crowdsec-local-mcp 0.0.2__tar.gz

crowdsec_local_mcp-0.0.2/.github/workflows/build.yml

@@ -0,0 +1,21 @@
+name: "Build"
+
+on:
+  push:
+    branches:
+      - main
+      - master
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+      - name: Install Python 3.13
+        run: uv python install 3.13
+      - name: Build package
+        run: uv build

crowdsec_local_mcp-0.0.2/.github/workflows/publish.yml

@@ -0,0 +1,26 @@
+name: "Publish"
+
+on:
+  release:
+    types:
+      - released
+
+jobs:
+  run:
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+      - name: Install uv
+        uses: astral-sh/setup-uv@v6
+      - name: Install Python 3.13
+        run: uv python install 3.13
+      - name: Build
+        run: uv build
+      - name: Publish
+        run: uv publish

crowdsec_local_mcp-0.0.2/.gitignore

@@ -0,0 +1,207 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[codz]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py.cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# UV
+#   Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#uv.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+#poetry.toml
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
+#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
+#pdm.lock
+#pdm.toml
+.pdm-python
+.pdm-build/
+
+# pixi
+#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
+#pixi.lock
+#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
+#   in the .venv directory. It is recommended not to include this directory in version control.
+.pixi
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.envrc
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+# Abstra
+# Abstra is an AI-powered process automation framework.
+# Ignore directories containing user credentials, local state, and settings.
+# Learn more at https://abstra.io/docs
+.abstra/
+
+# Visual Studio Code
+#  Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore 
+#  that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
+#  and can be added to the global gitignore or merged into this file. However, if you prefer, 
+#  you could uncomment the following to ignore the entire vscode folder
+# .vscode/
+
+# Ruff stuff:
+.ruff_cache/
+
+# PyPI configuration file
+.pypirc
+
+# Cursor
+#  Cursor is an AI-powered code editor. `.cursorignore` specifies files/directories to
+#  exclude from AI features like autocomplete and code analysis. Recommended for sensitive data
+#  refer to https://docs.cursor.com/context/ignore-files
+.cursorignore
+.cursorindexingignore
+
+# Marimo
+marimo/_static/
+marimo/_lsp/
+__marimo__/

crowdsec_local_mcp-0.0.2/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 crowdsec
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

crowdsec_local_mcp-0.0.2/MANIFEST.in

@@ -0,0 +1,3 @@
+recursive-include src/crowdsec_local_mcp/prompts *.txt
+recursive-include src/crowdsec_local_mcp/compose *
+recursive-include src/crowdsec_local_mcp/yaml-schemas *.yaml

crowdsec_local_mcp-0.0.2/PKG-INFO

@@ -0,0 +1,74 @@
+Metadata-Version: 2.4
+Name: crowdsec-local-mcp
+Version: 0.0.2
+Summary: An MCP exposing prompts and tools to help users write WAF rules, scenarios etc.
+Requires-Python: >=3.12
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: jsonschema>=4.25.1
+Requires-Dist: mcp>=1.15.0
+Requires-Dist: pyyaml>=6.0.3
+Requires-Dist: requests>=2.32.5
+Dynamic: license-file
+
+<p align="center">
+<img src="https://github.com/crowdsecurity/crowdsec-docs/blob/main/crowdsec-docs/static/img/crowdsec_logo.png" alt="CrowdSec" title="CrowdSec" width="400" height="260"/>
+</p>
+
+
+**Life is too short to write YAML, just ask nicely!**
+
+> A Model Context Protocol (MCP) server to generate, validate, and deploy CrowdSec WAF rules & Scenarios.
+
+
+## Features
+
+### WAF Rules Features
+
+- **WAF Rule Generation**: Generate CrowdSec WAF rules from user input or a CVE reference
+- **Validation**: Validate syntaxical correctness of WAF rules
+- **Linting**: Get warnings and hints to improve your WAF rules
+- **Deployment Guide**: Step-by-step deployment instructions
+- **Docker Test Harness**: Spin up CrowdSec + nginx + bouncer to exercise rules for false positives/negatives
+- **Nuclei Lookup**: Quickly jump to existing templates in the official `projectdiscovery/nuclei-templates` repository for a given CVE
+
+### Scenarios Features
+
+- **CrowdSec Scenarios Generation**: Generate CrowdSec scenarios
+- **Validation**: Validate syntaxical correctness of scenarios
+- **Linting**: Get warnings and hints to improve your scenarios
+- **Deployment Guide**: Step-by-step deployment instructions
+- **Docker Test Harness**: Spin up CrowdSec to test scenario behavior
+
+## Demo
+
+### WAF Rules Creation and testing
+
+ - [Rule creation from natural language with Claude Desktop](https://claude.ai/share/f0f246b2-6b20-4d70-a16c-c6b627ab2d80)
+ - [Rule creation from CVE reference](https://claude.ai/share/b6599407-82dd-443c-a12d-9a9825ed99df)
+
+### Scenario Creation and testing
+
+ - XX
+ - XX
+
+## Installation
+
+### Quick MCP client setup
+
+- Configure supported clients automatically with `uvx run --from crowdsec-local-mcp init <client>`, where `<client>` is one of `claude-desktop`, `chatgpt`, `vscode`, or `stdio`:
+
+```bash
+uvx --from crowdsec-local-mcp init
+```
+
+## Logging
+
+- The MCP server writes its log file to your operating system's temporary directory. On Linux/macOS this is typically `/tmp/crowdsec-mcp.log`; on Windows it resolves via `%TEMP%\crowdsec-mcp.log`.
+
+## Pre Requisites
+
+ - Docker + Docker Compose
+
+ - Python >= 3.12
+

crowdsec_local_mcp-0.0.2/README.md

@@ -0,0 +1,61 @@
+<p align="center">
+<img src="https://github.com/crowdsecurity/crowdsec-docs/blob/main/crowdsec-docs/static/img/crowdsec_logo.png" alt="CrowdSec" title="CrowdSec" width="400" height="260"/>
+</p>
+
+
+**Life is too short to write YAML, just ask nicely!**
+
+> A Model Context Protocol (MCP) server to generate, validate, and deploy CrowdSec WAF rules & Scenarios.
+
+
+## Features
+
+### WAF Rules Features
+
+- **WAF Rule Generation**: Generate CrowdSec WAF rules from user input or a CVE reference
+- **Validation**: Validate syntaxical correctness of WAF rules
+- **Linting**: Get warnings and hints to improve your WAF rules
+- **Deployment Guide**: Step-by-step deployment instructions
+- **Docker Test Harness**: Spin up CrowdSec + nginx + bouncer to exercise rules for false positives/negatives
+- **Nuclei Lookup**: Quickly jump to existing templates in the official `projectdiscovery/nuclei-templates` repository for a given CVE
+
+### Scenarios Features
+
+- **CrowdSec Scenarios Generation**: Generate CrowdSec scenarios
+- **Validation**: Validate syntaxical correctness of scenarios
+- **Linting**: Get warnings and hints to improve your scenarios
+- **Deployment Guide**: Step-by-step deployment instructions
+- **Docker Test Harness**: Spin up CrowdSec to test scenario behavior
+
+## Demo
+
+### WAF Rules Creation and testing
+
+ - [Rule creation from natural language with Claude Desktop](https://claude.ai/share/f0f246b2-6b20-4d70-a16c-c6b627ab2d80)
+ - [Rule creation from CVE reference](https://claude.ai/share/b6599407-82dd-443c-a12d-9a9825ed99df)
+
+### Scenario Creation and testing
+
+ - XX
+ - XX
+
+## Installation
+
+### Quick MCP client setup
+
+- Configure supported clients automatically with `uvx run --from crowdsec-local-mcp init <client>`, where `<client>` is one of `claude-desktop`, `chatgpt`, `vscode`, or `stdio`:
+
+```bash
+uvx --from crowdsec-local-mcp init
+```
+
+## Logging
+
+- The MCP server writes its log file to your operating system's temporary directory. On Linux/macOS this is typically `/tmp/crowdsec-mcp.log`; on Windows it resolves via `%TEMP%\crowdsec-mcp.log`.
+
+## Pre Requisites
+
+ - Docker + Docker Compose
+
+ - Python >= 3.12
+

crowdsec_local_mcp-0.0.2/pyproject.toml

@@ -0,0 +1,34 @@
+[project]
+name = "crowdsec-local-mcp"
+dynamic = ["version"]
+description = "An MCP exposing prompts and tools to help users write WAF rules, scenarios etc."
+readme = "README.md"
+requires-python = ">=3.12"
+dependencies = [
+    "jsonschema>=4.25.1",
+    "mcp>=1.15.0",
+    "pyyaml>=6.0.3",
+    "requests>=2.32.5",
+]
+
+[project.scripts]
+crowdsec-mcp = "crowdsec_local_mcp.__main__:run"
+init = "crowdsec_local_mcp.setup_cli:main"
+
+[build-system]
+requires = ["setuptools>=69", "wheel", "setuptools_scm>=8"]
+build-backend = "setuptools.build_meta"
+
+[tool.setuptools]
+include-package-data = true
+
+[tool.setuptools.package-dir]
+"" = "src"
+
+[tool.setuptools.packages.find]
+where = ["src"]
+
+[tool.setuptools_scm]
+tag_regex = "^v?(?P<version>[0-9]+(\\.[0-9]+)*)$"
+version_scheme = "no-guess-dev"
+local_scheme = "no-local-version"

crowdsec_local_mcp-0.0.2/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

crowdsec_local_mcp-0.0.2/src/crowdsec_local_mcp/__init__.py

@@ -0,0 +1,5 @@
+"""CrowdSec MCP package."""
+
+from .mcp_core import main
+
+__all__ = ["main"]

crowdsec_local_mcp-0.0.2/src/crowdsec_local_mcp/__main__.py

@@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+
+# Use `uv run --project . <command>` to run this module directly for testing.
+
+import asyncio
+
+from .mcp_core import LOGGER, main
+
+# Import modules for their registration side effects.
+from . import mcp_waf  # noqa: F401
+
+try:
+    from . import mcp_scenarios  # noqa: F401
+except ModuleNotFoundError:
+    LOGGER.warning("Scenario module not available; scenario tools disabled")
+
+
+def run() -> None:
+    """Entry-point used by console scripts."""
+    asyncio.run(main())
+
+
+if __name__ == "__main__":
+    run()

crowdsec_local_mcp-0.0.2/src/crowdsec_local_mcp/compose/waf-test/.gitignore

@@ -0,0 +1,3 @@
+# Generated at runtime by the MCP integration.
+rules/current-rule.yaml
+crowdsec/appsec-configs/mcp-appsec.yaml

crowdsec_local_mcp-0.0.2/src/crowdsec_local_mcp/compose/waf-test/crowdsec/acquis.d/appsec.yaml

@@ -0,0 +1,8 @@
+# Acquisition file registering the MCP-generated AppSec configuration.
+appsec_configs:
+ - mcp-appsec
+labels:
+  type: appsec
+listen_addr: 0.0.0.0:7422
+source: appsec
+name: myAppSecComponent

crowdsec_local_mcp-0.0.2/src/crowdsec_local_mcp/compose/waf-test/crowdsec/appsec-configs/mcp-appsec.yaml.template

@@ -0,0 +1,8 @@
+name: mcp-appsec
+default_remediation: ban
+inband_rules:
+  # Keep the CrowdSec base config to ensure essential protections remain active.
+  - crowdsecurity/base-config
+  # The MCP tooling copies the user rule into the custom directory as current-rule.yaml
+  ## XXX FIXME : make this a variable :)
+  - __PLACEHOLDER_FOR_USER_RULE__

crowdsec_local_mcp-0.0.2/src/crowdsec_local_mcp/compose/waf-test/crowdsec/init-bouncer.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+set -euo pipefail
+
+API_KEY="mcp-nginx-bouncer-test-key"
+BOUNCER_NAME="mcp-nginx-bouncer"
+
+/bin/bash /docker_start.sh "$@" &
+PID=$!
+trap 'kill "$PID" 2>/dev/null || true' EXIT
+
+for _ in $(seq 1 90); do
+    if cscli lapi status >/dev/null 2>&1; then
+        break
+    fi
+    sleep 2;
+done
+
+if ! cscli lapi status >/dev/null 2>&1; then
+    echo "CrowdSec LAPI did not become ready in time" >&2
+    wait "$PID"
+    exit 1
+fi
+
+cscli bouncers delete "$BOUNCER_NAME" >/dev/null 2>&1 || true
+cscli bouncers add "$BOUNCER_NAME" -k "$API_KEY"
+
+trap - EXIT
+wait "$PID"
+exit $?

crowdsec_local_mcp-0.0.2/src/crowdsec_local_mcp/compose/waf-test/docker-compose.yml

@@ -0,0 +1,68 @@
+version: "3.9"
+
+services:
+  crowdsec:
+    image: crowdsecurity/crowdsec:latest
+    hostname: crowdsec
+    container_name: crowdsec-appsec
+    restart: "no"
+    entrypoint:
+      - /bin/bash
+      - /usr/local/bin/init-bouncer.sh
+    environment:
+      # Ensure the local API stays accessible for the nginx bouncer.
+      - DISABLE_LOCAL_API=0
+      - DISABLE_ONLINE_API=1
+      # Turn on AppSec mode inside the CrowdSec container.
+      - ENABLE_APPSEC=1
+    volumes:
+      # Persist CrowdSec data (buckets, alerts, etc.) between restarts.
+      - crowdsec-data:/var/lib/crowdsec/data
+      # Allow templated acquisition and AppSec config overrides without replacing the whole /etc/crowdsec tree.
+      - ./crowdsec/acquis.d/appsec.yaml:/etc/crowdsec/acquis.d/appsec-mcp.yaml:ro
+      - ./crowdsec/appsec-configs/mcp-appsec.yaml:/etc/crowdsec/appsec-configs/mcp-appsec.yaml:ro
+      - ./crowdsec/init-bouncer.sh:/usr/local/bin/init-bouncer.sh:ro
+      # The MCP tooling will drop the user-provided rule in this folder as current-rule.yaml
+      - ./rules:/etc/crowdsec/appsec-rules/custom
+    ports:
+      - "18080:8080" # LAPI (use non-default host port to avoid conflicts)
+      - "17422:7422" # AppSec Live mode (non-default host port)
+    networks:
+      - waf-net
+
+  nginx:
+    build:
+      context: ./nginx
+    container_name: nginx-appsec
+    restart: "no"
+    depends_on:
+      - crowdsec
+      - backend
+    ports:
+      - "8081:80"
+    command:
+      - openresty
+      - -g
+      - 'daemon off;'
+    volumes:
+      - ./nginx/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf:ro
+      # Site config enabling the CrowdSec module and proxying to the backend.
+      - ./nginx/site-enabled:/usr/local/openresty/nginx/conf/site-enabled:ro
+      # Override the bouncer configuration shipped in the image with the harness version.
+      - ./nginx/crowdsec/crowdsec-openresty-bouncer.conf:/etc/crowdsec/bouncers/crowdsec-openresty-bouncer.conf:ro
+    networks:
+      - waf-net
+
+  backend:
+    image: nginxdemos/hello:latest
+    container_name: app-backend
+    restart: unless-stopped
+    networks:
+      - waf-net
+
+volumes:
+  crowdsec-data:
+
+networks:
+  waf-net:
+    driver: bridge

crowdsec_local_mcp-0.0.2/src/crowdsec_local_mcp/compose/waf-test/nginx/Dockerfile

@@ -0,0 +1,67 @@
+
+FROM ubuntu:24.04
+
+# Install dependencies
+RUN apt-get update && apt-get install -y \
+    git \
+    make \
+    software-properties-common \
+    wget \
+    gnupg \
+    ca-certificates \
+    gettext \
+    curl
+
+RUN wget -O - https://openresty.org/package/pubkey.gpg | apt-key add -
+RUN echo "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main"| tee /etc/apt/sources.list.d/openresty.list
+RUN curl -s https://install.crowdsec.net |  bash
+
+RUN apt update
+
+RUN apt install -y openresty openresty-opm gettext-base
+
+RUN apt install -y crowdsec-openresty-bouncer
+
+
+
+EXPOSE 80
+
+
+# # Install the bouncer
+# COPY build.sh /build.sh
+# COPY start.sh /start.sh
+
+# RUN chmod +x /build.sh && /build.sh
+# RUN chmod +x /start.sh
+
+# # Set the script as the entrypoint
+# ENTRYPOINT ["/start.sh"]
+
+
+
+# FROM debian:bookworm
+
+# ENV DEBIAN_FRONTEND=noninteractive
+
+# # Install nginx with Lua module support and prerequisites for the CrowdSec nginx bouncer.
+# RUN set -eux; \
+#     apt-get update; \
+#     apt-get install -y --no-install-recommends \
+#         ca-certificates \
+#         curl \
+#         gnupg2 \
+#         iproute2 \
+#         libnginx-mod-http-lua \
+#         lsb-release \
+#         nginx \
+#         procps; \
+#     curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | bash; \
+#     apt-get install -y --no-install-recommends crowdsec-nginx-bouncer; \
+#     rm -rf /var/lib/apt/lists/*
+
+# # Prepare directories that will receive bind mounts at runtime.
+# RUN mkdir -p /etc/nginx/conf.d /etc/nginx/crowdsec
+
+# EXPOSE 80
+
+# CMD ["nginx", "-g", "daemon off;"]