ssh-agent-workspace 1.0.0

package/dist/tools/db_query.d.ts

@@ -0,0 +1,103 @@
+import { z } from 'zod';
+import { SessionManager } from '../core/SessionManager.js';
+import { SSHManager } from '../core/SSHManager.js';
+export declare const dbQuerySchema: z.ZodObject<{
+    session_id: z.ZodString;
+    type: z.ZodEnum<["mysql", "postgresql", "mongodb"]>;
+    database: z.ZodString;
+    query: z.ZodString;
+    db_user: z.ZodOptional<z.ZodString>;
+    db_password: z.ZodOptional<z.ZodString>;
+    db_host: z.ZodOptional<z.ZodString>;
+    db_port: z.ZodOptional<z.ZodNumber>;
+    collection: z.ZodOptional<z.ZodString>;
+    timeout_ms: z.ZodDefault<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    type: "mysql" | "postgresql" | "mongodb";
+    session_id: string;
+    database: string;
+    query: string;
+    timeout_ms: number;
+    db_user?: string | undefined;
+    db_password?: string | undefined;
+    db_host?: string | undefined;
+    db_port?: number | undefined;
+    collection?: string | undefined;
+}, {
+    type: "mysql" | "postgresql" | "mongodb";
+    session_id: string;
+    database: string;
+    query: string;
+    db_user?: string | undefined;
+    db_password?: string | undefined;
+    db_host?: string | undefined;
+    db_port?: number | undefined;
+    collection?: string | undefined;
+    timeout_ms?: number | undefined;
+}>;
+export declare const dbQueryTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            session_id: {
+                type: string;
+                description: string;
+            };
+            type: {
+                type: string;
+                description: string;
+                enum: string[];
+            };
+            database: {
+                type: string;
+                description: string;
+            };
+            query: {
+                type: string;
+                description: string;
+            };
+            db_user: {
+                type: string;
+                description: string;
+            };
+            db_password: {
+                type: string;
+                description: string;
+            };
+            db_host: {
+                type: string;
+                description: string;
+            };
+            db_port: {
+                type: string;
+                description: string;
+            };
+            collection: {
+                type: string;
+                description: string;
+            };
+            timeout_ms: {
+                type: string;
+                description: string;
+                default: number;
+            };
+        };
+        required: string[];
+    };
+};
+export declare function handleDbQuery(args: unknown, sessionManager: SessionManager, sshManager: SSHManager): Promise<{
+    content: {
+        type: "text";
+        text: string;
+    }[];
+    isError: boolean;
+} | {
+    content: {
+        type: "text";
+        text: string;
+    }[];
+    isError?: undefined;
+}>;
+//# sourceMappingURL=db_query.d.ts.map

package/dist/tools/db_query.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"db_query.d.ts","sourceRoot":"","sources":["../../src/tools/db_query.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAqBnD,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAWxB,CAAC;AAEH,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAoBvB,CAAC;AA0EF,wBAAsB,aAAa,CACjC,IAAI,EAAE,OAAO,EACb,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU;;;;;;;;;;;;GAwFvB"}

package/dist/tools/db_query.js

@@ -0,0 +1,194 @@
+import { z } from 'zod';
+import { isReadOnlyMode } from '../utils/security.js';
+import { logger } from '../utils/logger.js';
+const SQL_KEYWORDS_DENY = [
+    /\bDROP\b/i, /\bDELETE\b/i, /\bINSERT\b/i, /\bUPDATE\b/i,
+    /\bALTER\b/i, /\bCREATE\b/i, /\bTRUNCATE\b/i,
+    /\bGRANT\b/i, /\bREVOKE\b/i, /\bREPLACE\b/i,
+    /\bLOAD\b/i, /\bIMPORT\b/i, /\bINTO\s+OUTFILE\b/i,
+    /\bINTO\s+DUMPFILE\b/i, /\bEXEC\b/i, /\bEXECUTE\b/i,
+    /\bCALL\b/i, /\bRENAME\b/i, /\bLOCK\b/i, /\bUNLOCK\b/i,
+    /\bSET\b/i, /\bFLUSH\b/i, /\bKILL\b/i, /\bSHUTDOWN\b/i,
+];
+const MONGO_DENY = [
+    /\bdeleteOne\b/i, /\bdeleteMany\b/i, /\binsertOne\b/i, /\binsertMany\b/i,
+    /\bupdateOne\b/i, /\bupdateMany\b/i, /\breplaceOne\b/i,
+    /\bdrop\b/i, /\bremove\b/i, /\bcreateCollection\b/i, /\bcreateIndex\b/i,
+    /\brenameCollection\b/i, /\bcollMod\b/i,
+];
+export const dbQuerySchema = z.object({
+    session_id: z.string().min(1),
+    type: z.enum(['mysql', 'postgresql', 'mongodb']).describe('Database type'),
+    database: z.string().min(1).describe('Database name'),
+    query: z.string().min(1).max(5000).describe('Read-only query (SELECT, SHOW, EXPLAIN, find, aggregate)'),
+    db_user: z.string().min(1).optional().describe('Database username (defaults to session user)'),
+    db_password: z.string().min(1).optional().describe('Database password'),
+    db_host: z.string().min(1).optional().describe('Database host on the remote side (default: 127.0.0.1)'),
+    db_port: z.number().int().min(1).max(65535).optional().describe('Database port'),
+    collection: z.string().min(1).optional().describe('MongoDB collection name (required for find/aggregate queries)'),
+    timeout_ms: z.number().min(1000).max(60000).default(15000).describe('Query timeout in ms'),
+});
+export const dbQueryTool = {
+    name: 'db_query',
+    description: 'Execute a read-only database query on a remote host via SSH exec channel. Supports MySQL, PostgreSQL, and MongoDB. Enforces SELECT-only (or find/aggregate for Mongo). Returns structured JSON rows.',
+    inputSchema: {
+        type: 'object',
+        properties: {
+            session_id: { type: 'string', description: 'Session ID returned by connect' },
+            type: { type: 'string', description: 'Database type', enum: ['mysql', 'postgresql', 'mongodb'] },
+            database: { type: 'string', description: 'Database name' },
+            query: { type: 'string', description: 'Read-only query (SELECT, SHOW, EXPLAIN, find, aggregate)' },
+            db_user: { type: 'string', description: 'Database username (defaults to session user)' },
+            db_password: { type: 'string', description: 'Database password' },
+            db_host: { type: 'string', description: 'Database host on remote (default: 127.0.0.1)' },
+            db_port: { type: 'number', description: 'Database port' },
+            collection: { type: 'string', description: 'MongoDB collection (for find/aggregate queries)' },
+            timeout_ms: { type: 'number', description: 'Query timeout in ms (default: 15000)', default: 15000 },
+        },
+        required: ['session_id', 'type', 'database', 'query'],
+    },
+};
+function q(value) {
+    return `'${value.replace(/'/g, "'\\''")}'`;
+}
+function isReadOnlyQuery(query, type) {
+    const trimmed = query.trim();
+    if (type === 'mysql' || type === 'postgresql') {
+        for (const pattern of SQL_KEYWORDS_DENY) {
+            if (pattern.test(trimmed)) {
+                return `SQL keyword blocked: ${trimmed.match(pattern)[0].toUpperCase()}`;
+            }
+        }
+        const upper = trimmed.toUpperCase();
+        if (!upper.startsWith('SELECT') &&
+            !upper.startsWith('SHOW') &&
+            !upper.startsWith('EXPLAIN') &&
+            !upper.startsWith('DESCRIBE') &&
+            !upper.startsWith('DESC ') &&
+            !upper.startsWith('USE ')) {
+            return 'Only SELECT, SHOW, EXPLAIN, DESCRIBE, and USE queries are allowed';
+        }
+    }
+    else if (type === 'mongodb') {
+        for (const pattern of MONGO_DENY) {
+            if (pattern.test(trimmed)) {
+                return `MongoDB method blocked: ${trimmed.match(pattern)[0]}`;
+            }
+        }
+        const lower = trimmed.toLowerCase();
+        if (!lower.startsWith('db.') &&
+            !lower.startsWith('show ') &&
+            !lower.startsWith('rs.') &&
+            !lower.startsWith('sh.')) {
+            return 'MongoDB queries must start with db., show, rs., or sh.';
+        }
+    }
+    return null;
+}
+function parseTabularOutput(stdout) {
+    const lines = stdout.split('\n').filter((l) => l.trim().length > 0);
+    if (lines.length === 0)
+        return [];
+    const headerMatch = lines[0];
+    if (headerMatch.includes('\t')) {
+        const headers = lines.shift().split('\t');
+        return lines.map((line) => {
+            const cols = line.split('\t');
+            const row = {};
+            headers.forEach((h, i) => { row[h] = cols[i] || ''; });
+            return row;
+        });
+    }
+    return [{ result: stdout }];
+}
+function parseMongoOutput(stdout) {
+    try {
+        const parsed = JSON.parse(stdout);
+        if (Array.isArray(parsed))
+            return parsed;
+        return [parsed];
+    }
+    catch {
+        return [{ raw: stdout.slice(0, 10000) }];
+    }
+}
+export async function handleDbQuery(args, sessionManager, sshManager) {
+    const parsed = dbQuerySchema.safeParse(args);
+    if (!parsed.success) {
+        return { content: [{ type: 'text', text: `Invalid arguments: ${parsed.error.message}` }], isError: true };
+    }
+    const { session_id, type, database, query, db_user, db_password, db_host, db_port, collection, timeout_ms } = parsed.data;
+    const session = sessionManager.get(session_id);
+    if (!session) {
+        return { content: [{ type: 'text', text: `Error: Session '${session_id}' not found` }], isError: true };
+    }
+    if (!sshManager.isAlive(session.ssh)) {
+        return { content: [{ type: 'text', text: `Error: SSH connection dead for session '${session_id}'` }], isError: true };
+    }
+    if (isReadOnlyMode(session.host)) {
+        return { content: [{ type: 'text', text: `Error: Host '${session.host}' is in read-only mode. DB query is disabled.` }], isError: true };
+    }
+    const denyReason = isReadOnlyQuery(query, type);
+    if (denyReason) {
+        return {
+            content: [{ type: 'text', text: `Error: Query rejected: ${denyReason}` }],
+            isError: true,
+        };
+    }
+    const host = db_host || '127.0.0.1';
+    const port = db_port || (type === 'mysql' ? 3306 : type === 'postgresql' ? 5432 : 27017);
+    const user = db_user || session.host.split('.')[0] || 'root';
+    let cmd;
+    if (type === 'mysql') {
+        const passArg = db_password ? `-p${q(db_password)}` : '';
+        cmd = `mysql -h ${q(host)} -P ${port} -u ${q(user)} ${passArg} -D ${q(database)} --batch --skip-column-names --default-character-set=utf8mb4 -e ${q(query)} 2>&1`;
+    }
+    else if (type === 'postgresql') {
+        const passEnv = db_password ? `PGPASSWORD=${q(db_password)} ` : '';
+        cmd = `${passEnv}psql -h ${q(host)} -p ${port} -U ${q(user)} -d ${q(database)} -A -t --no-align -c ${q(query)} 2>&1`;
+    }
+    else {
+        const collArg = collection ? `.${collection}` : '';
+        cmd = `mongosh --host ${q(host)} --port ${port} --quiet --eval "printjson(JSON.stringify(${query.replace(/"/g, '\\"')}))" ${q(database)} 2>&1 || mongo --host ${q(host)} --port ${port} --quiet --eval "printjson(JSON.stringify(${query.replace(/"/g, '\\"')}))" ${q(database)} 2>&1`;
+    }
+    try {
+        const result = await sshManager.exec(session.ssh, cmd, timeout_ms);
+        if (result.code !== 0 && !result.stdout.trim()) {
+            return {
+                content: [{ type: 'text', text: `Error: Query failed (exit ${result.code}): ${result.stderr || 'unknown error'}` }],
+                isError: true,
+            };
+        }
+        let rows;
+        if (type === 'mongodb') {
+            rows = parseMongoOutput(result.stdout);
+        }
+        else {
+            rows = parseTabularOutput(result.stdout);
+        }
+        const rowCount = Array.isArray(rows) ? rows.length : 1;
+        logger.info({ sessionId: session_id, type, database, rows: rowCount }, 'DB query executed');
+        return {
+            content: [{
+                    type: 'text',
+                    text: JSON.stringify({
+                        type,
+                        database,
+                        query: query.length > 200 ? query.slice(0, 200) + '...' : query,
+                        row_count: rowCount,
+                        rows,
+                        stderr: result.stderr ? result.stderr.slice(0, 500) : undefined,
+                        exit_code: result.code,
+                    }, null, 2),
+                }],
+        };
+    }
+    catch (err) {
+        logger.error({ sessionId: session_id, type, database, error: err.message }, 'DB query failed');
+        return {
+            content: [{ type: 'text', text: `Error: DB query failed: ${err.message}` }],
+            isError: true,
+        };
+    }
+}
+//# sourceMappingURL=db_query.js.map

package/dist/tools/db_query.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"db_query.js","sourceRoot":"","sources":["../../src/tools/db_query.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EAAE,cAAc,EAAmB,MAAM,sBAAsB,CAAC;AACvE,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,MAAM,iBAAiB,GAAG;IACxB,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa;IACxD,YAAY,EAAE,aAAa,EAAE,eAAe;IAC5C,YAAY,EAAE,aAAa,EAAE,cAAc;IAC3C,WAAW,EAAE,aAAa,EAAE,qBAAqB;IACjD,sBAAsB,EAAE,WAAW,EAAE,cAAc;IACnD,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,aAAa;IACtD,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,eAAe;CACvD,CAAC;AAEF,MAAM,UAAU,GAAG;IACjB,gBAAgB,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,iBAAiB;IACxE,gBAAgB,EAAE,iBAAiB,EAAE,iBAAiB;IACtD,WAAW,EAAE,aAAa,EAAE,uBAAuB,EAAE,kBAAkB;IACvE,uBAAuB,EAAE,cAAc;CACxC,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC;IAC1E,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC;IACrD,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,0DAA0D,CAAC;IACvG,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,8CAA8C,CAAC;IAC9F,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IACvE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uDAAuD,CAAC;IACvG,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;IAChF,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,+DAA+D,CAAC;IAClH,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;CAC3F,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,IAAI,EAAE,UAAU;IAChB,WAAW,EACT,sMAAsM;IACxM,WAAW,EAAE;QACX,IAAI,EAAE,QAAiB;QACvB,UAAU,EAAE;YACV,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,gCAAgC,EAAE;YAC7E,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,CAAC,EAAE;YAChG,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE;YAC1D,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,0DAA0D,EAAE;YAClG,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,8CAA8C,EAAE;YACxF,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mBAAmB,EAAE;YACjE,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,8CAA8C,EAAE;YACxF,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE;YACzD,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iDAAiD,EAAE;YAC9F,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sCAAsC,EAAE,OAAO,EAAE,KAAK,EAAE;SACpG;QACD,QAAQ,EAAE,CAAC,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC;KACtD;CACF,CAAC;AAEF,SAAS,CAAC,CAAC,KAAa;IACtB,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC;AAC7C,CAAC;AAED,SAAS,eAAe,CAAC,KAAa,EAAE,IAAY;IAClD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAE7B,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QAC9C,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;YACxC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,OAAO,wBAAwB,OAAO,CAAC,KAAK,CAAC,OAAO,CAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;YAC5E,CAAC;QACH,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACpC,IACE,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC;YAC3B,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC;YACzB,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC;YAC5B,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC;YAC7B,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;YAC1B,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,EACzB,CAAC;YACD,OAAO,mEAAmE,CAAC;QAC7E,CAAC;IACH,CAAC;SAAM,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QAC9B,KAAK,MAAM,OAAO,IAAI,UAAU,EAAE,CAAC;YACjC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,OAAO,2BAA2B,OAAO,CAAC,KAAK,CAAC,OAAO,CAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjE,CAAC;QACH,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACpC,IACE,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC;YACxB,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;YAC1B,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC;YACxB,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,EACxB,CAAC;YACD,OAAO,wDAAwD,CAAC;QAClE,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAc;IACxC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACpE,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAElC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAC7B,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,EAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3C,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;YACxB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC9B,MAAM,GAAG,GAA2B,EAAE,CAAC;YACvC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,GAAG,CAAC;QACb,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAc;IACtC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAClC,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;YAAE,OAAO,MAAM,CAAC;QACzC,OAAO,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,CAAC,CAAC;IAC3C,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,IAAa,EACb,cAA8B,EAC9B,UAAsB;IAEtB,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,sBAAsB,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACrH,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC;IAC1H,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAE/C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,mBAAmB,UAAU,aAAa,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACnH,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,2CAA2C,UAAU,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACjI,CAAC;IAED,IAAI,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,gBAAgB,OAAO,CAAC,IAAI,+CAA+C,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACpJ,CAAC;IAED,MAAM,UAAU,GAAG,eAAe,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAChD,IAAI,UAAU,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,0BAA0B,UAAU,EAAE,EAAE,CAAC;YAClF,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,OAAO,IAAI,WAAW,CAAC;IACpC,MAAM,IAAI,GAAG,OAAO,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IACzF,MAAM,IAAI,GAAG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;IAE7D,IAAI,GAAW,CAAC;IAEhB,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzD,GAAG,GAAG,YAAY,CAAC,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,OAAO,OAAO,CAAC,CAAC,QAAQ,CAAC,mEAAmE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC;IACpK,CAAC;SAAM,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QACnE,GAAG,GAAG,GAAG,OAAO,WAAW,CAAC,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC;IACvH,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACnD,GAAG,GAAG,kBAAkB,CAAC,CAAC,IAAI,CAAC,WAAW,IAAI,6CAA6C,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,yBAAyB,CAAC,CAAC,IAAI,CAAC,WAAW,IAAI,6CAA6C,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IACzR,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;QAEnE,IAAI,MAAM,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;YAC/C,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,6BAA6B,MAAM,CAAC,IAAI,MAAM,MAAM,CAAC,MAAM,IAAI,eAAe,EAAE,EAAE,CAAC;gBAC5H,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,IAAI,IAAa,CAAC;QAClB,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,IAAI,GAAG,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAEvD,MAAM,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,mBAAmB,CAAC,CAAC;QAE5F,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBACnB,IAAI;wBACJ,QAAQ;wBACR,KAAK,EAAE,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK;wBAC/D,SAAS,EAAE,QAAQ;wBACnB,IAAI;wBACJ,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;wBAC/D,SAAS,EAAE,MAAM,CAAC,IAAI;qBACvB,EAAE,IAAI,EAAE,CAAC,CAAC;iBACZ,CAAC;SACH,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,EAAE,iBAAiB,CAAC,CAAC;QAC1G,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,2BAA4B,GAAa,CAAC,OAAO,EAAE,EAAE,CAAC;YAC/F,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/tools/deploy.d.ts

@@ -0,0 +1,127 @@
+import { z } from 'zod';
+import { SessionManager } from '../core/SessionManager.js';
+import { SSHManager } from '../core/SSHManager.js';
+export declare const deploySchema: z.ZodObject<{
+    session_id: z.ZodString;
+    files: z.ZodArray<z.ZodObject<{
+        local_path: z.ZodString;
+        remote_path: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        local_path: string;
+        remote_path: string;
+    }, {
+        local_path: string;
+        remote_path: string;
+    }>, "many">;
+    chmod: z.ZodOptional<z.ZodString>;
+    chown: z.ZodOptional<z.ZodString>;
+    backup: z.ZodDefault<z.ZodBoolean>;
+    restart_service: z.ZodOptional<z.ZodString>;
+    pre_deploy_cmd: z.ZodOptional<z.ZodString>;
+    post_deploy_cmd: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    session_id: string;
+    files: {
+        local_path: string;
+        remote_path: string;
+    }[];
+    backup: boolean;
+    chmod?: string | undefined;
+    chown?: string | undefined;
+    restart_service?: string | undefined;
+    pre_deploy_cmd?: string | undefined;
+    post_deploy_cmd?: string | undefined;
+}, {
+    session_id: string;
+    files: {
+        local_path: string;
+        remote_path: string;
+    }[];
+    chmod?: string | undefined;
+    chown?: string | undefined;
+    backup?: boolean | undefined;
+    restart_service?: string | undefined;
+    pre_deploy_cmd?: string | undefined;
+    post_deploy_cmd?: string | undefined;
+}>;
+export declare const deployTool: {
+    name: string;
+    description: string;
+    inputSchema: {
+        type: "object";
+        properties: {
+            session_id: {
+                type: string;
+                description: string;
+            };
+            files: {
+                type: string;
+                description: string;
+                items: {
+                    type: string;
+                    properties: {
+                        local_path: {
+                            type: string;
+                            description: string;
+                        };
+                        remote_path: {
+                            type: string;
+                            description: string;
+                        };
+                    };
+                    required: string[];
+                };
+            };
+            chmod: {
+                type: string;
+                description: string;
+            };
+            chown: {
+                type: string;
+                description: string;
+            };
+            backup: {
+                type: string;
+                description: string;
+                default: boolean;
+            };
+            restart_service: {
+                type: string;
+                description: string;
+            };
+            pre_deploy_cmd: {
+                type: string;
+                description: string;
+            };
+            post_deploy_cmd: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+};
+export declare function handleDeploy(args: unknown, sessionManager: SessionManager, sshManager: SSHManager): Promise<{
+    content: {
+        type: "text";
+        text: string;
+    }[];
+    isError: boolean;
+}>;
+export declare function handleDeployCommand(args: {
+    session_id: string;
+    command: string;
+}, sessionManager: SessionManager, sshManager: SSHManager): Promise<{
+    success: boolean;
+    error: string;
+    exit_code?: undefined;
+    stdout?: undefined;
+    stderr?: undefined;
+} | {
+    success: boolean;
+    exit_code: number | null;
+    stdout: string;
+    stderr: string;
+    error?: undefined;
+}>;
+//# sourceMappingURL=deploy.d.ts.map

package/dist/tools/deploy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../../src/tools/deploy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAInD,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAYvB,CAAC;AAEH,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6BtB,CAAC;AAEF,wBAAsB,YAAY,CAChC,IAAI,EAAE,OAAO,EACb,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU;;;;;;GAiJvB;AAED,wBAAsB,mBAAmB,CACvC,IAAI,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAC7C,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU;;;;;;;;;;;;GAWvB"}

package/dist/tools/deploy.js

@@ -0,0 +1,201 @@
+import { z } from 'zod';
+import fs from 'fs';
+import path from 'path';
+import { isReadOnlyMode } from '../utils/security.js';
+import { logger } from '../utils/logger.js';
+export const deploySchema = z.object({
+    session_id: z.string().min(1),
+    files: z.array(z.object({
+        local_path: z.string().min(1).describe('Absolute path to the local file'),
+        remote_path: z.string().min(1).describe('Absolute destination path on the remote host'),
+    })).min(1).max(50).describe('Array of {local_path, remote_path} mappings to deploy'),
+    chmod: z.string().regex(/^[0-7]{3,4}$/).optional().describe('Octal permissions to set on each file (e.g. "644", "755")'),
+    chown: z.string().regex(/^[a-zA-Z_][a-zA-Z0-9_.-]*:[a-zA-Z_][a-zA-Z0-9_.-]*$/).optional().describe('Owner:group to set on each file (e.g. "www-data:www-data")'),
+    backup: z.boolean().default(true).describe('Create .bak backup of each existing remote file before overwriting'),
+    restart_service: z.string().min(1).optional().describe('Service name to restart after deployment (e.g. "nginx")'),
+    pre_deploy_cmd: z.string().min(1).optional().describe('Command to run on remote before uploading (e.g. "systemctl stop nginx")'),
+    post_deploy_cmd: z.string().min(1).optional().describe('Command to run on remote after all steps complete'),
+});
+export const deployTool = {
+    name: 'deploy',
+    description: 'Deploy files to a remote host with permission management, backup, and optional service restart. Executes: pre-command -> backup -> upload -> chmod/chown -> post-command -> restart.',
+    inputSchema: {
+        type: 'object',
+        properties: {
+            session_id: { type: 'string', description: 'Session ID returned by connect' },
+            files: {
+                type: 'array',
+                description: 'Array of {local_path, remote_path} objects to deploy',
+                items: {
+                    type: 'object',
+                    properties: {
+                        local_path: { type: 'string', description: 'Absolute path to the local file' },
+                        remote_path: { type: 'string', description: 'Absolute destination path on the remote host' },
+                    },
+                    required: ['local_path', 'remote_path'],
+                },
+            },
+            chmod: { type: 'string', description: 'Octal permissions (e.g. "644", "755")' },
+            chown: { type: 'string', description: 'Owner:group (e.g. "www-data:www-data")' },
+            backup: { type: 'boolean', description: 'Create .bak backup of existing remote files (default: true)', default: true },
+            restart_service: { type: 'string', description: 'Service name to restart after deployment' },
+            pre_deploy_cmd: { type: 'string', description: 'Command to run on remote before uploading' },
+            post_deploy_cmd: { type: 'string', description: 'Command to run on remote after all steps' },
+        },
+        required: ['session_id', 'files'],
+    },
+};
+export async function handleDeploy(args, sessionManager, sshManager) {
+    const parsed = deploySchema.safeParse(args);
+    if (!parsed.success) {
+        return { content: [{ type: 'text', text: `Invalid arguments: ${parsed.error.message}` }], isError: true };
+    }
+    const { session_id, files, chmod, chown, backup, restart_service, pre_deploy_cmd, post_deploy_cmd } = parsed.data;
+    const session = sessionManager.get(session_id);
+    if (!session) {
+        return { content: [{ type: 'text', text: `Error: Session '${session_id}' not found` }], isError: true };
+    }
+    if (!sshManager.isAlive(session.ssh)) {
+        return { content: [{ type: 'text', text: `Error: SSH connection dead for session '${session_id}'` }], isError: true };
+    }
+    if (isReadOnlyMode(session.host)) {
+        return { content: [{ type: 'text', text: `Error: Host '${session.host}' is in read-only mode. Deploy is disabled.` }], isError: true };
+    }
+    const report = [];
+    let hadError = false;
+    for (const file of files) {
+        const resolvedLocal = path.resolve(file.local_path);
+        const stepReport = {
+            local_path: resolvedLocal,
+            remote_path: file.remote_path,
+        };
+        if (!fs.existsSync(resolvedLocal)) {
+            stepReport.status = 'error';
+            stepReport.error = 'Local file not found';
+            report.push(stepReport);
+            hadError = true;
+            continue;
+        }
+        if (!fs.statSync(resolvedLocal).isFile()) {
+            stepReport.status = 'error';
+            stepReport.error = 'Local path is not a file';
+            report.push(stepReport);
+            hadError = true;
+            continue;
+        }
+        if (backup) {
+            try {
+                const exists = await sshManager.sftpExists(session.ssh, file.remote_path);
+                if (exists) {
+                    const backupCmd = `cp '${file.remote_path.replace(/'/g, "'\\''")}' '${file.remote_path.replace(/'/g, "'\\''")}'.bak`;
+                    const bkResult = await sshManager.exec(session.ssh, backupCmd, 5000);
+                    if (bkResult.code === 0) {
+                        stepReport.backup = `${file.remote_path}.bak`;
+                    }
+                    else {
+                        stepReport.backup_warning = 'Backup failed, continuing without backup';
+                        logger.warn({ sessionId: session_id, remote: file.remote_path, stderr: bkResult.stderr }, 'Deploy backup failed');
+                    }
+                }
+            }
+            catch (err) {
+                stepReport.backup_warning = `Backup check failed: ${err.message}`;
+            }
+        }
+        try {
+            await sshManager.sftpUpload(session.ssh, resolvedLocal, file.remote_path);
+            stepReport.uploaded = true;
+            stepReport.size = fs.statSync(resolvedLocal).size;
+        }
+        catch (err) {
+            stepReport.status = 'error';
+            stepReport.error = `Upload failed: ${err.message}`;
+            report.push(stepReport);
+            hadError = true;
+            continue;
+        }
+        if (chmod) {
+            try {
+                const chmodResult = await sshManager.exec(session.ssh, `chmod ${chmod} '${file.remote_path.replace(/'/g, "'\\''")}'`, 5000);
+                if (chmodResult.code === 0) {
+                    stepReport.chmod = chmod;
+                }
+                else {
+                    stepReport.chmod_error = chmodResult.stderr || 'unknown';
+                }
+            }
+            catch (err) {
+                stepReport.chmod_error = err.message;
+            }
+        }
+        if (chown) {
+            try {
+                const chownResult = await sshManager.exec(session.ssh, `chown ${chown} '${file.remote_path.replace(/'/g, "'\\''")}'`, 5000);
+                if (chownResult.code === 0) {
+                    stepReport.chown = chown;
+                }
+                else {
+                    stepReport.chown_error = chownResult.stderr || 'unknown';
+                }
+            }
+            catch (err) {
+                stepReport.chown_error = err.message;
+            }
+        }
+        stepReport.status = 'deployed';
+        report.push(stepReport);
+    }
+    if (restart_service) {
+        try {
+            const restartResult = await sshManager.exec(session.ssh, `systemctl restart '${restart_service.replace(/'/g, "'\\''")}'`, 15000);
+            if (restartResult.code === 0) {
+                report.push({ service: restart_service, restarted: true });
+            }
+            else {
+                report.push({ service: restart_service, restarted: false, error: restartResult.stderr || 'unknown' });
+            }
+        }
+        catch (err) {
+            report.push({ service: restart_service, restarted: false, error: err.message });
+        }
+    }
+    const result = { session_id, files: report, total: files.length, deployed: report.filter((r) => r.status === 'deployed').length };
+    if (pre_deploy_cmd) {
+        try {
+            const preResult = await sshManager.exec(session.ssh, pre_deploy_cmd, 30000);
+            result.pre_deploy = { command: pre_deploy_cmd, exit_code: preResult.code, stdout: preResult.stdout.slice(0, 1000) };
+        }
+        catch (err) {
+            result.pre_deploy_error = err.message;
+        }
+    }
+    if (post_deploy_cmd) {
+        try {
+            const postResult = await sshManager.exec(session.ssh, post_deploy_cmd, 30000);
+            result.post_deploy = { command: post_deploy_cmd, exit_code: postResult.code, stdout: postResult.stdout.slice(0, 1000) };
+        }
+        catch (err) {
+            result.post_deploy_error = err.message;
+        }
+    }
+    logger.info({ sessionId: session_id, deployed: result.deployed, hadError }, 'Deploy complete');
+    return {
+        content: [{ type: 'text', text: JSON.stringify(result, null, 2) }],
+        isError: hadError,
+    };
+}
+export async function handleDeployCommand(args, sessionManager, sshManager) {
+    const session = sessionManager.get(args.session_id);
+    if (!session)
+        return { success: false, error: 'Session not found' };
+    if (!sshManager.isAlive(session.ssh))
+        return { success: false, error: 'SSH dead' };
+    try {
+        const result = await sshManager.exec(session.ssh, args.command, 15000);
+        return { success: result.code === 0, exit_code: result.code, stdout: result.stdout, stderr: result.stderr };
+    }
+    catch (err) {
+        return { success: false, error: err.message };
+    }
+}
+//# sourceMappingURL=deploy.js.map