cli-mcp-server 0.2.1__py3-none-any.whl → 0.2.3__py3-none-any.whl

cli_mcp_server/server.py

@@ -68,10 +68,14 @@ class CommandExecutor:
                 real_path = os.path.abspath(os.path.realpath(path))
             else:
                 # If relative path, combine with allowed_dir first
-                real_path = os.path.abspath(os.path.realpath(os.path.join(self.allowed_dir, path)))
+                real_path = os.path.abspath(
+                    os.path.realpath(os.path.join(self.allowed_dir, path))
+                )
 
             if not self._is_path_safe(real_path):
-                raise CommandSecurityError(f"Path '{path}' is outside of allowed directory: {self.allowed_dir}")
+                raise CommandSecurityError(
+                    f"Path '{path}' is outside of allowed directory: {self.allowed_dir}"
+                )
 
             return real_path
         except CommandSecurityError:
@@ -102,7 +106,9 @@ class CommandExecutor:
         shell_operators = ["&&", "||", "|", ">", ">>", "<", "<<", ";"]
         for operator in shell_operators:
             if operator in command_string:
-                raise CommandSecurityError(f"Shell operator '{operator}' is not supported")
+                raise CommandSecurityError(
+                    f"Shell operator '{operator}' is not supported"
+                )
 
         try:
             parts = shlex.split(command_string)
@@ -112,20 +118,31 @@ class CommandExecutor:
             command, args = parts[0], parts[1:]
 
             # Validate command if not in allow-all mode
-            if not self.security_config.allow_all_commands and command not in self.security_config.allowed_commands:
+            if (
+                not self.security_config.allow_all_commands
+                and command not in self.security_config.allowed_commands
+            ):
                 raise CommandSecurityError(f"Command '{command}' is not allowed")
 
             # Process and validate arguments
             validated_args = []
             for arg in args:
                 if arg.startswith("-"):
-                    if not self.security_config.allow_all_flags and arg not in self.security_config.allowed_flags:
+                    if (
+                        not self.security_config.allow_all_flags
+                        and arg not in self.security_config.allowed_flags
+                    ):
                         raise CommandSecurityError(f"Flag '{arg}' is not allowed")
                     validated_args.append(arg)
                     continue
 
                 # For any path-like argument, validate it
                 if "/" in arg or "\\" in arg or os.path.isabs(arg) or arg == ".":
+                    if self._is_url_path(arg):
+                        # If it's a URL, we don't need to normalize it
+                        validated_args.append(arg)
+                        continue
+
                     normalized_path = self._normalize_path(arg)
                     validated_args.append(normalized_path)
                 else:
@@ -137,6 +154,19 @@ class CommandExecutor:
         except ValueError as e:
             raise CommandSecurityError(f"Invalid command format: {str(e)}")
 
+    def _is_url_path(self, path: str) -> bool:
+        """
+        Checks if a given path is a URL of type http or https.
+
+        Args:
+            path (str): The path to check.
+
+        Returns:
+            bool: True if the path is a URL, False otherwise.
+        """
+        url_pattern = re.compile(r"^https?://")
+        return bool(url_pattern.match(path))
+
     def _is_path_safe(self, path: str) -> bool:
         """
         Checks if a given path is safe to access within allowed directory boundaries.
@@ -190,7 +220,9 @@ class CommandExecutor:
             - Captures both stdout and stderr
         """
         if len(command_string) > self.security_config.max_command_length:
-            raise CommandSecurityError(f"Command exceeds maximum length of {self.security_config.max_command_length}")
+            raise CommandSecurityError(
+                f"Command exceeds maximum length of {self.security_config.max_command_length}"
+            )
 
         try:
             command, args = self.validate_command(command_string)
@@ -204,7 +236,9 @@ class CommandExecutor:
                 cwd=self.allowed_dir,
             )
         except subprocess.TimeoutExpired:
-            raise CommandTimeoutError(f"Command timed out after {self.security_config.command_timeout} seconds")
+            raise CommandTimeoutError(
+                f"Command timed out after {self.security_config.command_timeout} seconds"
+            )
         except CommandError:
             raise
         except Exception as e:
@@ -237,12 +271,14 @@ def load_security_config() -> SecurityConfig:
     """
     allowed_commands = os.getenv("ALLOWED_COMMANDS", "ls,cat,pwd")
     allowed_flags = os.getenv("ALLOWED_FLAGS", "-l,-a,--help")
-    
-    allow_all_commands = allowed_commands.lower() == 'all'
-    allow_all_flags = allowed_flags.lower() == 'all'
-    
+
+    allow_all_commands = allowed_commands.lower() == "all"
+    allow_all_flags = allowed_flags.lower() == "all"
+
     return SecurityConfig(
-        allowed_commands=set() if allow_all_commands else set(allowed_commands.split(",")),
+        allowed_commands=(
+            set() if allow_all_commands else set(allowed_commands.split(","))
+        ),
         allowed_flags=set() if allow_all_flags else set(allowed_flags.split(",")),
         max_command_length=int(os.getenv("MAX_COMMAND_LENGTH", "1024")),
         command_timeout=int(os.getenv("COMMAND_TIMEOUT", "30")),
@@ -251,14 +287,24 @@ def load_security_config() -> SecurityConfig:
     )
 
 
-executor = CommandExecutor(allowed_dir=os.getenv("ALLOWED_DIR", ""), security_config=load_security_config())
+executor = CommandExecutor(
+    allowed_dir=os.getenv("ALLOWED_DIR", ""), security_config=load_security_config()
+)
 
 
 @server.list_tools()
 async def handle_list_tools() -> list[types.Tool]:
-    commands_desc = "all commands" if executor.security_config.allow_all_commands else ", ".join(executor.security_config.allowed_commands)
-    flags_desc = "all flags" if executor.security_config.allow_all_flags else ", ".join(executor.security_config.allowed_flags)
-    
+    commands_desc = (
+        "all commands"
+        if executor.security_config.allow_all_commands
+        else ", ".join(executor.security_config.allowed_commands)
+    )
+    flags_desc = (
+        "all flags"
+        if executor.security_config.allow_all_flags
+        else ", ".join(executor.security_config.allowed_flags)
+    )
+
     return [
         types.Tool(
             name="run_command",
@@ -281,7 +327,9 @@ async def handle_list_tools() -> list[types.Tool]:
         ),
         types.Tool(
             name="show_security_rules",
-            description=("Show what commands and operations are allowed in this environment.\n"),
+            description=(
+                "Show what commands and operations are allowed in this environment.\n"
+            ),
             inputSchema={
                 "type": "object",
                 "properties": {},
@@ -291,10 +339,14 @@ async def handle_list_tools() -> list[types.Tool]:
 
 
 @server.call_tool()
-async def handle_call_tool(name: str, arguments: Optional[Dict[str, Any]]) -> List[types.TextContent]:
+async def handle_call_tool(
+    name: str, arguments: Optional[Dict[str, Any]]
+) -> List[types.TextContent]:
     if name == "run_command":
         if not arguments or "command" not in arguments:
-            return [types.TextContent(type="text", text="No command provided", error=True)]
+            return [
+                types.TextContent(type="text", text="No command provided", error=True)
+            ]
 
         try:
             result = executor.execute(arguments["command"])
@@ -303,7 +355,9 @@ async def handle_call_tool(name: str, arguments: Optional[Dict[str, Any]]) -> Li
             if result.stdout:
                 response.append(types.TextContent(type="text", text=result.stdout))
             if result.stderr:
-                response.append(types.TextContent(type="text", text=result.stderr, error=True))
+                response.append(
+                    types.TextContent(type="text", text=result.stderr, error=True)
+                )
 
             response.append(
                 types.TextContent(
@@ -315,7 +369,11 @@ async def handle_call_tool(name: str, arguments: Optional[Dict[str, Any]]) -> Li
             return response
 
         except CommandSecurityError as e:
-            return [types.TextContent(type="text", text=f"Security violation: {str(e)}", error=True)]
+            return [
+                types.TextContent(
+                    type="text", text=f"Security violation: {str(e)}", error=True
+                )
+            ]
         except subprocess.TimeoutExpired:
             return [
                 types.TextContent(
@@ -328,9 +386,17 @@ async def handle_call_tool(name: str, arguments: Optional[Dict[str, Any]]) -> Li
             return [types.TextContent(type="text", text=f"Error: {str(e)}", error=True)]
 
     elif name == "show_security_rules":
-        commands_desc = "All commands allowed" if executor.security_config.allow_all_commands else ", ".join(sorted(executor.security_config.allowed_commands))
-        flags_desc = "All flags allowed" if executor.security_config.allow_all_flags else ", ".join(sorted(executor.security_config.allowed_flags))
-        
+        commands_desc = (
+            "All commands allowed"
+            if executor.security_config.allow_all_commands
+            else ", ".join(sorted(executor.security_config.allowed_commands))
+        )
+        flags_desc = (
+            "All flags allowed"
+            if executor.security_config.allow_all_flags
+            else ", ".join(sorted(executor.security_config.allowed_flags))
+        )
+
         security_info = (
             "Security Configuration:\n"
             f"==================\n"
@@ -364,4 +430,4 @@ async def main():
                     experimental_capabilities={},
                 ),
             ),
-        )
+        )

{cli_mcp_server-0.2.1.dist-info → cli_mcp_server-0.2.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cli-mcp-server
-Version: 0.2.1
+Version: 0.2.3
 Summary: Command line interface for MCP clients with secure execution and customizable security policies
 Project-URL: Homepage, https://github.com/MladenSU/cli-mcp-server
 Project-URL: Documentation, https://github.com/MladenSU/cli-mcp-server#readme
@@ -9,7 +9,7 @@ Project-URL: Bug Tracker, https://github.com/MladenSU/cli-mcp-server/issues
 Author-email: Mladen <fangs-lever6n@icloud.com>
 License-File: LICENSE
 Requires-Python: >=3.10
-Requires-Dist: mcp>=1.1.0
+Requires-Dist: mcp>=1.6.0
 Description-Content-Type: text/markdown
 
 # CLI MCP Server
@@ -17,8 +17,7 @@ Description-Content-Type: text/markdown
 ---
 
 A secure Model Context Protocol (MCP) server implementation for executing controlled command-line operations with
-comprehensive security
-features.
+comprehensive security features.
 
 ![License](https://img.shields.io/badge/license-MIT-blue.svg)
 ![Python Version](https://img.shields.io/badge/python-3.10%2B-blue)
@@ -53,30 +52,32 @@ features.
 ## Overview
 
 This MCP server enables secure command-line execution with robust security measures including command whitelisting, path
-validation, and
-execution controls. Perfect for providing controlled CLI access to LLM applications while maintaining security.
+validation, and execution controls. Perfect for providing controlled CLI access to LLM applications while maintaining security.
 
 ## Features
 
 - 🔒 Secure command execution with strict validation
-- ⚙️ Configurable command and flag whitelisting
-- 🛡️ Path traversal prevention
+- ⚙️ Configurable command and flag whitelisting with 'all' option
+- 🛡️ Path traversal prevention and validation
 - 🚫 Shell operator injection protection
 - ⏱️ Execution timeouts and length limits
 - 📝 Detailed error reporting
 - 🔄 Async operation support
+- 🎯 Working directory restriction and validation
 
 ## Configuration
 
 Configure the server using environment variables:
 
-| Variable             | Description                              | Default            |
- |----------------------|------------------------------------------|--------------------|
-| `ALLOWED_DIR`        | Base directory for command execution     | Required           |
-| `ALLOWED_COMMANDS`   | Comma-separated list of allowed commands | `ls,cat,pwd`       |
-| `ALLOWED_FLAGS`      | Comma-separated list of allowed flags    | `-l,-a,--help`     |
-| `MAX_COMMAND_LENGTH` | Maximum command string length            | `1024`             |
-| `COMMAND_TIMEOUT`    | Command execution timeout (seconds)      | `30`               |
+| Variable             | Description                                          | Default            |
+|---------------------|------------------------------------------------------|-------------------|
+| `ALLOWED_DIR`       | Base directory for command execution (Required)      | None (Required)   |
+| `ALLOWED_COMMANDS`  | Comma-separated list of allowed commands or 'all'    | `ls,cat,pwd`      |
+| `ALLOWED_FLAGS`     | Comma-separated list of allowed flags or 'all'       | `-l,-a,--help`    |
+| `MAX_COMMAND_LENGTH`| Maximum command string length                        | `1024`            |
+| `COMMAND_TIMEOUT`   | Command execution timeout (seconds)                  | `30`              |
+
+Note: Setting `ALLOWED_COMMANDS` or `ALLOWED_FLAGS` to 'all' will allow any command or flag respectively.
 
 ## Installation
 
@@ -93,19 +94,28 @@ npx @smithery/cli install cli-mcp-server --client claude
 Executes whitelisted CLI commands within allowed directories.
 
 **Input Schema:**
-
- ```json
- {
+```json
+{
   "command": {
     "type": "string",
-    "description": "Command to execute (e.g., 'ls -l' or 'cat file.txt')"
+    "description": "Single command to execute (e.g., 'ls -l' or 'cat file.txt')"
   }
 }
- ```
+```
+
+**Security Notes:**
+- Shell operators (&&, |, >, >>) are not supported
+- Commands must be whitelisted unless ALLOWED_COMMANDS='all'
+- Flags must be whitelisted unless ALLOWED_FLAGS='all'
+- All paths are validated to be within ALLOWED_DIR
 
 ### show_security_rules
 
-Displays current security configuration and restrictions.
+Displays current security configuration and restrictions, including:
+- Working directory
+- Allowed commands
+- Allowed flags
+- Security limits (max command length and timeout)
 
 ## Usage with Claude Desktop
 
@@ -113,7 +123,7 @@ Add to your `~/Library/Application\ Support/Claude/claude_desktop_config.json`:
 
 > Development/Unpublished Servers Configuration
 
- ```json
+```json
 {
   "mcpServers": {
     "cli-mcp-server": {
@@ -134,7 +144,7 @@ Add to your `~/Library/Application\ Support/Claude/claude_desktop_config.json`:
     }
   }
 }
- ```
+```
 
 > Published Servers Configuration
 
@@ -161,23 +171,25 @@ Add to your `~/Library/Application\ Support/Claude/claude_desktop_config.json`:
 
 ## Security Features
 
-- ✅ Command whitelist enforcement
-- ✅ Flag validation
-- ✅ Path traversal prevention
+- ✅ Command whitelist enforcement with 'all' option
+- ✅ Flag validation with 'all' option
+- ✅ Path traversal prevention and normalization
 - ✅ Shell operator blocking
 - ✅ Command length limits
 - ✅ Execution timeouts
 - ✅ Working directory restrictions
+- ✅ Symlink resolution and validation
 
 ## Error Handling
 
 The server provides detailed error messages for:
 
-- Security violations
-- Command timeouts
+- Security violations (CommandSecurityError)
+- Command timeouts (CommandTimeoutError)
 - Invalid command formats
 - Path security violations
-- Execution failures
+- Execution failures (CommandExecutionError)
+- General command errors (CommandError)
 
 ## Development
 
@@ -186,8 +198,6 @@ The server provides detailed error messages for:
 - Python 3.10+
 - MCP protocol library
 
-## Development
-
 ### Building and Publishing
 
 To prepare the package for distribution:
@@ -227,6 +237,6 @@ Upon launching, the Inspector will display a URL that you can access in your bro
 
 This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
 
- ---
+---
 
-For more information or support, please open an issue on the project repository.
+For more information or support, please open an issue on the project repository.

cli_mcp_server-0.2.3.dist-info/RECORD

@@ -0,0 +1,7 @@
+cli_mcp_server/__init__.py,sha256=bGLiX7XuhVsS-PJdoRIWXiilZ3NTAQ7fb9_8kkNzLlM,216
+cli_mcp_server/server.py,sha256=CHP2x_FDx1Rz79ZnmznE6J7-9EHdafK-UibrVTvQx7k,15124
+cli_mcp_server-0.2.3.dist-info/METADATA,sha256=EiU10rdnN39XiTq2m0UjTrZDR0-1AEei9NFNf-6NBfk,7371
+cli_mcp_server-0.2.3.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+cli_mcp_server-0.2.3.dist-info/entry_points.txt,sha256=07bDmJJSXg-6VCFEFTOlsGoxI-0faJafT1yEEjUdN-U,55
+cli_mcp_server-0.2.3.dist-info/licenses/LICENSE,sha256=85rOR_IMpb2VzXBA4VCRZh_KWlaO1Rly8HDYDwGgMWk,1062
+cli_mcp_server-0.2.3.dist-info/RECORD,,

cli_mcp_server-0.2.1.dist-info/RECORD

@@ -1,7 +0,0 @@
-cli_mcp_server/__init__.py,sha256=bGLiX7XuhVsS-PJdoRIWXiilZ3NTAQ7fb9_8kkNzLlM,216
-cli_mcp_server/server.py,sha256=N2BtE8YLf8P643GPwawnnmf1kg7blY6Z0x2KP9zYhS8,13918
-cli_mcp_server-0.2.1.dist-info/METADATA,sha256=rWoOhhU4jK0Yt8BAguG1_k9v3y5q9SiJbw6PWfKl75M,6566
-cli_mcp_server-0.2.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-cli_mcp_server-0.2.1.dist-info/entry_points.txt,sha256=07bDmJJSXg-6VCFEFTOlsGoxI-0faJafT1yEEjUdN-U,55
-cli_mcp_server-0.2.1.dist-info/licenses/LICENSE,sha256=85rOR_IMpb2VzXBA4VCRZh_KWlaO1Rly8HDYDwGgMWk,1062
-cli_mcp_server-0.2.1.dist-info/RECORD,,