smooth-ssh-mcp 0.1.1

package/dist/sshArgs.js

@@ -0,0 +1,135 @@
+import { createHash } from "node:crypto";
+import { chmodSync, mkdirSync } from "node:fs";
+import { join } from "node:path";
+export function buildSshArgs(host, options) {
+    const args = [
+        ...baseSshOptions(host, options.controlDir, options.timeoutSeconds ?? host.policy.maxCommandSeconds)
+    ];
+    if (options.batchMode !== false && !host.passwordEnv) {
+        args.push("-o", "BatchMode=yes");
+    }
+    if (options.forceTty) {
+        args.push("-tt");
+    }
+    args.push("--", targetForHost(host));
+    if (options.command !== undefined) {
+        args.push(options.command);
+    }
+    return args;
+}
+export function buildSshControlArgs(host, options) {
+    const args = [
+        "-O",
+        options.controlCommand,
+        "-S",
+        controlPathForHost(host, options.controlDir),
+        "-o",
+        "BatchMode=yes",
+        "-o",
+        "NumberOfPasswordPrompts=0",
+        "-o",
+        "ConnectTimeout=1"
+    ];
+    if (host.port)
+        args.push("-p", String(host.port));
+    if (host.identityFile)
+        args.push("-i", host.identityFile);
+    if (host.proxyJump)
+        args.push("-J", host.proxyJump);
+    args.push("--", targetForHost(host));
+    return args;
+}
+export function buildScpArgs(host, options) {
+    validatePathArg(options.localPath, "localPath");
+    validateRemotePathArg(options.remotePath);
+    const args = [
+        "-o",
+        "ControlMaster=auto",
+        "-o",
+        "ControlPersist=10m",
+        "-o",
+        `ControlPath=${controlPathForHost(host, options.controlDir)}`,
+        "-o",
+        "ServerAliveInterval=10",
+        "-o",
+        "ServerAliveCountMax=3"
+    ];
+    if (host.port)
+        args.push("-P", String(host.port));
+    if (host.identityFile)
+        args.push("-i", host.identityFile);
+    if (host.proxyJump)
+        args.push("-J", host.proxyJump);
+    const remote = `${targetForHost(host)}:${options.remotePath}`;
+    if (options.direction === "upload") {
+        args.push("--", options.localPath, remote);
+    }
+    else {
+        args.push("--", remote, options.localPath);
+    }
+    return args;
+}
+export function controlPathForHost(host, controlDir) {
+    mkdirSync(controlDir, { recursive: true, mode: 0o700 });
+    chmodSync(controlDir, 0o700);
+    const fingerprint = createHash("sha256")
+        .update(JSON.stringify({
+        id: host.id,
+        hostname: host.hostname,
+        sshConfigHost: host.sshConfigHost,
+        user: host.user,
+        port: host.port,
+        identityFile: host.identityFile,
+        passwordEnv: host.passwordEnv,
+        proxyJump: host.proxyJump
+    }))
+        .digest("hex")
+        .slice(0, 16);
+    const safeId = host.id.replace(/[^A-Za-z0-9._-]/g, "_").slice(0, 24);
+    return join(controlDir, `${safeId}-${fingerprint}.sock`);
+}
+export function targetForHost(host) {
+    const targetHost = host.sshConfigHost ?? host.hostname;
+    return host.user ? `${host.user}@${targetHost}` : targetHost;
+}
+function baseSshOptions(host, controlDir, timeoutSeconds) {
+    const args = [
+        "-o",
+        `ConnectTimeout=${timeoutSeconds}`,
+        "-o",
+        "ServerAliveInterval=10",
+        "-o",
+        "ServerAliveCountMax=3",
+        "-o",
+        "ControlMaster=auto",
+        "-o",
+        "ControlPersist=10m",
+        "-o",
+        `ControlPath=${controlPathForHost(host, controlDir)}`
+    ];
+    if (host.policy.acceptNewHostKey) {
+        args.push("-o", "StrictHostKeyChecking=accept-new");
+    }
+    if (host.port)
+        args.push("-p", String(host.port));
+    if (host.identityFile)
+        args.push("-i", host.identityFile);
+    if (host.proxyJump)
+        args.push("-J", host.proxyJump);
+    return args;
+}
+function validatePathArg(value, label) {
+    if (value.includes("\0") || value.includes("\n") || value.includes("\r")) {
+        throw new Error(`Invalid ${label}: contains a control character`);
+    }
+    if (value.startsWith("-")) {
+        throw new Error(`Invalid ${label}: leading dash is not allowed`);
+    }
+}
+function validateRemotePathArg(value) {
+    validatePathArg(value, "remotePath");
+    if (/[\s;|&`$<>]/.test(value)) {
+        throw new Error("Invalid remotePath: contains whitespace or shell metacharacters");
+    }
+}
+//# sourceMappingURL=sshArgs.js.map

package/dist/sshArgs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sshArgs.js","sourceRoot":"","sources":["../src/sshArgs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAuBjC,MAAM,UAAU,YAAY,CAAC,IAAU,EAAE,OAAsB;IAC7D,MAAM,IAAI,GAAG;QACX,GAAG,cAAc,CAAC,IAAI,EAAE,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,cAAc,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC;KACrG,CAAC;IAEF,IAAI,OAAO,CAAC,SAAS,KAAK,KAAK,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACrD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;IACnC,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;IACrC,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,IAAU,EAAE,OAA0B;IACxE,MAAM,IAAI,GAAG;QACX,IAAI;QACJ,OAAO,CAAC,cAAc;QACtB,IAAI;QACJ,kBAAkB,CAAC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC;QAC5C,IAAI;QACJ,eAAe;QACf,IAAI;QACJ,2BAA2B;QAC3B,IAAI;QACJ,kBAAkB;KACnB,CAAC;IAEF,IAAI,IAAI,CAAC,IAAI;QAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAClD,IAAI,IAAI,CAAC,YAAY;QAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IAC1D,IAAI,IAAI,CAAC,SAAS;QAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAEpD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;IACrC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,IAAU,EAAE,OAAsB;IAC7D,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IAChD,qBAAqB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE1C,MAAM,IAAI,GAAG;QACX,IAAI;QACJ,oBAAoB;QACpB,IAAI;QACJ,oBAAoB;QACpB,IAAI;QACJ,eAAe,kBAAkB,CAAC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,EAAE;QAC7D,IAAI;QACJ,wBAAwB;QACxB,IAAI;QACJ,uBAAuB;KACxB,CAAC;IAEF,IAAI,IAAI,CAAC,IAAI;QAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAClD,IAAI,IAAI,CAAC,YAAY;QAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IAC1D,IAAI,IAAI,CAAC,SAAS;QAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAEpD,MAAM,MAAM,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;IAC9D,IAAI,OAAO,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QACnC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC7C,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,IAAU,EAAE,UAAkB;IAC/D,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACxD,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAE7B,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC;SACrC,MAAM,CACL,IAAI,CAAC,SAAS,CAAC;QACb,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,SAAS,EAAE,IAAI,CAAC,SAAS;KAC1B,CAAC,CACH;SACA,MAAM,CAAC,KAAK,CAAC;SACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAChB,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACrE,OAAO,IAAI,CAAC,UAAU,EAAE,GAAG,MAAM,IAAI,WAAW,OAAO,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,IAAU;IACtC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,QAAQ,CAAC;IACvD,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,UAAU,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC;AAC/D,CAAC;AAED,SAAS,cAAc,CAAC,IAAU,EAAE,UAAkB,EAAE,cAAsB;IAC5E,MAAM,IAAI,GAAG;QACX,IAAI;QACJ,kBAAkB,cAAc,EAAE;QAClC,IAAI;QACJ,wBAAwB;QACxB,IAAI;QACJ,uBAAuB;QACvB,IAAI;QACJ,oBAAoB;QACpB,IAAI;QACJ,oBAAoB;QACpB,IAAI;QACJ,eAAe,kBAAkB,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE;KACtD,CAAC;IACF,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;QACjC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,kCAAkC,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,IAAI,CAAC,IAAI;QAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAClD,IAAI,IAAI,CAAC,YAAY;QAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IAC1D,IAAI,IAAI,CAAC,SAAS;QAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IACpD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CAAC,KAAa,EAAE,KAAa;IACnD,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACzE,MAAM,IAAI,KAAK,CAAC,WAAW,KAAK,gCAAgC,CAAC,CAAC;IACpE,CAAC;IACD,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,WAAW,KAAK,+BAA+B,CAAC,CAAC;IACnE,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAa;IAC1C,eAAe,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACrC,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACrF,CAAC;AACH,CAAC"}

package/dist/stateStore.d.ts

@@ -0,0 +1,27 @@
+import type { PermissionLevel } from "./types.js";
+export type HostUseReason = "manual" | "probe" | "exec" | "pty" | "upload" | "download" | "forward";
+export type RecentHost = {
+    hostId: string;
+    lastUsedAt: string;
+    useCount: number;
+    reason: HostUseReason;
+};
+export type SmoothSshState = {
+    selectedHostId?: string;
+    recentHosts: RecentHost[];
+    hostPermissionLevels: Record<string, PermissionLevel>;
+};
+export declare class StateStore {
+    private readonly path?;
+    private state;
+    constructor(path?: string | undefined);
+    getState(): SmoothSshState;
+    selectHost(hostId: string, reason?: HostUseReason): SmoothSshState;
+    recordHostUse(hostId: string, reason: HostUseReason): void;
+    recentHosts(): RecentHost[];
+    setPermissionLevel(hostId: string, permissionLevel: PermissionLevel): SmoothSshState;
+    permissionLevelFor(hostId: string): PermissionLevel | undefined;
+    private load;
+    private save;
+}
+export declare function defaultStatePath(): string;

package/dist/stateStore.js

@@ -0,0 +1,99 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync, chmodSync } from "node:fs";
+import { dirname, join, resolve } from "node:path";
+export class StateStore {
+    path;
+    state;
+    constructor(path) {
+        this.path = path;
+        this.state = this.load();
+    }
+    getState() {
+        return {
+            selectedHostId: this.state.selectedHostId,
+            recentHosts: [...this.state.recentHosts],
+            hostPermissionLevels: { ...this.state.hostPermissionLevels }
+        };
+    }
+    selectHost(hostId, reason = "manual") {
+        this.state.selectedHostId = hostId;
+        this.recordHostUse(hostId, reason);
+        return this.getState();
+    }
+    recordHostUse(hostId, reason) {
+        const now = new Date().toISOString();
+        const existing = this.state.recentHosts.find((entry) => entry.hostId === hostId);
+        const next = {
+            hostId,
+            lastUsedAt: now,
+            useCount: (existing?.useCount ?? 0) + 1,
+            reason
+        };
+        this.state.recentHosts = [next, ...this.state.recentHosts.filter((entry) => entry.hostId !== hostId)].slice(0, 20);
+        this.save();
+    }
+    recentHosts() {
+        return [...this.state.recentHosts];
+    }
+    setPermissionLevel(hostId, permissionLevel) {
+        this.state.hostPermissionLevels = {
+            ...this.state.hostPermissionLevels,
+            [hostId]: permissionLevel
+        };
+        this.save();
+        return this.getState();
+    }
+    permissionLevelFor(hostId) {
+        return this.state.hostPermissionLevels[hostId];
+    }
+    load() {
+        if (!this.path || !existsSync(this.path))
+            return { recentHosts: [], hostPermissionLevels: {} };
+        const parsed = JSON.parse(readFileSync(this.path, "utf8"));
+        return {
+            selectedHostId: typeof parsed.selectedHostId === "string" ? parsed.selectedHostId : undefined,
+            recentHosts: Array.isArray(parsed.recentHosts)
+                ? parsed.recentHosts
+                    .filter((entry) => Boolean(entry) && typeof entry.hostId === "string")
+                    .map((entry) => ({
+                    hostId: entry.hostId,
+                    lastUsedAt: typeof entry.lastUsedAt === "string" ? entry.lastUsedAt : new Date(0).toISOString(),
+                    useCount: typeof entry.useCount === "number" ? entry.useCount : 1,
+                    reason: isReason(entry.reason) ? entry.reason : "manual"
+                }))
+                : [],
+            hostPermissionLevels: normalizePermissionLevels(parsed.hostPermissionLevels)
+        };
+    }
+    save() {
+        if (!this.path)
+            return;
+        const resolved = resolve(this.path);
+        mkdirSync(dirname(resolved), { recursive: true, mode: 0o700 });
+        writeFileSync(resolved, JSON.stringify(this.state, null, 2) + "\n", { encoding: "utf8", mode: 0o600 });
+        chmodSync(resolved, 0o600);
+    }
+}
+export function defaultStatePath() {
+    return process.env.SMOOTH_SSH_MCP_STATE ?? join(process.env.HOME ?? process.cwd(), ".config", "smooth-ssh-mcp", "state.json");
+}
+function isReason(value) {
+    return (value === "manual" ||
+        value === "probe" ||
+        value === "exec" ||
+        value === "pty" ||
+        value === "upload" ||
+        value === "download" ||
+        value === "forward");
+}
+function normalizePermissionLevels(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value))
+        return {};
+    const levels = {};
+    for (const [hostId, level] of Object.entries(value)) {
+        if (level === 1 || level === 2 || level === 3) {
+            levels[hostId] = level;
+        }
+    }
+    return levels;
+}
+//# sourceMappingURL=stateStore.js.map

package/dist/stateStore.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stateStore.js","sourceRoot":"","sources":["../src/stateStore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACxF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAkBnD,MAAM,OAAO,UAAU;IAGQ;IAFrB,KAAK,CAAiB;IAE9B,YAA6B,IAAa;QAAb,SAAI,GAAJ,IAAI,CAAS;QACxC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,QAAQ;QACN,OAAO;YACL,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,cAAc;YACzC,WAAW,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC;YACxC,oBAAoB,EAAE,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,oBAAoB,EAAE;SAC7D,CAAC;IACJ,CAAC;IAED,UAAU,CAAC,MAAc,EAAE,SAAwB,QAAQ;QACzD,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,MAAM,CAAC;QACnC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;IACzB,CAAC;IAED,aAAa,CAAC,MAAc,EAAE,MAAqB;QACjD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;QACjF,MAAM,IAAI,GAAe;YACvB,MAAM;YACN,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE,CAAC,QAAQ,EAAE,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC;YACvC,MAAM;SACP,CAAC;QACF,IAAI,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACnH,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAED,WAAW;QACT,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IACrC,CAAC;IAED,kBAAkB,CAAC,MAAc,EAAE,eAAgC;QACjE,IAAI,CAAC,KAAK,CAAC,oBAAoB,GAAG;YAChC,GAAG,IAAI,CAAC,KAAK,CAAC,oBAAoB;YAClC,CAAC,MAAM,CAAC,EAAE,eAAe;SAC1B,CAAC;QACF,IAAI,CAAC,IAAI,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;IACzB,CAAC;IAED,kBAAkB,CAAC,MAAc;QAC/B,OAAO,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;IACjD,CAAC;IAEO,IAAI;QACV,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,oBAAoB,EAAE,EAAE,EAAE,CAAC;QAC/F,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAA4B,CAAC;QACtF,OAAO;YACL,cAAc,EAAE,OAAO,MAAM,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;YAC7F,WAAW,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC;gBAC5C,CAAC,CAAC,MAAM,CAAC,WAAW;qBACf,MAAM,CAAC,CAAC,KAAK,EAAuB,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,CAAC;qBAC1F,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;oBACf,MAAM,EAAE,KAAK,CAAC,MAAM;oBACpB,UAAU,EAAE,OAAO,KAAK,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;oBAC/F,QAAQ,EAAE,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;oBACjE,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;iBACzD,CAAC,CAAC;gBACP,CAAC,CAAC,EAAE;YACN,oBAAoB,EAAE,yBAAyB,CAAC,MAAM,CAAC,oBAAoB,CAAC;SAC7E,CAAC;IACJ,CAAC;IAEO,IAAI;QACV,IAAI,CAAC,IAAI,CAAC,IAAI;YAAE,OAAO;QACvB,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC/D,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACvG,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC7B,CAAC;CACF;AAED,MAAM,UAAU,gBAAgB;IAC9B,OAAO,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,gBAAgB,EAAE,YAAY,CAAC,CAAC;AAChI,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,OAAO,CACL,KAAK,KAAK,QAAQ;QAClB,KAAK,KAAK,OAAO;QACjB,KAAK,KAAK,MAAM;QAChB,KAAK,KAAK,KAAK;QACf,KAAK,KAAK,QAAQ;QAClB,KAAK,KAAK,UAAU;QACpB,KAAK,KAAK,SAAS,CACpB,CAAC;AACJ,CAAC;AAED,SAAS,yBAAyB,CAAC,KAAc;IAC/C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAC3E,MAAM,MAAM,GAAoC,EAAE,CAAC;IACnD,KAAK,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACpD,IAAI,KAAK,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC;QACzB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,95 @@
+export type Environment = "dev" | "staging" | "prod" | "unknown";
+export type RiskLevel = "low" | "medium" | "high" | "critical";
+export type Operation = "exec" | "pty" | "pty-input" | "upload" | "download" | "forward" | "permission";
+export type PermissionLevel = 1 | 2 | 3;
+export type CommandMode = "shell" | "argv";
+export type CommandAccess = "read" | "write" | "restart" | "firewall" | "destructive" | "unknown";
+export type HostPolicy = {
+    allowExec: boolean;
+    allowPty: boolean;
+    allowUpload: boolean;
+    allowDownload: boolean;
+    allowForward: boolean;
+    acceptNewHostKey: boolean;
+    requireConfirmForSudo: boolean;
+    requireConfirmForWrite: boolean;
+    requireConfirmForProd: boolean;
+    permissionLevel: PermissionLevel;
+    deniedCommandPatterns: string[];
+    maxCommandSeconds: number;
+    maxOutputBytes: number;
+};
+export type Host = {
+    id: string;
+    hostname: string;
+    port?: number;
+    user?: string;
+    identityFile?: string;
+    passwordEnv?: string;
+    sshConfigHost?: string;
+    proxyJump?: string;
+    defaultCwd?: string;
+    tags: string[];
+    environment: Environment;
+    riskLevel: Exclude<RiskLevel, "critical">;
+    capabilities?: {
+        sudo?: boolean;
+        docker?: boolean;
+        nginx?: boolean;
+        systemd?: boolean;
+        openwrt?: boolean;
+    };
+    policy: HostPolicy;
+};
+export type Inventory = {
+    hosts: Host[];
+};
+export type PolicyDecision = {
+    allowed: boolean;
+    confirmationRequired: boolean;
+    risk: RiskLevel;
+    reasons: string[];
+};
+export type ConfirmationRequired = {
+    confirmationRequired: true;
+    token: string;
+    risk: RiskLevel;
+    reason: string;
+    hostId: string;
+    operation: Operation;
+    preview: {
+        command?: string;
+        stdinHash?: string;
+        stdinBytes?: number;
+        localPath?: string;
+        remotePath?: string;
+        ports?: string[];
+    };
+    expiresAt: string;
+};
+export type Redaction = {
+    pattern: string;
+    count: number;
+};
+export type RedactedText = {
+    text: string;
+    redactions: Redaction[];
+    truncated: boolean;
+    originalBytes: number;
+};
+export type ExecResult = {
+    hostId: string;
+    commandId: string;
+    exitCode: number | null;
+    signal?: NodeJS.Signals | null;
+    stdout: string;
+    stderr: string;
+    startedAt: string;
+    endedAt: string;
+    durationMs: number;
+    truncated: boolean;
+    redactions: Redaction[];
+    diagnostic?: string;
+    attempts?: number;
+    argv?: string[];
+};

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/docs/mcp-client.example.json

@@ -0,0 +1,15 @@
+{
+  "mcpServers": {
+    "smooth-ssh": {
+      "command": "node",
+      "args": [
+        "/path/to/smooth-ssh-mcp/dist/server.js",
+        "--config",
+        "/home/you/.config/smooth-ssh-mcp/hosts.yaml"
+      ],
+      "env": {
+        "SMOOTH_SSH_PASSWORD_PASSWORD_VPS": "set-this-in-your-client-secret-env"
+      }
+    }
+  }
+}

package/examples/hosts.example.yaml

@@ -0,0 +1,79 @@
+hosts:
+  - id: lab-linux
+    hostname: 192.0.2.10
+    user: ubuntu
+    port: 22
+    identityFile: ~/.ssh/lab.pem
+    environment: dev
+    tags: [linux, lab]
+    capabilities:
+      sudo: true
+      systemd: true
+    policy:
+      allowExec: true
+      allowPty: true
+      allowUpload: true
+      allowDownload: true
+      allowForward: true
+      acceptNewHostKey: false
+      permissionLevel: 2
+      maxCommandSeconds: 30
+      maxOutputBytes: 65536
+
+  - id: prod-api
+    hostname: 203.0.113.10
+    user: root
+    port: 22
+    environment: prod
+    riskLevel: high
+    tags: [prod, api, nginx]
+    policy:
+      allowExec: true
+      allowPty: true
+      allowUpload: false
+      allowDownload: false
+      allowForward: true
+      acceptNewHostKey: false
+      permissionLevel: 2
+      requireConfirmForProd: true
+      requireConfirmForSudo: true
+      requireConfirmForWrite: true
+      maxCommandSeconds: 20
+      maxOutputBytes: 65536
+
+  - id: password-vps
+    hostname: 203.0.113.20
+    user: root
+    port: 22
+    passwordEnv: SMOOTH_SSH_PASSWORD_PASSWORD_VPS
+    environment: prod
+    riskLevel: high
+    tags: [prod, password-env]
+    policy:
+      allowExec: true
+      allowPty: false
+      allowUpload: false
+      allowDownload: false
+      allowForward: false
+      acceptNewHostKey: false
+      permissionLevel: 2
+      requireConfirmForProd: true
+      requireConfirmForSudo: true
+      requireConfirmForWrite: true
+      maxCommandSeconds: 20
+      maxOutputBytes: 65536
+
+  - id: openwrt-gateway
+    sshConfigHost: openwrt-gw
+    environment: staging
+    tags: [openwrt, gateway]
+    capabilities:
+      openwrt: true
+    policy:
+      allowExec: true
+      allowPty: true
+      allowUpload: false
+      allowDownload: false
+      allowForward: false
+      acceptNewHostKey: false
+      permissionLevel: 2

package/package.json

@@ -0,0 +1,58 @@
+{
+  "name": "smooth-ssh-mcp",
+  "version": "0.1.1",
+  "description": "MCP server for safer, structured OpenSSH operations by AI assistants.",
+  "type": "module",
+  "bin": {
+    "smooth-ssh-mcp": "dist/server.js"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "dev": "tsx src/server.ts",
+    "test": "vitest run",
+    "test:cli": "vitest run --config vitest.cli.config.ts",
+    "typecheck": "tsc -p tsconfig.json --noEmit",
+    "prepack": "npm run build"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "yaml": "^2.8.1",
+    "zod": "^3.25.76"
+  },
+  "devDependencies": {
+    "@types/node": "^24.0.0",
+    "tsx": "^4.20.6",
+    "typescript": "^5.9.3",
+    "vitest": "^3.2.4"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "license": "MIT",
+  "homepage": "https://github.com/Da-bai-da/smooth-ssh-mcp#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Da-bai-da/smooth-ssh-mcp.git"
+  },
+  "bugs": {
+    "url": "https://github.com/Da-bai-da/smooth-ssh-mcp/issues"
+  },
+  "keywords": [
+    "mcp",
+    "ssh",
+    "openssh",
+    "ai",
+    "codex",
+    "remote-ops"
+  ],
+  "files": [
+    "dist",
+    "bin",
+    "README.md",
+    "README.en.md",
+    "README.zh-CN.md",
+    "LICENSE",
+    "examples",
+    "docs"
+  ]
+}