zapret2-mcp 0.3.0

package/CHANGELOG.md

@@ -0,0 +1,50 @@
+# Changelog
+
+## [0.3.0] - 2026-02-18
+
+### Added
+- **3 новых tools** (итого 13):
+  - `detectSystem` — определение окружения (OS, arch, init system, WAN, DNS, NFQUEUE, container)
+  - `configureDns` — настройка DNS-резолвера (resolv.conf или systemd-resolved)
+  - `createSystemdService` — создание systemd unit для автозапуска на Linux-десктопе
+- **Новый prompt** `setup-desktop` — полный пайплайн установки для Linux-десктопа с systemd
+- Автодетекция WAN-интерфейса через `ip route get 8.8.8.8` при установке (`installZapret`)
+- Расширенные проверки в `checkPrerequisites`: OS, init system, NFQUEUE module, WAN-интерфейс, DNS-резолверы, container detection, `base64`
+- Документация по поддержке Windows (`docs/windows-support.md`)
+
+### Fixed
+- **Shell injection в `updateConfig`** — значение теперь передаётся через base64 + awk ENVIRON вместо sed с минимальным экранированием
+- **maxBuffer 1MB → 10MB** во всех executor'ах — предотвращает обрезку вывода blockcheck2.sh
+- Опечатка в `docker/entrypoint.sh` (`/opt/zapret` → `/opt/zapret2`)
+
+### Changed
+- Промпт `setup-zapret` начинается с `detectSystem` как шаг 1
+- Промпт `troubleshoot` включает `detectSystem` и `configureDns`
+- Промпт `overview` обновлён: 13 tools, 5 prompts, два workflow (router/desktop)
+- README.md полностью переписан на русском с таблицей поддерживаемых платформ
+
+## [0.2.0] - 2026-02-17
+
+### Added
+- **Абстракция транспорта** `CommandExecutor` — 3 реализации:
+  - `LocalExecutor` — выполнение через `bash -c`
+  - `DockerExecutor` — через `docker exec`
+  - `SshExecutor` — через ssh
+- **3 новых tools** (итого 10):
+  - `checkPrerequisites` — проверка окружения
+  - `installZapret` — установка с нуля
+  - `verifyBypass` — проверка сетевой связности
+- **MCP Resources** — персистентные логи в `~/.zapret2-mcp/logs/`
+- **4 MCP Prompts**: `setup-zapret`, `find-bypass-strategy`, `troubleshoot`, `overview`
+- npm-пакет с CLI entry point (`npx zapret2-mcp`)
+- Unit и интеграционные тесты
+
+### Changed
+- Все tools мигрированы с `dockerExec()` на `getExecutor().exec()`
+
+## [0.1.0] - 2026-02-17
+
+### Added
+- Начальная реализация MCP-сервера с 7 tools
+- Docker-окружение для разработки (OpenWrt rootfs)
+- Tools: `getStatus`, `startService`, `stopService`, `restartService`, `getConfig`, `updateConfig`, `runBlockcheck`

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Stanislav Zemlyakov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,238 @@
+# zapret2-mcp
+
+MCP-сервер для управления [zapret2](https://github.com/bol-van/zapret2) — инструментом обработки сетевых пакетов. Позволяет AI-агентам автоматизировать установку, настройку и диагностику zapret2 через [Model Context Protocol](https://modelcontextprotocol.io/).
+
+## Поддерживаемые платформы
+
+| Платформа | Статус | Транспорт |
+|---|---|---|
+| OpenWrt (роутер) | Полная поддержка | `ssh` |
+| Linux (десктоп/сервер) | Полная поддержка | `local` |
+| Docker (разработка/тестирование) | Полная поддержка | `docker` |
+| macOS | Не поддерживается | — |
+| Windows (нативно) | Не поддерживается | — |
+| Windows (WSL2) | Работает через `local` | `local` |
+
+zapret2 поддерживает Windows нативно через [zapret-win-bundle](https://github.com/bol-van/zapret-win-bundle), но архитектура (WinDivert, `.cmd`-скрипты, другие пути) полностью отличается от Linux. Наш MCP-сервер работает только с Linux/OpenWrt-окружениями. Подробнее: [docs/windows-support.md](docs/windows-support.md).
+
+## Установка
+
+```bash
+npm install -g zapret2-mcp
+```
+
+Или запуск без установки:
+
+```bash
+npx zapret2-mcp
+```
+
+## Настройка MCP-клиента
+
+### Claude Desktop
+
+Добавить в `~/.claude/claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "zapret2": {
+      "command": "npx",
+      "args": ["zapret2-mcp"],
+      "env": {
+        "ZAPRET2_MODE": "ssh",
+        "ZAPRET2_SSH_HOST": "192.168.1.1"
+      }
+    }
+  }
+}
+```
+
+### Claude Code
+
+Добавить в `.mcp.json` в корне проекта или в `~/.claude/mcp.json` глобально:
+
+```json
+{
+  "mcpServers": {
+    "zapret2": {
+      "command": "npx",
+      "args": ["zapret2-mcp"],
+      "env": {
+        "ZAPRET2_MODE": "ssh",
+        "ZAPRET2_SSH_HOST": "192.168.1.1"
+      }
+    }
+  }
+}
+```
+
+### Cursor
+
+Добавить в настройки MCP:
+
+```json
+{
+  "zapret2": {
+    "command": "npx",
+    "args": ["zapret2-mcp"],
+    "env": {
+      "ZAPRET2_MODE": "docker"
+    }
+  }
+}
+```
+
+## Режимы транспорта
+
+Сервер выполняет команды на целевой машине через один из трёх транспортов.
+
+### `ssh` — удалённый роутер (продакшн)
+
+Подключение по SSH к OpenWrt-роутеру. Основной режим для реального использования.
+
+```json
+{ "ZAPRET2_MODE": "ssh", "ZAPRET2_SSH_HOST": "192.168.1.1" }
+```
+
+### `local` — локальная машина
+
+Выполнение команд через `bash -c` на той же машине, где запущен MCP-сервер. Для Linux-десктопов и WSL2.
+
+```json
+{ "ZAPRET2_MODE": "local" }
+```
+
+### `docker` — контейнер (по умолчанию)
+
+Выполнение через `docker exec` в контейнере с OpenWrt. Для разработки и тестирования.
+
+```json
+{ "ZAPRET2_MODE": "docker" }
+```
+
+### Переменные окружения
+
+| Переменная | По умолчанию | Описание |
+|---|---|---|
+| `ZAPRET2_MODE` | `docker` | Транспорт: `local`, `docker`, `ssh` |
+| `ZAPRET2_CONTAINER_NAME` | `zapret2-openwrt` | Имя контейнера (режим docker) |
+| `ZAPRET2_SSH_HOST` | — (обязательно для ssh) | SSH-хост |
+| `ZAPRET2_SSH_USER` | `root` | SSH-пользователь |
+| `ZAPRET2_SSH_KEY` | — (опционально) | Путь к SSH-ключу |
+| `ZAPRET2_SSH_PORT` | `22` | SSH-порт |
+
+## Tools (13)
+
+### Определение системы
+
+| Tool | Описание |
+|---|---|
+| `detectSystem` | Определение окружения: ОС, архитектура, init-система, WAN-интерфейс, DNS, NFQUEUE, контейнер |
+
+### Управление сервисом
+
+| Tool | Описание |
+|---|---|
+| `getStatus` | Статус сервиса: запущен ли, PID, количество nftables-правил, флаг enabled |
+| `startService` | Запуск zapret2 (логи сохраняются в resources) |
+| `stopService` | Остановка zapret2 (логи сохраняются в resources) |
+| `restartService` | Перезапуск zapret2 (логи сохраняются в resources) |
+
+### Конфигурация
+
+| Tool | Описание |
+|---|---|
+| `getConfig` | Чтение конфига zapret2 (целиком или по ключу) |
+| `updateConfig` | Обновление параметра конфига (key=value, снапшот сохраняется в resources) |
+| `configureDns` | Настройка DNS-резолвера (resolv.conf или systemd-resolved) |
+
+### Установка и диагностика
+
+| Tool | Описание |
+|---|---|
+| `checkPrerequisites` | Проверка окружения: инструменты, ОС, init-система, NFQUEUE, сеть |
+| `installZapret` | Полная установка: клонирование, скачивание бинарников, базовый конфиг |
+| `runBlockcheck` | Запуск blockcheck2.sh для поиска рабочих сетевых стратегий (~5 мин, лог в resources) |
+| `verifyBypass` | Проверка сетевой связности: DNS, HTTP, статус nfqws2 |
+
+### Интеграция с десктопом
+
+| Tool | Описание |
+|---|---|
+| `createSystemdService` | Создание systemd unit для автозапуска zapret2 на Linux-десктопе |
+
+## Prompts (5)
+
+MCP-промпты — пошаговые инструкции для типичных сценариев:
+
+| Prompt | Описание |
+|---|---|
+| `setup-zapret` | Установка с нуля (универсальная) |
+| `setup-desktop` | Установка на Linux-десктоп с systemd, DNS и автозапуском |
+| `find-bypass-strategy` | Поиск рабочей сетевой стратегии через blockcheck |
+| `troubleshoot` | Диагностика проблем |
+| `overview` | Справочник по всем tools, resources и workflows |
+
+## MCP Resources
+
+Tools сохраняют вывод в файлы для персистентной истории. Агент может возвращаться к предыдущим результатам и сравнивать прогоны.
+
+- **URI:** `zapret2://logs/{type}/{timestamp}`
+- **Типы логов:** `blockcheck`, `service`, `config`
+- **Хранение:** `~/.zapret2-mcp/logs/`
+
+## Сценарии использования
+
+### Роутер (OpenWrt по SSH)
+
+```
+detectSystem → checkPrerequisites → installZapret → updateConfig(NFQWS2_ENABLE=1)
+→ startService → verifyBypass
+```
+
+### Linux-десктоп
+
+```
+detectSystem → checkPrerequisites → installZapret → configureDns
+→ createSystemdService → updateConfig(NFQWS2_ENABLE=1) → startService → verifyBypass
+```
+
+### Поиск сетевой стратегии
+
+```
+stopService → runBlockcheck(domain) → прочитать лог resource
+→ updateConfig(NFQWS2_OPT=...) → restartService → verifyBypass(domain)
+```
+
+### Диагностика
+
+```
+detectSystem → getStatus → getConfig → checkPrerequisites → verifyBypass(domain)
+→ анализ результатов
+```
+
+## Разработка
+
+```bash
+git clone https://github.com/your-org/zapret2-mcp.git
+cd zapret2-mcp
+npm install
+npm run build      # TypeScript → build/
+npm run dev        # MCP Inspector
+npm test           # Unit-тесты (vitest)
+npm run test:integration  # Интеграционные тесты (требуется Docker)
+```
+
+### Docker-окружение для разработки
+
+```bash
+cd docker
+docker compose build && docker compose up -d
+```
+
+Контейнер `zapret2-openwrt`: OpenWrt SNAPSHOT, `privileged: true`, `network_mode: host`.
+
+## Лицензия
+
+MIT

package/build/executor/docker.d.ts

@@ -0,0 +1,7 @@
+import type { CommandExecutor, ExecResult } from "./types.js";
+export declare class DockerExecutor implements CommandExecutor {
+    readonly label: string;
+    private containerName;
+    constructor(containerName?: string);
+    exec(command: string, timeoutMs?: number): Promise<ExecResult>;
+}

package/build/executor/docker.js

@@ -0,0 +1,22 @@
+import { execFile } from "child_process";
+export class DockerExecutor {
+    label;
+    containerName;
+    constructor(containerName = "zapret2-openwrt") {
+        this.containerName = containerName;
+        this.label = `docker:${containerName}`;
+    }
+    exec(command, timeoutMs = 30000) {
+        return new Promise((resolve, reject) => {
+            execFile("docker", ["exec", this.containerName, "bash", "-c", command], { timeout: timeoutMs, maxBuffer: 10 * 1024 * 1024 }, (error, stdout, stderr) => {
+                if (error) {
+                    reject({ error, stdout, stderr });
+                }
+                else {
+                    resolve({ stdout, stderr });
+                }
+            });
+        });
+    }
+}
+//# sourceMappingURL=docker.js.map

package/build/executor/docker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"docker.js","sourceRoot":"","sources":["../../src/executor/docker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAGzC,MAAM,OAAO,cAAc;IAChB,KAAK,CAAS;IACf,aAAa,CAAS;IAE9B,YAAY,aAAa,GAAG,iBAAiB;QAC3C,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,UAAU,aAAa,EAAE,CAAC;IACzC,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,SAAS,GAAG,KAAK;QACrC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,QAAQ,CACN,QAAQ,EACR,CAAC,MAAM,EAAE,IAAI,CAAC,aAAa,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,EACnD,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,EACnD,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;gBACxB,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;gBACpC,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}

package/build/executor/factory.d.ts

@@ -0,0 +1,2 @@
+import type { CommandExecutor } from "./types.js";
+export declare function createExecutor(): CommandExecutor;

package/build/executor/factory.js

@@ -0,0 +1,27 @@
+import { LocalExecutor } from "./local.js";
+import { DockerExecutor } from "./docker.js";
+import { SshExecutor } from "./ssh.js";
+export function createExecutor() {
+    const mode = (process.env.ZAPRET2_MODE || "docker").toLowerCase();
+    switch (mode) {
+        case "local":
+            return new LocalExecutor();
+        case "docker":
+            return new DockerExecutor(process.env.ZAPRET2_CONTAINER_NAME || "zapret2-openwrt");
+        case "ssh": {
+            const host = process.env.ZAPRET2_SSH_HOST;
+            if (!host) {
+                throw new Error("ZAPRET2_SSH_HOST is required when ZAPRET2_MODE=ssh");
+            }
+            return new SshExecutor({
+                host,
+                user: process.env.ZAPRET2_SSH_USER || "root",
+                port: process.env.ZAPRET2_SSH_PORT ? Number(process.env.ZAPRET2_SSH_PORT) : 22,
+                keyPath: process.env.ZAPRET2_SSH_KEY || undefined,
+            });
+        }
+        default:
+            throw new Error(`Unknown ZAPRET2_MODE: ${mode}. Must be local, docker, or ssh`);
+    }
+}
+//# sourceMappingURL=factory.js.map

package/build/executor/factory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"factory.js","sourceRoot":"","sources":["../../src/executor/factory.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAEvC,MAAM,UAAU,cAAc;IAC5B,MAAM,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IAElE,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,OAAO;YACV,OAAO,IAAI,aAAa,EAAE,CAAC;QAE7B,KAAK,QAAQ;YACX,OAAO,IAAI,cAAc,CACvB,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,iBAAiB,CACxD,CAAC;QAEJ,KAAK,KAAK,CAAC,CAAC,CAAC;YACX,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;YAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;YACxE,CAAC;YACD,OAAO,IAAI,WAAW,CAAC;gBACrB,IAAI;gBACJ,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,MAAM;gBAC5C,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAE;gBAC9E,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,SAAS;aAClD,CAAC,CAAC;QACL,CAAC;QAED;YACE,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,iCAAiC,CAAC,CAAC;IACpF,CAAC;AACH,CAAC"}

package/build/executor/index.d.ts

@@ -0,0 +1,6 @@
+export type { CommandExecutor, ExecResult } from "./types.js";
+export { LocalExecutor } from "./local.js";
+export { DockerExecutor } from "./docker.js";
+export { SshExecutor } from "./ssh.js";
+export type { SshOptions } from "./ssh.js";
+export { createExecutor } from "./factory.js";

package/build/executor/index.js

@@ -0,0 +1,5 @@
+export { LocalExecutor } from "./local.js";
+export { DockerExecutor } from "./docker.js";
+export { SshExecutor } from "./ssh.js";
+export { createExecutor } from "./factory.js";
+//# sourceMappingURL=index.js.map

package/build/executor/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/executor/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAEvC,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC"}

package/build/executor/local.d.ts

@@ -0,0 +1,5 @@
+import type { CommandExecutor, ExecResult } from "./types.js";
+export declare class LocalExecutor implements CommandExecutor {
+    readonly label = "local";
+    exec(command: string, timeoutMs?: number): Promise<ExecResult>;
+}

package/build/executor/local.js

@@ -0,0 +1,17 @@
+import { execFile } from "child_process";
+export class LocalExecutor {
+    label = "local";
+    exec(command, timeoutMs = 30000) {
+        return new Promise((resolve, reject) => {
+            execFile("bash", ["-c", command], { timeout: timeoutMs, maxBuffer: 10 * 1024 * 1024 }, (error, stdout, stderr) => {
+                if (error) {
+                    reject({ error, stdout, stderr });
+                }
+                else {
+                    resolve({ stdout, stderr });
+                }
+            });
+        });
+    }
+}
+//# sourceMappingURL=local.js.map

package/build/executor/local.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"local.js","sourceRoot":"","sources":["../../src/executor/local.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAGzC,MAAM,OAAO,aAAa;IACf,KAAK,GAAG,OAAO,CAAC;IAEzB,IAAI,CAAC,OAAe,EAAE,SAAS,GAAG,KAAK;QACrC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,QAAQ,CACN,MAAM,EACN,CAAC,IAAI,EAAE,OAAO,CAAC,EACf,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,EACnD,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;gBACxB,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;gBACpC,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}

package/build/executor/ssh.d.ts

@@ -0,0 +1,13 @@
+import type { CommandExecutor, ExecResult } from "./types.js";
+export interface SshOptions {
+    host: string;
+    user?: string;
+    port?: number;
+    keyPath?: string;
+}
+export declare class SshExecutor implements CommandExecutor {
+    readonly label: string;
+    private sshArgs;
+    constructor(options: SshOptions);
+    exec(command: string, timeoutMs?: number): Promise<ExecResult>;
+}

package/build/executor/ssh.js

@@ -0,0 +1,33 @@
+import { execFile } from "child_process";
+export class SshExecutor {
+    label;
+    sshArgs;
+    constructor(options) {
+        const user = options.user || "root";
+        const port = options.port || 22;
+        this.label = `ssh:${user}@${options.host}:${port}`;
+        this.sshArgs = [
+            "-o", "BatchMode=yes",
+            "-o", "StrictHostKeyChecking=accept-new",
+            "-o", "ConnectTimeout=10",
+            "-p", String(port),
+        ];
+        if (options.keyPath) {
+            this.sshArgs.push("-i", options.keyPath);
+        }
+        this.sshArgs.push(`${user}@${options.host}`);
+    }
+    exec(command, timeoutMs = 30000) {
+        return new Promise((resolve, reject) => {
+            execFile("ssh", [...this.sshArgs, command], { timeout: timeoutMs, maxBuffer: 10 * 1024 * 1024 }, (error, stdout, stderr) => {
+                if (error) {
+                    reject({ error, stdout, stderr });
+                }
+                else {
+                    resolve({ stdout, stderr });
+                }
+            });
+        });
+    }
+}
+//# sourceMappingURL=ssh.js.map

package/build/executor/ssh.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssh.js","sourceRoot":"","sources":["../../src/executor/ssh.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAUzC,MAAM,OAAO,WAAW;IACb,KAAK,CAAS;IACf,OAAO,CAAW;IAE1B,YAAY,OAAmB;QAC7B,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,MAAM,CAAC;QACpC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC;QAChC,IAAI,CAAC,KAAK,GAAG,OAAO,IAAI,IAAI,OAAO,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;QAEnD,IAAI,CAAC,OAAO,GAAG;YACb,IAAI,EAAE,eAAe;YACrB,IAAI,EAAE,kCAAkC;YACxC,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC;SACnB,CAAC;QAEF,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,SAAS,GAAG,KAAK;QACrC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,QAAQ,CACN,KAAK,EACL,CAAC,GAAG,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,EAC1B,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,EACnD,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;gBACxB,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;gBACpC,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}

package/build/executor/types.d.ts

@@ -0,0 +1,8 @@
+export interface ExecResult {
+    stdout: string;
+    stderr: string;
+}
+export interface CommandExecutor {
+    exec(command: string, timeoutMs?: number): Promise<ExecResult>;
+    readonly label: string;
+}

package/build/executor/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/build/executor/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/executor/types.ts"],"names":[],"mappings":""}

package/build/executorInstance.d.ts

@@ -0,0 +1,3 @@
+import type { CommandExecutor } from "./executor/types.js";
+export declare function initExecutor(executor: CommandExecutor): void;
+export declare function getExecutor(): CommandExecutor;

package/build/executorInstance.js

@@ -0,0 +1,11 @@
+let instance = null;
+export function initExecutor(executor) {
+    instance = executor;
+}
+export function getExecutor() {
+    if (!instance) {
+        throw new Error("CommandExecutor not initialized. Call initExecutor() first.");
+    }
+    return instance;
+}
+//# sourceMappingURL=executorInstance.js.map

package/build/executorInstance.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"executorInstance.js","sourceRoot":"","sources":["../src/executorInstance.ts"],"names":[],"mappings":"AAEA,IAAI,QAAQ,GAA2B,IAAI,CAAC;AAE5C,MAAM,UAAU,YAAY,CAAC,QAAyB;IACpD,QAAQ,GAAG,QAAQ,CAAC;AACtB,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;IACjF,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/build/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/build/index.js

@@ -0,0 +1,75 @@
+#!/usr/bin/env node
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { createExecutor } from "./executor/index.js";
+import { initExecutor } from "./executorInstance.js";
+import { getStatusTool } from "./tools/getStatus.js";
+import { startServiceTool } from "./tools/startService.js";
+import { stopServiceTool } from "./tools/stopService.js";
+import { restartServiceTool } from "./tools/restartService.js";
+import { getConfigTool } from "./tools/getConfig.js";
+import { updateConfigTool } from "./tools/updateConfig.js";
+import { runBlockcheckTool } from "./tools/runBlockcheck.js";
+import { checkPrerequisitesTool } from "./tools/checkPrerequisites.js";
+import { installZapretTool } from "./tools/installZapret.js";
+import { verifyBypassTool } from "./tools/verifyBypass.js";
+import { detectSystemTool } from "./tools/detectSystem.js";
+import { configureDnsTool } from "./tools/configureDns.js";
+import { createSystemdServiceTool } from "./tools/createSystemdService.js";
+import { registerResources } from "./resources.js";
+import { registerPrompts } from "./prompts.js";
+import { setOnLogSaved } from "./logStore.js";
+const executor = createExecutor();
+initExecutor(executor);
+const server = new McpServer({
+    name: "zapret2-mcp",
+    version: "0.2.0",
+}, {
+    instructions: `zapret2-mcp provides tools to install, configure, and diagnose zapret2 — a network packet processing tool for OpenWrt routers and Linux desktops.
+
+Key workflows:
+1. Fresh install (router): checkPrerequisites → installZapret → updateConfig(NFQWS2_ENABLE=1) → startService → verifyBypass
+2. Fresh install (desktop): detectSystem → checkPrerequisites → installZapret → configureDns → createSystemdService → updateConfig(NFQWS2_ENABLE=1) → startService → verifyBypass
+3. Find bypass strategy: stopService → runBlockcheck(domain) → read log resource → updateConfig(NFQWS2_OPT=...) → restartService → verifyBypass(domain)
+4. Troubleshoot: detectSystem → getStatus → getConfig → checkPrerequisites → verifyBypass(domain) → analyze
+
+Always start with detectSystem to determine the target environment (OS, init system, WAN interface).
+Use configureDns to set up a reliable DNS resolver.
+Use createSystemdService on systemd-based Linux desktops for service autostart.
+
+Service management (start/stop/restart) saves logs to resources. updateConfig saves a config snapshot before changes.
+runBlockcheck is a heavy operation (~5 min) that saves full output to resources for later analysis.
+Use listResources to browse historical logs at zapret2://logs/{type}/{timestamp}.
+Use getPrompt for step-by-step guidance: setup-zapret, setup-desktop, find-bypass-strategy, troubleshoot, overview.`,
+});
+const tools = [
+    getStatusTool,
+    startServiceTool,
+    stopServiceTool,
+    restartServiceTool,
+    getConfigTool,
+    updateConfigTool,
+    runBlockcheckTool,
+    checkPrerequisitesTool,
+    installZapretTool,
+    verifyBypassTool,
+    detectSystemTool,
+    configureDnsTool,
+    createSystemdServiceTool,
+];
+for (const tool of tools) {
+    server.tool(tool.name, tool.description, tool.schema.shape, tool.handler);
+}
+registerResources(server);
+registerPrompts(server);
+setOnLogSaved(() => server.sendResourceListChanged());
+async function main() {
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    console.error(`zapret2-mcp server started (executor: ${executor.label})`);
+}
+main().catch((error) => {
+    console.error("Fatal error:", error);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/build/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAEjF,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAC3E,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAE9C,MAAM,QAAQ,GAAG,cAAc,EAAE,CAAC;AAClC,YAAY,CAAC,QAAQ,CAAC,CAAC;AAEvB,MAAM,MAAM,GAAG,IAAI,SAAS,CAC1B;IACE,IAAI,EAAE,aAAa;IACnB,OAAO,EAAE,OAAO;CACjB,EACD;IACE,YAAY,EAAE;;;;;;;;;;;;;;;oHAekG;CACjH,CACF,CAAC;AAEF,MAAM,KAAK,GAAG;IACZ,aAAa;IACb,gBAAgB;IAChB,eAAe;IACf,kBAAkB;IAClB,aAAa;IACb,gBAAgB;IAChB,iBAAiB;IACjB,sBAAsB;IACtB,iBAAiB;IACjB,gBAAgB;IAChB,gBAAgB;IAChB,gBAAgB;IAChB,wBAAwB;CACzB,CAAC;AAEF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;IACzB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;AAC5E,CAAC;AAED,iBAAiB,CAAC,MAAM,CAAC,CAAC;AAC1B,eAAe,CAAC,MAAM,CAAC,CAAC;AACxB,aAAa,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,uBAAuB,EAAE,CAAC,CAAC;AAEtD,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,yCAAyC,QAAQ,CAAC,KAAK,GAAG,CAAC,CAAC;AAC5E,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/build/logStore.d.ts

@@ -0,0 +1,12 @@
+export type LogType = "blockcheck" | "service" | "config";
+export interface LogEntry {
+    type: LogType;
+    timestamp: string;
+    uri: string;
+    size: number;
+    meta: Record<string, string>;
+}
+export declare function setOnLogSaved(callback: () => void): void;
+export declare function saveLog(type: LogType, content: string, meta?: Record<string, string>): string;
+export declare function listLogs(type?: LogType): LogEntry[];
+export declare function readLog(type: LogType, timestamp: string): string | null;