTimeout(options.timeout_seconds, host);
+  const maxOutputBytes = host.max_output_bytes;
+
+  return await new Promise((resolve) => {
+    const start = Date.now();
+    const invocation = buildSshInvocation(host, command);
+    const proc = spawn(invocation.cmd, invocation.args, { env: invocation.env });
+
+    let stdout = "";
+    let stderr = "";
+    let timedOut = false;
+    let outputTruncated = false;
+    let killedByOutputLimit = false;
+
+    const finish = (code, errorMessage) => {
+      const durationMs = Date.now() - start;
+      const ok = code === 0 && !timedOut && !killedByOutputLimit && !errorMessage;
+
+      resolve({
+        ok,
+        connection: `${host.user}@${host.host}:${host.port}`,
+        auth: invocation.auth,
+        command,
+        timeout_seconds: timeoutSeconds,
+        max_output_bytes: maxOutputBytes,
+        timed_out: timedOut,
+        output_truncated: outputTruncated,
+        exit_code: code,
+        duration_ms: durationMs,
+        stdout,
+        stderr: errorMessage ? `${stderr}\n${errorMessage}`.trim() : stderr,
+      });
+    };
+
+    const timer = setTimeout(() => {
+      timedOut = true;
+      proc.kill("SIGKILL");
+    }, timeoutSeconds * 1000);
+
+    proc.stdout.on("data", (chunk) => {
+      const result = appendChunk(stdout, chunk.toString(), maxOutputBytes);
+      stdout = result.text;
+      if (!result.full) {
+        outputTruncated = true;
+        killedByOutputLimit = true;
+        proc.kill("SIGKILL");
+      }
+    });
+
+    proc.stderr.on("data", (chunk) => {
+      const result = appendChunk(stderr, chunk.toString(), maxOutputBytes);
+      stderr = result.text;
+      if (!result.full) {
+        outputTruncated = true;
+        killedByOutputLimit = true;
+        proc.kill("SIGKILL");
+      }
+    });
+
+    proc.on("error", (error) => {
+      clearTimeout(timer);
+      finish(null, error.message);
+    });
+
+    proc.on("close", (code) => {
+      clearTimeout(timer);
+      if (killedByOutputLimit && !stderr.includes("output limit")) {
+        stderr = `${stderr}\nProcess terminated because output exceeded max_output_bytes.`.trim();
+      }
+      finish(code, null);
+    });
+  });
+}
+
+export async function testSshConnection(host) {
+  return await runSshCommand(host, host.ready_command, {
+    timeout_seconds: Math.min(host.default_timeout_seconds, 20),
+  });
+}

package/vendor/mcp/sudo-mcp/README.md

@@ -0,0 +1,51 @@
+# sudo-mcp
+
+Two-step approval MCP server for running local `sudo` commands safely.
+
+## Safety Model
+
+- Every command must pass policy checks (`deny_patterns`, optional `allow_patterns`)
+- Commands are requested first, then executed with a separate approval step
+- Each request has an approval code and TTL
+- Default policy enforces non-interactive sudo (`sudo -n`)
+- Default mode is allow-all with a deny list for destructive operations
+
+## Tools
+
+- `get_sudo_policy`
+- `request_sudo_execution`
+- `run_approved_sudo`
+- `list_pending_sudo_requests`
+- `cancel_pending_sudo_request`
+
+## Install
+
+```bash
+npm install
+```
+
+## Configure
+
+```bash
+cp config.example.json config.json
+```
+
+Tune:
+
+- `allow_patterns` (optional when `require_allowlist` is `false`)
+- `require_allowlist`
+- `deny_patterns`
+- `approval_ttl_seconds`
+- timeout/output limits
+
+## Approval Flow
+
+1. Call `request_sudo_execution`
+2. Show `expected_user_phrase` to the human
+3. Run `run_approved_sudo` only after the user sends that phrase
+
+Example expected phrase:
+
+```text
+APPROVE_SUDO <request_id> <approval_code>
+```

package/vendor/mcp/sudo-mcp/config.example.json

@@ -0,0 +1,28 @@
+{
+  "approval_ttl_seconds": 300,
+  "default_timeout_seconds": 60,
+  "max_timeout_seconds": 300,
+  "max_output_bytes": 131072,
+  "require_non_interactive_sudo": true,
+  "require_allowlist": false,
+  "allow_patterns": [],
+  "deny_patterns": [
+    "rm -rf *",
+    "rm -fr *",
+    "rm -r -f *",
+    "rm -rf --no-preserve-root /",
+    "shred -n * -z *",
+    "wipefs*",
+    "mkfs*",
+    "fdisk*",
+    "parted*",
+    "poweroff*",
+    "shutdown*",
+    "reboot*",
+    "init 0",
+    "init 6",
+    "halt*",
+    "dd of=/dev/*",
+    "dd if=* of=/dev/*"
+  ]
+}

package/vendor/mcp/sudo-mcp/config.json

@@ -0,0 +1,28 @@
+{
+  "approval_ttl_seconds": 300,
+  "default_timeout_seconds": 60,
+  "max_timeout_seconds": 300,
+  "max_output_bytes": 131072,
+  "require_non_interactive_sudo": true,
+  "require_allowlist": false,
+  "allow_patterns": [],
+  "deny_patterns": [
+    "rm -rf *",
+    "rm -fr *",
+    "rm -r -f *",
+    "rm -rf --no-preserve-root /",
+    "shred -n * -z *",
+    "wipefs*",
+    "mkfs*",
+    "fdisk*",
+    "parted*",
+    "poweroff*",
+    "shutdown*",
+    "reboot*",
+    "init 0",
+    "init 6",
+    "halt*",
+    "dd of=/dev/*",
+    "dd if=* of=/dev/*"
+  ]
+}