crowdsec-local-mcp 0.1.0__py3-none-any.whl → 0.7.0.post1.dev0__py3-none-any.whl

crowdsec_local_mcp/__init__.py

@@ -2,4 +2,9 @@
 
 from .mcp_core import main
 
-__all__ = ["main"]
+try:
+    from ._version import __version__
+except ModuleNotFoundError:  # pragma: no cover - generated during release
+    __version__ = "0.0.0"
+
+__all__ = ["__version__", "main"]

crowdsec_local_mcp/__main__.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+# Use `uv run --project . crowdsec-mcp` to run this module directly for testing.
 
 import asyncio
 

crowdsec_local_mcp/_version.py

@@ -0,0 +1 @@
+__version__ = "0.7.0.post1.dev0"

crowdsec_local_mcp/compose/scenario-test/.gitignore

@@ -0,0 +1 @@
+scenarios/*.yaml

crowdsec_local_mcp/compose/scenario-test/docker-compose.yml

@@ -0,0 +1,19 @@
+services:
+  crowdsec:
+    image: crowdsecurity/crowdsec:latest
+    hostname: crowdsec
+    container_name: crowdsec-scenario-test
+    pull_policy: always
+    restart: "no"
+    environment:
+      - DISABLE_ONLINE_API=true
+      - DISABLE_AGENT=true
+    volumes:
+      # Persist CrowdSec data (buckets, alerts, etc.) between restarts.
+      - crowdsec-data:/var/lib/crowdsec/data
+      # No need for acquisition
+      # The MCP tooling will drop the user-provided rule in this folder as current-rule.yaml
+      - ./scenarios:/etc/crowdsec/scenarios/custom
+
+volumes:
+  crowdsec-data:

crowdsec_local_mcp/compose/waf-test/docker-compose.yml

@@ -3,6 +3,7 @@ version: "3.9"
 services:
   crowdsec:
     image: crowdsecurity/crowdsec:latest
+    pull_policy: always
     hostname: crowdsec
     container_name: crowdsec-appsec
     restart: "no"
@@ -11,10 +12,8 @@ services:
       - /usr/local/bin/init-bouncer.sh
     environment:
       # Ensure the local API stays accessible for the nginx bouncer.
-      - DISABLE_LOCAL_API=0
-      - DISABLE_ONLINE_API=1
-      # Turn on AppSec mode inside the CrowdSec container.
-      - ENABLE_APPSEC=1
+      - DISABLE_LOCAL_API=false
+      - DISABLE_ONLINE_API=true
     volumes:
       # Persist CrowdSec data (buckets, alerts, etc.) between restarts.
       - crowdsec-data:/var/lib/crowdsec/data
@@ -43,7 +42,7 @@ services:
     command:
       - openresty
       - -g
-      - 'daemon off;'
+      - "daemon off;"
     volumes:
       - ./nginx/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf:ro
       # Site config enabling the CrowdSec module and proxying to the backend.
@@ -54,7 +53,7 @@ services:
       - waf-net
 
   backend:
-    image: nginxdemos/hello:latest
+    image: nginx:alpine
     container_name: app-backend
     restart: unless-stopped
     networks:

crowdsec_local_mcp/compose/waf-test/nginx/Dockerfile

@@ -12,8 +12,9 @@ RUN apt-get update && apt-get install -y \
     gettext \
     curl
 
-RUN wget -O - https://openresty.org/package/pubkey.gpg | apt-key add -
-RUN echo "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main"| tee /etc/apt/sources.list.d/openresty.list
+RUN wget -O - https://openresty.org/package/pubkey.gpg | gpg --dearmor -o /usr/share/keyrings/openresty.gpg
+RUN echo "deb [arch=amd64 signed-by=/usr/share/keyrings/openresty.gpg] http://openresty.org/package/ubuntu $(lsb_release -sc) main"| tee /etc/apt/sources.list.d/openresty.list
+RUN echo "deb [arch=arm64 signed-by=/usr/share/keyrings/openresty.gpg] http://openresty.org/package/arm64/ubuntu $(lsb_release -sc) main"| tee /etc/apt/sources.list.d/openresty.list
 RUN curl -s https://install.crowdsec.net |  bash
 
 RUN apt update

crowdsec_local_mcp/mcp_core.py

@@ -1,17 +1,22 @@
-import asyncio
 import logging
+import shutil
+import subprocess
+import tempfile
 from collections import OrderedDict
 from pathlib import Path
-from typing import Any, Callable, Dict, List, Optional
+from typing import Any
+from collections.abc import Callable
 
 import mcp.server.stdio
-import mcp.types as types
+from mcp import types
 from mcp.server import NotificationOptions, Server
 from mcp.server.models import InitializationOptions
 
 SCRIPT_DIR = Path(__file__).parent
 PROMPTS_DIR = SCRIPT_DIR / "prompts"
-LOG_FILE_PATH = SCRIPT_DIR / "crowdsec-mcp.log"
+LOG_FILE_PATH = Path(tempfile.gettempdir()) / "crowdsec-mcp.log"
+_DOCKER_CLI_CHECK: bool | None = None
+_DOCKER_COMPOSE_CMD: list[str] | None = None
 
 
 def _configure_logger() -> logging.Logger:
@@ -36,7 +41,7 @@ def _configure_logger() -> logging.Logger:
 LOGGER = _configure_logger()
 server = Server("crowdsec-prompt-server")
 
-ToolHandler = Callable[[Optional[Dict[str, Any]]], List[types.TextContent]]
+ToolHandler = Callable[[dict[str, Any] | None], list[types.TextContent]]
 ResourceReader = Callable[[], str]
 
 
@@ -44,15 +49,15 @@ class MCPRegistry:
     """Central registry for tool and resource integrations."""
 
     def __init__(self) -> None:
-        self._tool_handlers: Dict[str, ToolHandler] = {}
-        self._tools: "OrderedDict[str, types.Tool]" = OrderedDict()
-        self._resources: "OrderedDict[str, types.Resource]" = OrderedDict()
-        self._resource_readers: Dict[str, ResourceReader] = {}
+        self._tool_handlers: dict[str, ToolHandler] = {}
+        self._tools: OrderedDict[str, types.Tool] = OrderedDict()
+        self._resources: OrderedDict[str, types.Resource] = OrderedDict()
+        self._resource_readers: dict[str, ResourceReader] = {}
 
     def register_tools(
         self,
-        handlers: Dict[str, ToolHandler],
-        tool_definitions: List[types.Tool],
+        handlers: dict[str, ToolHandler],
+        tool_definitions: list[types.Tool],
     ) -> None:
         for name, handler in handlers.items():
             if name in self._tool_handlers:
@@ -66,8 +71,8 @@ class MCPRegistry:
 
     def register_resources(
         self,
-        resources: List[types.Resource],
-        readers: Dict[str, ResourceReader],
+        resources: list[types.Resource],
+        readers: dict[str, ResourceReader],
     ) -> None:
         for resource in resources:
             if resource.uri in self._resources:
@@ -80,11 +85,11 @@ class MCPRegistry:
             self._resource_readers[uri] = reader
 
     @property
-    def tools(self) -> List[types.Tool]:
+    def tools(self) -> list[types.Tool]:
         return list(self._tools.values())
 
     @property
-    def resources(self) -> List[types.Resource]:
+    def resources(self) -> list[types.Resource]:
         return list(self._resources.values())
 
     def get_tool_handler(self, name: str) -> ToolHandler:
@@ -103,23 +108,113 @@ class MCPRegistry:
 REGISTRY = MCPRegistry()
 
 
+def ensure_docker_cli() -> None:
+    """Ensure the Docker CLI is available and executable."""
+    global _DOCKER_CLI_CHECK
+    if _DOCKER_CLI_CHECK:
+        return
+
+    docker_path = shutil.which("docker")
+    if not docker_path:
+        raise RuntimeError(
+            "Docker is required but the `docker` executable was not found on PATH. "
+            "Install Docker Desktop or Docker Engine and ensure the `docker` CLI is accessible."
+        )
+
+    try:
+        subprocess.run(
+            ["docker", "info"], #noqa: S607
+            check=True,
+            capture_output=True,
+            text=True,
+        )
+    except FileNotFoundError as exc:
+        raise RuntimeError(
+            "Docker is required but the `docker` executable could not be executed. "
+            "Install Docker and ensure the CLI is on PATH."
+        ) from exc
+    except PermissionError as exc:
+        raise RuntimeError(
+            "Docker was found but is not executable by the current process. "
+            "Adjust permissions or run as a user allowed to execute Docker commands."
+        ) from exc
+    except subprocess.CalledProcessError as exc:
+        detail = (exc.stderr or exc.stdout or "").strip()
+        hint = (
+            "Docker appears to be installed but `docker info` failed. "
+            "Ensure the Docker daemon is installed correctly and the current user can execute Docker commands."
+        )
+        if detail:
+            hint = f"{hint} Details: {detail}"
+        raise RuntimeError(hint) from exc
+
+    LOGGER.info("Docker CLI detected at %s", docker_path)
+    _DOCKER_CLI_CHECK = True
+
+
+def ensure_docker_compose_cli() -> list[str]:
+    """Ensure a Docker Compose CLI is available and executable; return the command."""
+    global _DOCKER_COMPOSE_CMD
+    if _DOCKER_COMPOSE_CMD is not None:
+        return _DOCKER_COMPOSE_CMD
+
+    ensure_docker_cli()
+
+    candidates = [["docker", "compose"], ["docker-compose"]]
+    errors: list[str] = []
+
+    for candidate in candidates:
+        command_display = " ".join(candidate)
+        try:
+            result = subprocess.run(
+                candidate + ["version"],
+                check=True,
+                capture_output=True,
+                text=True,
+            )
+        except FileNotFoundError as exc:
+            errors.append(f"`{command_display}` command not found: {exc}")
+            continue
+        except PermissionError as exc:
+            errors.append(
+                f"`{command_display}` is present but not executable by the current user: {exc}"
+            )
+            continue
+        except subprocess.CalledProcessError as exc:
+            detail = (exc.stderr or exc.stdout or str(exc)).strip()
+            message = f"`{command_display}` failed to run: {detail or 'unknown error'}"
+            errors.append(message)
+            continue
+
+        if result.returncode == 0:
+            _DOCKER_COMPOSE_CMD = candidate
+            LOGGER.info("Docker Compose CLI detected: %s", command_display)
+            return candidate
+
+    detail_suffix = f" Details: {'; '.join(errors)}" if errors else ""
+    raise RuntimeError(
+        "Docker Compose is required but could not be executed. Install Docker Desktop or Docker Engine and ensure "
+        "`docker compose` or `docker-compose` is available on PATH." + detail_suffix
+    )
+
+
 @server.list_tools()
-async def handle_list_tools() -> List[types.Tool]:
+async def handle_list_tools() -> list[types.Tool]:
     LOGGER.info("Listing available tools")
     return REGISTRY.tools
 
 
 @server.call_tool()
 async def handle_call_tool(
-    name: str, arguments: Optional[Dict[str, Any]]
-) -> List[types.TextContent]:
+    name: str, arguments: dict[str, Any] | None
+) -> list[types.TextContent]:
     LOGGER.info("handle_call_tool invoked for tool '%s'", name)
     handler = REGISTRY.get_tool_handler(name)
     return handler(arguments)
 
 
 @server.list_resources()
-async def handle_list_resources() -> List[types.Resource]:
+async def handle_list_resources() -> list[types.Resource]:
     LOGGER.info("Listing available resources")
     return REGISTRY.resources