ssh-mcp-pro 1.1.4 → 1.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +10 -2
- package/REGISTRY_SUBMISSION.md +3 -3
- package/dist/agent-bin.js +0 -0
- package/dist/config.d.ts +1 -0
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +4 -0
- package/dist/config.js.map +1 -1
- package/dist/connector-profile.d.ts.map +1 -1
- package/dist/connector-profile.js +2 -2
- package/dist/connector-profile.js.map +1 -1
- package/dist/http-session-registry.d.ts +35 -0
- package/dist/http-session-registry.d.ts.map +1 -0
- package/dist/http-session-registry.js +96 -0
- package/dist/http-session-registry.js.map +1 -0
- package/dist/index.js +0 -0
- package/dist/mcp.d.ts +1 -1
- package/dist/mcp.js +1 -1
- package/dist/remote/control-plane.d.ts.map +1 -1
- package/dist/remote/control-plane.js +25 -3
- package/dist/remote/control-plane.js.map +1 -1
- package/dist/remote/oauth-handler.d.ts +2 -0
- package/dist/remote/oauth-handler.d.ts.map +1 -1
- package/dist/remote/oauth-handler.js +62 -1
- package/dist/remote/oauth-handler.js.map +1 -1
- package/dist/remote/store.d.ts +1 -0
- package/dist/remote/store.d.ts.map +1 -1
- package/dist/remote/store.js +5 -0
- package/dist/remote/store.js.map +1 -1
- package/dist/server-http.js +25 -35
- package/dist/server-http.js.map +1 -1
- package/dist/tools/connector.provider.d.ts.map +1 -1
- package/dist/tools/connector.provider.js +3 -2
- package/dist/tools/connector.provider.js.map +1 -1
- package/dist/tools/index.d.ts.map +1 -1
- package/dist/tools/index.js +1 -0
- package/dist/tools/index.js.map +1 -1
- package/dist/tools/output-schemas.d.ts.map +1 -1
- package/dist/tools/output-schemas.js +1 -0
- package/dist/tools/output-schemas.js.map +1 -1
- package/dist/tools/process.provider.d.ts +2 -0
- package/dist/tools/process.provider.d.ts.map +1 -1
- package/dist/tools/process.provider.js +60 -1
- package/dist/tools/process.provider.js.map +1 -1
- package/dist/tools/system.provider.d.ts +13 -0
- package/dist/tools/system.provider.d.ts.map +1 -1
- package/dist/tools/system.provider.js +304 -2
- package/dist/tools/system.provider.js.map +1 -1
- package/dist/types.d.ts +39 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +34 -0
- package/dist/types.js.map +1 -1
- package/docs/adding-a-device.md +127 -0
- package/docs/remote-mcp-hardening.md +49 -0
- package/mcp.json +1 -1
- package/package.json +68 -63
- package/registry/ssh-mcp-pro/mcp.json +1 -1
- package/server.json +3 -3
package/dist/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AA8KxB;;GAEG;AACH,MAAM,CAAN,IAAY,SAaX;AAbD,WAAY,SAAS;IACnB,4BAAe,CAAA;IACf,4BAAe,CAAA;IACf,kCAAqB,CAAA;IACrB,gCAAmB,CAAA;IACnB,4BAAe,CAAA;IACf,wBAAW,CAAA;IACX,8BAAiB,CAAA;IACjB,gCAAmB,CAAA;IACnB,gCAAmB,CAAA;IACnB,kCAAqB,CAAA;IACrB,8BAAiB,CAAA;IACjB,0CAA6B,CAAA;AAC/B,CAAC,EAbW,SAAS,KAAT,SAAS,QAapB;AAED;;;GAGG;AACH,MAAM,OAAO,WAAY,SAAQ,KAAK;IAE3B;IAEA;IACA;IACA;IACA;IANT,YACS,IAAe,EACtB,OAAe,EACR,IAAa,EACb,mBAA4B,EAC5B,cAAuB,IAAI,EAC3B,eAAwB;QAE/B,KAAK,CAAC,OAAO,CAAC,CAAC;QAPR,SAAI,GAAJ,IAAI,CAAW;QAEf,SAAI,GAAJ,IAAI,CAAS;QACb,wBAAmB,GAAnB,mBAAmB,CAAS;QAC5B,gBAAW,GAAX,WAAW,CAAgB;QAC3B,oBAAe,GAAf,eAAe,CAAS;QAG/B,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,MAAM;QACJ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;YAC7C,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,eAAe,EAAE,IAAI,CAAC,eAAe;SACtC,CAAC;IACJ,CAAC;CACF;AAED,mCAAmC;AACnC,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;AACnE,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AAExD,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE;IAC7C,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;IAC7E,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAChC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC9D,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;IACvD,qBAAqB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC7C,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC;IACxF,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5C,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC;CACzE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC7B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,YAAY,CAAC,QAAQ,EAAE;IAC5B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;CACjG,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;CACjG,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;IAC/C,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC7C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CACxB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAClC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;CAC3D,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CACxB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CACtB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;CACxD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;CAC1E,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAC1B,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;IACvD,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;CACtD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC7B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;CAClE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,YAAY,CAAC,QAAQ,EAAE;IAC5B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;CACjG,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC9B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC7B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;IAC7C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;IAClD,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;CAC/C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;IAC9C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;IACjD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;CAC9C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC5B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AA8KxB;;GAEG;AACH,MAAM,CAAN,IAAY,SAaX;AAbD,WAAY,SAAS;IACnB,4BAAe,CAAA;IACf,4BAAe,CAAA;IACf,kCAAqB,CAAA;IACrB,gCAAmB,CAAA;IACnB,4BAAe,CAAA;IACf,wBAAW,CAAA;IACX,8BAAiB,CAAA;IACjB,gCAAmB,CAAA;IACnB,gCAAmB,CAAA;IACnB,kCAAqB,CAAA;IACrB,8BAAiB,CAAA;IACjB,0CAA6B,CAAA;AAC/B,CAAC,EAbW,SAAS,KAAT,SAAS,QAapB;AAED;;;GAGG;AACH,MAAM,OAAO,WAAY,SAAQ,KAAK;IAE3B;IAEA;IACA;IACA;IACA;IANT,YACS,IAAe,EACtB,OAAe,EACR,IAAa,EACb,mBAA4B,EAC5B,cAAuB,IAAI,EAC3B,eAAwB;QAE/B,KAAK,CAAC,OAAO,CAAC,CAAC;QAPR,SAAI,GAAJ,IAAI,CAAW;QAEf,SAAI,GAAJ,IAAI,CAAS;QACb,wBAAmB,GAAnB,mBAAmB,CAAS;QAC5B,gBAAW,GAAX,WAAW,CAAgB;QAC3B,oBAAe,GAAf,eAAe,CAAS;QAG/B,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,MAAM;QACJ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;YAC7C,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,eAAe,EAAE,IAAI,CAAC,eAAe;SACtC,CAAC;IACJ,CAAC;CACF;AAED,mCAAmC;AACnC,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;AACnE,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AAExD,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE;IAC7C,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;IAC7E,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAChC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC9D,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;IACvD,qBAAqB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC7C,aAAa,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC;IACxF,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5C,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC;CACzE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC7B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,YAAY,CAAC,QAAQ,EAAE;IAC5B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;CACjG,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;CACjG,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;IAC/C,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC7C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CACxB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAClC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;CAC3D,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CACxB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CACtB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;CACxD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;CAC1E,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAC1B,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;IACvD,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;CACtD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC7B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;CAClE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,YAAY,CAAC,QAAQ,EAAE;IAC5B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;CACjG,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC9B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC7B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;IAC7C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;IAClD,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;CAC/C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;IAC9C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;IACjD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;CAC9C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC5B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC7B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChC,MAAM,EAAE,CAAC;SACN,IAAI,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;SACtE,OAAO,CAAC,SAAS,CAAC;CACtB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CACxB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;CACzD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;IACxC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,WAAW,CAAC;CACtC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;CACzD,CAAC,CAAC"}
|
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
# Adding a device (agent enrollment)
|
|
2
|
+
|
|
3
|
+
This guide explains the professional, repeatable way to connect a new
|
|
4
|
+
machine ("device") to the ssh-mcp-pro control plane. You never edit the
|
|
5
|
+
database by hand — every device is onboarded with a one-time enrollment
|
|
6
|
+
token and a chosen capability profile.
|
|
7
|
+
|
|
8
|
+
## Mental model
|
|
9
|
+
|
|
10
|
+
- The **control plane** is the always-on HTTP/WebSocket service that ChatGPT
|
|
11
|
+
(or any MCP client) talks to. It holds the agent registry, policies, and
|
|
12
|
+
the audit log.
|
|
13
|
+
- An **agent** is a small outbound process running on each device. It dials
|
|
14
|
+
the control plane over WebSocket and executes only the actions its policy
|
|
15
|
+
allows. Devices never accept inbound connections.
|
|
16
|
+
- A **profile** is the capability set granted to an agent. It is chosen when
|
|
17
|
+
the enrollment token is created, and can be changed later without
|
|
18
|
+
re-enrolling.
|
|
19
|
+
|
|
20
|
+
## Profiles
|
|
21
|
+
|
|
22
|
+
| Profile | Capabilities | Use it for |
|
|
23
|
+
| ------------ | -------------------------------------------------------- | -------------------------------- |
|
|
24
|
+
| `read-only` | host/system/log/audit read | Monitoring, safe default |
|
|
25
|
+
| `operations` | read + service management + docker + file read | Day-to-day administration |
|
|
26
|
+
| `full-admin` | everything, including `shell.exec` and `sudo.exec` | Full remote control of a machine |
|
|
27
|
+
|
|
28
|
+
Start with the least privilege a device needs. You can raise the profile
|
|
29
|
+
later (see [Changing a policy later](#changing-a-policy-later)).
|
|
30
|
+
|
|
31
|
+
## Step 1 — Create an enrollment token (on the control plane side)
|
|
32
|
+
|
|
33
|
+
Tokens are one-time and short-lived. Pick the profile here.
|
|
34
|
+
|
|
35
|
+
### Option A: HTTP API
|
|
36
|
+
|
|
37
|
+
```bash
|
|
38
|
+
curl -sS -X POST "https://your-control-plane.example.com/api/agents/enrollment-tokens" \
|
|
39
|
+
-H "Authorization: Bearer <admin-access-token>" \
|
|
40
|
+
-H "Content-Type: application/json" \
|
|
41
|
+
-d '{"alias":"office-pc","requested_profile":"operations"}'
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
The response includes a one-time `enrollment_token` and a ready-to-paste
|
|
45
|
+
install command. The calling identity must have the `agents:admin` scope.
|
|
46
|
+
|
|
47
|
+
### Option B: From ChatGPT
|
|
48
|
+
|
|
49
|
+
If your connector has the `agents:admin` scope, ask it to call the
|
|
50
|
+
`create_enrollment_token` tool with the alias and requested profile. It
|
|
51
|
+
returns the same token and install command.
|
|
52
|
+
|
|
53
|
+
## Step 2 — Run the bootstrap on the new device
|
|
54
|
+
|
|
55
|
+
The bootstrap installs the package, enrolls the machine, and registers a
|
|
56
|
+
service so the agent reconnects on boot. It needs Node 22.22+ or 24+.
|
|
57
|
+
|
|
58
|
+
### Linux / WSL
|
|
59
|
+
|
|
60
|
+
```bash
|
|
61
|
+
curl -fsSL https://raw.githubusercontent.com/oaslananka/ssh-mcp-pro/main/scripts/install-agent.sh -o install-agent.sh
|
|
62
|
+
bash install-agent.sh \
|
|
63
|
+
--server https://your-control-plane.example.com \
|
|
64
|
+
--token <one-time-token> \
|
|
65
|
+
--alias office-pc
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
This creates a **user** systemd service and enables linger so it survives
|
|
69
|
+
logout and starts at boot. Pass `--system` (with `sudo`) to install a
|
|
70
|
+
system-wide service instead.
|
|
71
|
+
|
|
72
|
+
### Windows (PowerShell)
|
|
73
|
+
|
|
74
|
+
```powershell
|
|
75
|
+
irm https://raw.githubusercontent.com/oaslananka/ssh-mcp-pro/main/scripts/install-agent.ps1 -OutFile install-agent.ps1
|
|
76
|
+
./install-agent.ps1 -Server https://your-control-plane.example.com -Token <one-time-token> -Alias office-pc
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
This registers a Scheduled Task that runs the agent at logon and restarts it
|
|
80
|
+
on failure. For a fully headless host that must run before any user logs in,
|
|
81
|
+
run the agent under a service manager such as NSSM instead.
|
|
82
|
+
|
|
83
|
+
## Step 3 — Verify
|
|
84
|
+
|
|
85
|
+
On the device:
|
|
86
|
+
|
|
87
|
+
```bash
|
|
88
|
+
ssh-mcp-pro-agent status
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
It prints the agent id, alias, server, and active profile. On the control
|
|
92
|
+
plane side the agent shows up as `online` in the fleet list, and the audit
|
|
93
|
+
log records `enrollment_token_created` and `agent_connected`.
|
|
94
|
+
|
|
95
|
+
## Changing a policy later
|
|
96
|
+
|
|
97
|
+
Capabilities are server-authoritative and pushed live to a connected agent —
|
|
98
|
+
you do **not** re-enroll to change them. Use the proper management path so
|
|
99
|
+
the change is validated and audited:
|
|
100
|
+
|
|
101
|
+
```bash
|
|
102
|
+
curl -sS -X PATCH "https://your-control-plane.example.com/api/agents/<agent-id>/policy" \
|
|
103
|
+
-H "Authorization: Bearer <admin-access-token>" \
|
|
104
|
+
-H "Content-Type: application/json" \
|
|
105
|
+
-d '{"policy":{"profile":"full-admin"}}'
|
|
106
|
+
```
|
|
107
|
+
|
|
108
|
+
or call the `update_agent_policy` tool from an admin-scoped connector. The
|
|
109
|
+
control plane pushes a `policy.update` to the running agent within seconds; no
|
|
110
|
+
restart is required.
|
|
111
|
+
|
|
112
|
+
> Do not edit `data/sshautomator.db` directly to change capabilities. The
|
|
113
|
+
> database is an implementation detail; the API and tools are the supported
|
|
114
|
+
> interface and they keep the audit trail intact.
|
|
115
|
+
|
|
116
|
+
## Troubleshooting
|
|
117
|
+
|
|
118
|
+
- **`shell.exec` denied / tool call fails**: the agent profile is too low.
|
|
119
|
+
Raise it with the policy API above. Read-only agents intentionally cannot
|
|
120
|
+
run shell commands, and a connection cannot grant itself more access.
|
|
121
|
+
- **Agent shows offline**: check the service
|
|
122
|
+
(`systemctl --user status ssh-mcp-pro-agent` on Linux, the Scheduled Task on
|
|
123
|
+
Windows) and that the device can reach the control plane URL over HTTPS.
|
|
124
|
+
- **Enrollment fails with an expired token**: tokens are single-use and
|
|
125
|
+
short-lived. Create a fresh one and retry.
|
|
126
|
+
- **WebSocket error on start**: the runtime is too old. Install Node 22.22+
|
|
127
|
+
or 24+.
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
# Remote MCP hardening
|
|
2
|
+
|
|
3
|
+
Use this checklist before exposing `ssh-mcp-pro` through a public Streamable HTTP MCP endpoint.
|
|
4
|
+
|
|
5
|
+
## Streamable HTTP session resilience
|
|
6
|
+
|
|
7
|
+
- Keep `SSH_MCP_HTTP_SESSION_IDLE_TTL_MS` low enough for connector workloads that may abandon sessions without sending HTTP `DELETE`. A practical production value for ChatGPT/Cloudflare deployments is `300000`.
|
|
8
|
+
- Raise `SSH_MCP_HTTP_MAX_SESSIONS` above the expected burst of connector initializations. A practical production value for ChatGPT/Cloudflare deployments is `100`.
|
|
9
|
+
- The HTTP session registry cleans expired sessions before opening a new session. If capacity is still full, it evicts the oldest idle session with reason `capacity-evict-oldest` instead of returning a persistent 503 that can surface as an upstream 502.
|
|
10
|
+
- Watch logs for `HTTP MCP session removed`, `idle-timeout`, and `capacity-evict-oldest` to confirm cleanup is happening.
|
|
11
|
+
|
|
12
|
+
## OAuth and token verification
|
|
13
|
+
|
|
14
|
+
- Prefer OAuth mode for public endpoints.
|
|
15
|
+
- Configure `SSH_MCP_OAUTH_ISSUER`, `SSH_MCP_OAUTH_JWKS_URL`, and either `SSH_MCP_OAUTH_AUDIENCE` or `SSH_MCP_OAUTH_RESOURCE` explicitly.
|
|
16
|
+
- Use `SSH_MCP_OAUTH_ALLOWED_ALGORITHMS` to pin accepted JWT algorithms when your authorization server has a stable signing policy.
|
|
17
|
+
- Keep `SSH_MCP_OAUTH_REQUIRED_SCOPES` narrow and environment-specific.
|
|
18
|
+
- Confirm unauthorized `/mcp` requests return `401` with `WWW-Authenticate` metadata discovery headers.
|
|
19
|
+
|
|
20
|
+
## Connector routing
|
|
21
|
+
|
|
22
|
+
- Keep `SSH_MCP_REMOTE_AGENT_MCP_PASSTHROUGH` disabled by default.
|
|
23
|
+
- Enable it only during a controlled remote-agent routing migration where `/mcp` must bypass the remote control plane and reach the Streamable HTTP MCP handler.
|
|
24
|
+
- Remove the switch again after the routing migration is complete.
|
|
25
|
+
|
|
26
|
+
## Tool exposure
|
|
27
|
+
|
|
28
|
+
- Prefer `remote-safe`, `remote-readonly`, or `remote-broker` profiles for public connectors.
|
|
29
|
+
- Require a host allowlist for public endpoints.
|
|
30
|
+
- Keep credential entry in chat disabled; use the credential broker or SSH agent instead.
|
|
31
|
+
- Keep destructive filesystem and command policies disabled unless the environment has an explicit change-control process.
|
|
32
|
+
|
|
33
|
+
## Packaging and repository hygiene
|
|
34
|
+
|
|
35
|
+
- Never commit local bearer tokens, private keys, or generated credential files.
|
|
36
|
+
- Keep local credential directories ignored by Git.
|
|
37
|
+
- Run the full push gate before merging changes that affect remote connector behavior:
|
|
38
|
+
|
|
39
|
+
```bash
|
|
40
|
+
pnpm run format:check
|
|
41
|
+
pnpm run lint
|
|
42
|
+
pnpm run typecheck
|
|
43
|
+
pnpm test
|
|
44
|
+
pnpm run build
|
|
45
|
+
pnpm run audit
|
|
46
|
+
pnpm run validate:mcp-metadata
|
|
47
|
+
pnpm run validate:chatgpt-app
|
|
48
|
+
pnpm run validate:claude-connector
|
|
49
|
+
```
|
package/mcp.json
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"name": "ssh-mcp-pro",
|
|
3
3
|
"display_name": "ssh-mcp-pro",
|
|
4
4
|
"description": "Secure MCP SSH automation server with policy controls, resources, prompts, stdio, and HTTP.",
|
|
5
|
-
"version": "1.1.
|
|
5
|
+
"version": "1.1.5",
|
|
6
6
|
"author": "Osman Aslan",
|
|
7
7
|
"license": "MIT",
|
|
8
8
|
"runtime": "node",
|
package/package.json
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "ssh-mcp-pro",
|
|
3
|
-
"version": "1.1.
|
|
3
|
+
"version": "1.1.5",
|
|
4
4
|
"mcpName": "io.github.oaslananka/ssh-mcp-pro",
|
|
5
5
|
"description": "Model Context Protocol (MCP) SSH client server for remote automation",
|
|
6
6
|
"type": "module",
|
|
7
|
+
"packageManager": "pnpm@11.9.0+sha512.bd682d5d03fe525ef7c9fd6780c6884d1e756ac4c9c9fe00c538782824310dcf90e3ddc4f53835f06dfaebd5085e41855e0bcbb3b60de2ac5bbab89e5036f03b",
|
|
7
8
|
"main": "dist/index.js",
|
|
8
9
|
"exports": "./dist/index.js",
|
|
9
10
|
"types": "dist/index.d.ts",
|
|
@@ -31,67 +32,6 @@
|
|
|
31
32
|
"ssh-mcp-pro": "dist/index.js",
|
|
32
33
|
"ssh-mcp-pro-agent": "dist/agent-bin.js"
|
|
33
34
|
},
|
|
34
|
-
"keywords": [
|
|
35
|
-
"mcp",
|
|
36
|
-
"ssh",
|
|
37
|
-
"copilot",
|
|
38
|
-
"automation",
|
|
39
|
-
"remote",
|
|
40
|
-
"model-context-protocol",
|
|
41
|
-
"github-copilot",
|
|
42
|
-
"ssh-client",
|
|
43
|
-
"devops",
|
|
44
|
-
"infrastructure"
|
|
45
|
-
],
|
|
46
|
-
"author": "Osman Aslan <oaslananka>",
|
|
47
|
-
"license": "MIT",
|
|
48
|
-
"repository": {
|
|
49
|
-
"type": "git",
|
|
50
|
-
"url": "git+https://github.com/oaslananka/ssh-mcp-pro.git"
|
|
51
|
-
},
|
|
52
|
-
"homepage": "https://github.com/oaslananka/ssh-mcp-pro#readme",
|
|
53
|
-
"bugs": {
|
|
54
|
-
"url": "https://github.com/oaslananka/ssh-mcp-pro/issues"
|
|
55
|
-
},
|
|
56
|
-
"publishConfig": {
|
|
57
|
-
"access": "public"
|
|
58
|
-
},
|
|
59
|
-
"engines": {
|
|
60
|
-
"node": ">=22.22.2",
|
|
61
|
-
"pnpm": "^11.5.1"
|
|
62
|
-
},
|
|
63
|
-
"dependencies": {
|
|
64
|
-
"@modelcontextprotocol/sdk": "^1.29.0",
|
|
65
|
-
"@opentelemetry/api": "^1.9.1",
|
|
66
|
-
"@opentelemetry/exporter-trace-otlp-http": "^0.219.0",
|
|
67
|
-
"@opentelemetry/resources": "^2.8.0",
|
|
68
|
-
"@opentelemetry/sdk-node": "^0.219.0",
|
|
69
|
-
"@opentelemetry/semantic-conventions": "^1.41.1",
|
|
70
|
-
"jose": "6.2.3",
|
|
71
|
-
"node-ssh": "^13.2.1",
|
|
72
|
-
"zod": "^4.4.3"
|
|
73
|
-
},
|
|
74
|
-
"devDependencies": {
|
|
75
|
-
"@stryker-mutator/core": "9.6.1",
|
|
76
|
-
"@stryker-mutator/typescript-checker": "9.6.1",
|
|
77
|
-
"@stryker-mutator/vitest-runner": "9.6.1",
|
|
78
|
-
"@types/node": "^24.13.1",
|
|
79
|
-
"@types/ssh2": "^1.15.5",
|
|
80
|
-
"@typescript-eslint/eslint-plugin": "^8.61.0",
|
|
81
|
-
"@typescript-eslint/parser": "^8.61.0",
|
|
82
|
-
"@vitest/coverage-v8": "^4.1.8",
|
|
83
|
-
"ajv": "^8.20.0",
|
|
84
|
-
"autocannon": "^7.15.0",
|
|
85
|
-
"dependency-cruiser": "^17.4.3",
|
|
86
|
-
"eslint": "^10.4.1",
|
|
87
|
-
"fast-check": "^4.8.0",
|
|
88
|
-
"knip": "^6.16.1",
|
|
89
|
-
"prettier": "^3.8.4",
|
|
90
|
-
"typedoc": "0.28.19",
|
|
91
|
-
"typescript": "^6.0.3",
|
|
92
|
-
"vite": "^7.3.5",
|
|
93
|
-
"vitest": "^4.1.8"
|
|
94
|
-
},
|
|
95
35
|
"scripts": {
|
|
96
36
|
"build": "tsc -p tsconfig.json",
|
|
97
37
|
"dev": "tsc -p tsconfig.json -w",
|
|
@@ -111,6 +51,9 @@
|
|
|
111
51
|
"format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\" \"scripts/**/*.{mjs,cjs}\" \"docs/**/*.md\" \".github/workflows/*.{yml,yaml}\" \"stryker.conf.mjs\" \"vitest.config.ts\" \"vitest.mutation.config.ts\"",
|
|
112
52
|
"format:check": "prettier --check \"src/**/*.ts\" \"test/**/*.ts\" \"scripts/**/*.{mjs,cjs}\" \"docs/**/*.md\" \".github/workflows/*.{yml,yaml}\" \"stryker.conf.mjs\" \"vitest.config.ts\" \"vitest.mutation.config.ts\"",
|
|
113
53
|
"format:staged": "node scripts/run-staged-checks.mjs",
|
|
54
|
+
"prepare": "node scripts/setup-git-hooks.mjs",
|
|
55
|
+
"prepack": "pnpm run build && pnpm run sync-version -- --check && pnpm run validate:mcp-metadata && pnpm run validate:chatgpt-app && pnpm run validate:claude-connector",
|
|
56
|
+
"prepublishOnly": "pnpm run check",
|
|
114
57
|
"docker:ssh-fixture:up": "node scripts/docker-ssh-fixture.mjs up",
|
|
115
58
|
"docker:ssh-fixture:down": "node scripts/docker-ssh-fixture.mjs down",
|
|
116
59
|
"e2e:docker": "node scripts/docker-ssh-fixture.mjs run e2e",
|
|
@@ -118,6 +61,7 @@
|
|
|
118
61
|
"docs": "pnpm exec typedoc --options typedoc.json",
|
|
119
62
|
"docs:check": "pnpm exec typedoc --options typedoc.json --treatWarningsAsErrors",
|
|
120
63
|
"start:http": "node dist/render-http.js",
|
|
64
|
+
"start:chatgpt": "node scripts/start-chatgpt-http.mjs",
|
|
121
65
|
"sync-version": "node scripts/sync-version.mjs",
|
|
122
66
|
"validate:mcp-metadata": "node scripts/validate-mcp-metadata.mjs",
|
|
123
67
|
"validate:mcp-registry": "node scripts/check-mcp-registry-record.mjs",
|
|
@@ -152,5 +96,66 @@
|
|
|
152
96
|
"hook:pre-push": "pnpm run check:push",
|
|
153
97
|
"release:dry-run": "node scripts/validate-release-please.mjs && node scripts/release-state.mjs --offline --json && pnpm run check:package",
|
|
154
98
|
"sbom": "node scripts/generate-sbom.mjs"
|
|
99
|
+
},
|
|
100
|
+
"keywords": [
|
|
101
|
+
"mcp",
|
|
102
|
+
"ssh",
|
|
103
|
+
"copilot",
|
|
104
|
+
"automation",
|
|
105
|
+
"remote",
|
|
106
|
+
"model-context-protocol",
|
|
107
|
+
"github-copilot",
|
|
108
|
+
"ssh-client",
|
|
109
|
+
"devops",
|
|
110
|
+
"infrastructure"
|
|
111
|
+
],
|
|
112
|
+
"author": "Osman Aslan <oaslananka>",
|
|
113
|
+
"license": "MIT",
|
|
114
|
+
"repository": {
|
|
115
|
+
"type": "git",
|
|
116
|
+
"url": "git+https://github.com/oaslananka/ssh-mcp-pro.git"
|
|
117
|
+
},
|
|
118
|
+
"homepage": "https://github.com/oaslananka/ssh-mcp-pro#readme",
|
|
119
|
+
"bugs": {
|
|
120
|
+
"url": "https://github.com/oaslananka/ssh-mcp-pro/issues"
|
|
121
|
+
},
|
|
122
|
+
"publishConfig": {
|
|
123
|
+
"access": "public"
|
|
124
|
+
},
|
|
125
|
+
"engines": {
|
|
126
|
+
"node": ">=22.22.2",
|
|
127
|
+
"pnpm": "^11.5.1"
|
|
128
|
+
},
|
|
129
|
+
"dependencies": {
|
|
130
|
+
"@modelcontextprotocol/sdk": "^1.29.0",
|
|
131
|
+
"@opentelemetry/api": "^1.9.1",
|
|
132
|
+
"@opentelemetry/exporter-trace-otlp-http": "^0.219.0",
|
|
133
|
+
"@opentelemetry/resources": "^2.8.0",
|
|
134
|
+
"@opentelemetry/sdk-node": "^0.219.0",
|
|
135
|
+
"@opentelemetry/semantic-conventions": "^1.41.1",
|
|
136
|
+
"jose": "6.2.3",
|
|
137
|
+
"node-ssh": "^13.2.1",
|
|
138
|
+
"zod": "^4.4.3"
|
|
139
|
+
},
|
|
140
|
+
"devDependencies": {
|
|
141
|
+
"@stryker-mutator/core": "9.6.1",
|
|
142
|
+
"@stryker-mutator/typescript-checker": "9.6.1",
|
|
143
|
+
"@stryker-mutator/vitest-runner": "9.6.1",
|
|
144
|
+
"@types/node": "^24.13.1",
|
|
145
|
+
"@types/ssh2": "^1.15.5",
|
|
146
|
+
"@typescript-eslint/eslint-plugin": "^8.62.0",
|
|
147
|
+
"@typescript-eslint/parser": "^8.62.0",
|
|
148
|
+
"@vitest/coverage-v8": "^4.1.9",
|
|
149
|
+
"ajv": "^8.20.0",
|
|
150
|
+
"autocannon": "^7.15.0",
|
|
151
|
+
"dependency-cruiser": "^17.4.3",
|
|
152
|
+
"eslint": "^10.5.0",
|
|
153
|
+
"fast-check": "^4.8.0",
|
|
154
|
+
"knip": "^6.18.0",
|
|
155
|
+
"prettier": "^3.8.4",
|
|
156
|
+
"typedoc": "0.28.19",
|
|
157
|
+
"typescript": "^6.0.3",
|
|
158
|
+
"vite": "^7.3.5",
|
|
159
|
+
"vitest": "^4.1.9"
|
|
155
160
|
}
|
|
156
|
-
}
|
|
161
|
+
}
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"name": "ssh-mcp-pro",
|
|
3
3
|
"display_name": "ssh-mcp-pro",
|
|
4
4
|
"description": "Secure MCP SSH automation server with policy controls, resources, prompts, stdio, and HTTP.",
|
|
5
|
-
"version": "1.1.
|
|
5
|
+
"version": "1.1.5",
|
|
6
6
|
"author": "Osman Aslan",
|
|
7
7
|
"license": "MIT",
|
|
8
8
|
"runtime": "node",
|
package/server.json
CHANGED
|
@@ -7,13 +7,13 @@
|
|
|
7
7
|
"url": "https://github.com/oaslananka/ssh-mcp-pro",
|
|
8
8
|
"source": "github"
|
|
9
9
|
},
|
|
10
|
-
"version": "1.1.
|
|
10
|
+
"version": "1.1.5",
|
|
11
11
|
"packages": [
|
|
12
12
|
{
|
|
13
13
|
"registryType": "npm",
|
|
14
14
|
"registryBaseUrl": "https://registry.npmjs.org",
|
|
15
15
|
"identifier": "ssh-mcp-pro",
|
|
16
|
-
"version": "1.1.
|
|
16
|
+
"version": "1.1.5",
|
|
17
17
|
"transport": {
|
|
18
18
|
"type": "stdio"
|
|
19
19
|
}
|
|
@@ -22,7 +22,7 @@
|
|
|
22
22
|
"registryType": "npm",
|
|
23
23
|
"registryBaseUrl": "https://registry.npmjs.org",
|
|
24
24
|
"identifier": "ssh-mcp-pro",
|
|
25
|
-
"version": "1.1.
|
|
25
|
+
"version": "1.1.5",
|
|
26
26
|
"runtimeHint": "npx",
|
|
27
27
|
"transport": {
|
|
28
28
|
"type": "streamable-http",
|