crowdsec-local-mcp 0.2.0__py3-none-any.whl → 0.8.0.post1.dev0__py3-none-any.whl

crowdsec_local_mcp/prompts/prompt-waf-tests.txt

@@ -0,0 +1,113 @@
+You are an expert in generating automated test assets for the CrowdSec WAF harness. Given a Nuclei template and the name of the rule under test, produce the artifacts required by the docker-based test workflow. Focus exclusively on generating the test configuration (`config.yaml`) and the adapted Nuclei template that validates the rule blocks the attack with a `403` status code.
+
+## Test Artifact Guidelines
+
+1. **config.yaml**  
+   - Must be valid YAML with the keys `appsec-rules:` and `nuclei_template`.  
+   - `appsec-rules:` is a YAML list that always includes:  
+     - `./appsec-rules/crowdsecurity/base-config.yaml`  
+     - The path to the generated rule (e.g. `./appsec-rules/crowdsecurity/vpatch-CVE-2020-17496.yaml`).  
+   - `nuclei_template` is the filename of the adapted Nuclei template (e.g. `CVE-2020-17496.yaml`).
+   - The path in `appsec-rules` is relative to the hub root, because the rule is not on the hub yet.
+   - Use this template and replace the placeholders only:
+     ```
+     appsec-rules:
+       - ./appsec-rules/crowdsecurity/base-config.yaml
+       - <PUT_THE_NEW_RULE_PATH_HERE>
+     nuclei_template: <PUT_THE_TEST_TEMPLATE_FILENAME_HERE>
+     ```
+
+2. **Adapted Nuclei Template**  
+   - Preserve the original request structure that exercises the vulnerability.  
+   - Normalise metadata so the template identifies itself as a test:  
+     - `info.name` matches the CVE identifier.  
+     - `info.author` is `crowdsec`.  
+     - `info.severity` is `info`.  
+     - `info.description` briefly states it is for testing (e.g. `CVE-2020-17496 testing`).  
+     - `info.tags` includes `appsec-testing`.  
+   - Keep payloads, raw requests, and helper fields that are required for the exploit to function.  
+   - Force the rule-under-test to respond with a block by ensuring the only matcher checks for HTTP status code `403`. Remove every other matcher from the original template.  
+   - When the original template lacks an explicit matcher, add a `matchers` block with a single status matcher for `403`.  
+   - If the template requires `cookie-reuse` or other execution flags, keep them intact.
+
+3. **General Expectations**  
+   - Do not attempt to regenerate the detection rule—only produce the two testing artifacts.  
+   - Respect YAML indentation (two spaces) and quote strings that contain special characters.  
+   - Mirror the case and structure of URIs, headers, and payloads from the input template.  
+   - Provide helpful inline comments only when strictly necessary to explain intentional failures.
+   - Place test assets in the hub under `.appsec-tests/<test_name>/`:
+     - `config.yaml`
+     - `<test_name>.yaml` (the adapted nuclei template)
+   - If the rule is for virtual patching, use `CVE-YYYY-XYZ` as the test name and `vpatch-CVE-YYYY-XYZ` as the rule name.
+
+## Output Format
+
+Always return exactly two sections separated by delimiters:
+
+```
+===TEST_CONFIG===
+<config.yaml content>
+
+===TEST_NUCLEI===
+<adapted nuclei template content>
+```
+
+No additional sections or commentary should be emitted.
+
+## Example Input
+
+```yaml
+id: CVE-2020-17496
+
+info:
+  name: vBulletin 5.5.4 - 5.6.2- Remote Command Execution
+  author: pussycat0x
+  severity: critical
+  description: 'vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.'
+
+http:
+  - raw:
+      - |
+        POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+```
+
+## Example Output
+
+===TEST_CONFIG===
+appsec-rules:
+  - ./appsec-rules/crowdsecurity/base-config.yaml
+  - ./appsec-rules/crowdsecurity/vpatch-CVE-2020-17496.yaml
+nuclei_template: CVE-2020-17496.yaml
+
+===TEST_NUCLEI===
+id: CVE-2020-17496
+info:
+  name: CVE-2020-17496
+  author: crowdsec
+  severity: info
+  description: CVE-2020-17496 testing
+  tags: appsec-testing
+http:
+  - raw:
+      - |
+        POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;
+
+    cookie-reuse: true
+    matchers:
+      - type: status
+        status:
+          - 403

crowdsec_local_mcp/prompts/prompt-waf-top-level.txt

@@ -0,0 +1,33 @@
+You are the top-level cyber security assistant for orchestrating CrowdSec AppSec WAF tasks. Treat this prompt as the first step whenever the user asks about creating, reviewing, testing, or deploying WAF rules so you can decide which specialized tool or prompt to invoke next.
+
+The process is the following, and it's CRITICAL to follow it unless asked otherwise by the user:
+
+1. **Validate User Intent**: Ensure that you understand user objective and that your rule will follow his directives.
+    - If the user provides a CVE, use `fetch_nuclei_exploit` to get a working nuclei template / exploit.
+    - If the user provides a natural language description, ask further question if necessary to be sure the rule will be specific enough.
+2. **Generate Initial Rule**: Refer to `get_waf_prompt` tool and prompt for syntax and guidelines. If you want everything bundled (main prompt + examples), call `generate_waf_rule` instead.
+3. **Validate Syntax**: Use the `validate_waf_rule` tool to check YAML syntax
+4. **Lint for Quality**: Use the `lint_waf_rule` tool to check for warnings and improvement hints
+5. **Iterate if Needed**: If validation fails or linter shows warnings, fix the issues and repeat steps 2-3
+6. **Final Output**: Only provide final output when both validation passes and linting shows no critical issues. Summarize results and link the user to next-step tooling options below.
+
+⚠️ Final Validation Checklist (REQUIRED before output ends):
+ - Confirm validation tool returns "✅ VALIDATION PASSED"
+ - Address all warnings from linting tool
+
+**IMPORTANT**: If validation or linting fails, you MUST iterate and fix the issues before providing the final output. Do not output rules that fail validation or have critical linting warnings.
+
+### After presenting **Final Output** to the user:
+
+Once you have successfully generated and validated a WAF rule, propose the user the next steps:
+ - Deploy the rule on a live instance:
+    - Use tool `manage_waf_stack`
+    - Allows you and the user to manually tests for false-positives and false-negatives
+ - Create and validate a test for the rule - allows contribution to the hub:
+    - Use tool `generate_waf_tests` to get instructions on test creation
+    - Use tool `run_waf_tests` to run and validate the tests
+    - Once done, suggest help preparing a PR
+    - Use tool `get_waf_pr_prompt` to guide PR preparation and draft a PR comment
+    - Use tool `prepare_waf_pr` to write the rule and test assets into a local hub clone
+ - Help the user to deploy the rule on his setup:
+    - Use tool `deploy_waf_rule` to get detailed instructions and  guide the user.

crowdsec_local_mcp/prompts/prompt-waf.txt

@@ -227,15 +227,6 @@ You are an expert in cybersecurity and threat detection, specializing in automat
               value: '/src/options.php'
 ```
 
-### Validation and Quality Assurance Process:
-**CRITICAL: You MUST follow this iterative validation process:**
-
-1. **Generate Initial Rule**: Create the detection rule following all guidelines above
-2. **Validate Syntax**: Use the `validate_waf_rule` tool to check YAML syntax
-3. **Lint for Quality**: Use the `lint_waf_rule` tool to check for warnings and improvement hints
-4. **Iterate if Needed**: If validation fails or linter shows warnings, fix the issues and repeat steps 2-3
-5. **Final Output**: Only provide final output when both validation passes and linting shows no critical issues
-
 ### Output Format with Delimiters:
 
 Output format (use the exact delimiters):
@@ -262,25 +253,8 @@ Output format (use the exact delimiters):
 
   - <verbatim output from linter tool>
 
-## Next Steps
-- Do you want me to test the WAF rule
-- Do you want some deployment guidance
 ```
 
-⚠️ Final Validation Checklist (REQUIRED before output ends):
- - Confirm validation tool returns "✅ VALIDATION PASSED"
- - Address all warnings from linting tool
- - Confirm all value: fields are lowercase
- - Confirm transform includes lowercase wherever applicable
- - Confirm no match.value contains capital letters
- - Confirm rule uses contains instead of regex when applicable
-
-**IMPORTANT**: If validation or linting fails, you MUST iterate and fix the issues before providing the final output. Do not output rules that fail validation or have critical linting warnings.
-
-### After Rule Generation and Validation:
-Once you have successfully generated and validated a WAF rule, remind the user that the next step is to deploy it. Use the `deploy_waf_rule` tool to provide comprehensive deployment instructions.
-
-
 ### Example Input (Nuclei Template):
 ```yaml
 id: CVE-2025-24893

crowdsec_local_mcp/setup_cli.py

@@ -2,27 +2,28 @@ import argparse
 import json
 import os
 import platform
+import shlex
 import shutil
+import subprocess
 import sys
 from dataclasses import dataclass
 from pathlib import Path
-from typing import Dict, Iterable, List, Optional, Tuple
+from collections.abc import Iterable
 
 SERVER_KEY = "crowdsec-local-mcp"
-SERVER_LABEL = "CrowdSec MCP"
-
+SERVER_LABEL = "CrowdSecMCP"
 
 @dataclass
 class CLIArgs:
     target: str
-    config_path: Optional[Path]
+    config_path: Path | None
     dry_run: bool
     force: bool
-    command_override: Optional[str]
-    cwd_override: Optional[Path]
+    command_override: str | None
+    cwd_override: Path | None
 
 
-def main(argv: Optional[Iterable[str]] = None) -> None:
+def main(argv: Iterable[str] | None = None) -> None:
     args = _parse_args(argv)
     command, cmd_args = _resolve_runner(args.command_override)
     server_payload = {
@@ -42,6 +43,8 @@ def main(argv: Optional[Iterable[str]] = None) -> None:
 
     if args.target == "claude-desktop":
         _configure_claude(args, server_payload)
+    elif args.target == "claude-code":
+        _configure_claude_code(args, server_payload)
     elif args.target == "chatgpt":
         _configure_chatgpt(args, server_payload)
     elif args.target == "vscode":
@@ -50,17 +53,17 @@ def main(argv: Optional[Iterable[str]] = None) -> None:
         raise ValueError(f"Unsupported target '{args.target}'")
 
 
-def _parse_args(argv: Optional[Iterable[str]]) -> CLIArgs:
+def _parse_args(argv: Iterable[str] | None) -> CLIArgs:
     parser = argparse.ArgumentParser(
         prog="init",
         description=(
             "Initialize CrowdSec MCP integration for supported clients "
-            "(Claude Desktop, ChatGPT Desktop, Visual Studio Code, or stdio)."
+            "(Claude Desktop, Claude Code, ChatGPT Desktop, Visual Studio Code, or stdio)."
         ),
     )
     parser.add_argument(
         "target",
-        choices=("claude-desktop", "chatgpt", "vscode", "stdio"),
+        choices=("claude-desktop", "claude-code", "chatgpt", "vscode", "stdio"),
         help="Client to configure.",
     )
     parser.add_argument(
@@ -105,7 +108,7 @@ def _parse_args(argv: Optional[Iterable[str]]) -> CLIArgs:
     )
 
 
-def _resolve_runner(command_override: Optional[str]) -> Tuple[str, List[str]]:
+def _resolve_runner(command_override: str | None) -> tuple[str, list[str]]:
     if command_override:
         command_parts = command_override.strip().split()
         if not command_parts:
@@ -129,7 +132,7 @@ def _resolve_runner(command_override: Optional[str]) -> Tuple[str, List[str]]:
     return python_executable, ["-m", "crowdsec_local_mcp"]
 
 
-def _configure_claude(args: CLIArgs, server_payload: Dict[str, object]) -> None:
+def _configure_claude(args: CLIArgs, server_payload: dict[str, object]) -> None:
     config_path = _resolve_path(args.config_path, _claude_candidates())
     _write_mcp_config(
         config_path,
@@ -139,7 +142,52 @@ def _configure_claude(args: CLIArgs, server_payload: Dict[str, object]) -> None:
     )
 
 
-def _configure_chatgpt(args: CLIArgs, server_payload: Dict[str, object]) -> None:
+def _configure_claude_code(args: CLIArgs, server_payload: dict[str, object]) -> None:
+    runner_command = server_payload["command"]
+    if not isinstance(runner_command, str):
+        raise TypeError("Server payload 'command' must be a string.")
+    runner_args = server_payload.get("args", [])
+    if not isinstance(runner_args, list):
+        raise TypeError("Server payload 'args' must be a list.")
+
+    claude_invocation = [
+        "claude",
+        "mcp",
+        "add",
+        "--transport",
+        "stdio",
+        "--scope",
+        "user",
+        SERVER_LABEL,
+        "--",
+        runner_command,
+        *runner_args,
+    ]
+    quoted_command = " ".join(shlex.quote(part) for part in claude_invocation)
+
+    if args.dry_run:
+        print(
+            "Run the following command to register CrowdSec MCP with Claude Code:\n"
+            f"{quoted_command}"
+        )
+        return
+
+    if shutil.which("claude") is None:
+        raise FileNotFoundError(
+            "The 'claude' CLI is not available on PATH. Install Claude Code CLI and "
+            f"run:\n{quoted_command}"
+        )
+
+    result = subprocess.run(claude_invocation, check=False)
+    if result.returncode != 0:
+        raise RuntimeError(
+            f"'claude mcp add' failed with exit code {result.returncode}. "
+            f"Run manually:\n{quoted_command}"
+        )
+    print("Registered CrowdSec MCP with Claude Code CLI.")
+
+
+def _configure_chatgpt(args: CLIArgs, server_payload: dict[str, object]) -> None:
     config_path = _resolve_path(args.config_path, _chatgpt_candidates())
     _write_mcp_config(
         config_path,
@@ -149,9 +197,9 @@ def _configure_chatgpt(args: CLIArgs, server_payload: Dict[str, object]) -> None
     )
 
 
-def _configure_vscode(args: CLIArgs, server_payload: Dict[str, object]) -> None:
+def _configure_vscode(args: CLIArgs, server_payload: dict[str, object]) -> None:
     config_path = _resolve_path(args.config_path, _vscode_candidates())
-    vscode_payload: Dict[str, object] = {
+    vscode_payload: dict[str, object] = {
         "command": server_payload["command"],
         "args": server_payload["args"],
     }
@@ -171,13 +219,22 @@ def _configure_vscode(args: CLIArgs, server_payload: Dict[str, object]) -> None:
 
 def _write_mcp_config(
     config_path: Path,
-    server_payload: Dict[str, object],
+    server_payload: dict[str, object],
     args: CLIArgs,
     *,
     client_name: str,
     servers_key: str = "mcpServers",
 ) -> None:
-    config, existed = _load_json(config_path, allow_missing=True)
+    manual_snippet = json.dumps(
+        {servers_key: {SERVER_KEY: server_payload}}, indent=2
+    )
+    config, existed = _load_json(
+        config_path,
+        allow_missing=True,
+        fallback_snippet=manual_snippet,
+    )
+    if config is None:
+        return
     if not existed and not (args.force or args.dry_run):
         raise FileNotFoundError(
             f"{config_path} does not exist. Re-run with --force to create it "
@@ -199,7 +256,7 @@ def _write_mcp_config(
     print(f"Configured {client_name} at {config_path}")
 
 
-def _print_stdio(server_payload: Dict[str, object]) -> None:
+def _print_stdio(server_payload: dict[str, object]) -> None:
     snippet = {
         "server": SERVER_KEY,
         "command": server_payload["command"],
@@ -209,13 +266,19 @@ def _print_stdio(server_payload: Dict[str, object]) -> None:
     if cwd is not None:
         snippet["cwd"] = cwd
 
+    snippet_json = json.dumps(snippet, indent=2)
     print(
         "Use the following configuration with stdio-compatible MCP clients:\n"
-        f"{json.dumps(snippet, indent=2)}"
+        f"{snippet_json}"
     )
 
 
-def _load_json(path: Path, *, allow_missing: bool) -> Tuple[Dict[str, object], bool]:
+def _load_json(
+    path: Path,
+    *,
+    allow_missing: bool,
+    fallback_snippet: str | None = None,
+) -> tuple[dict[str, object] | None, bool]:
     if not path.exists():
         if allow_missing:
             return {}, False
@@ -228,10 +291,16 @@ def _load_json(path: Path, *, allow_missing: bool) -> Tuple[Dict[str, object], b
     try:
         return json.loads(content), True
     except json.JSONDecodeError as exc:
-        raise ValueError(f"Failed to parse JSON from {path}: {exc}") from exc
+        manual_msg = (
+            f"Couldn't parse {path}: {exc}.\n"
+            "Edit it manually to add:\n\n"
+            f"{fallback_snippet or '<no snippet available>'}"
+        )
+        print(manual_msg)
+        return None, True
 
 
-def _resolve_path(explicit: Optional[Path], candidates: List[Path]) -> Path:
+def _resolve_path(explicit: Path | None, candidates: list[Path]) -> Path:
     if explicit:
         return explicit.expanduser()
 
@@ -258,7 +327,7 @@ def _backup_file_if_exists(path: Path) -> None:
     print(f"Existing configuration backed up to {backup_path}")
 
 
-def _claude_candidates() -> List[Path]:
+def _claude_candidates() -> list[Path]:
     system = platform.system()
     if system == "Darwin":
         return [
@@ -274,7 +343,7 @@ def _claude_candidates() -> List[Path]:
     return [Path.home() / ".config" / "Claude" / "claude_desktop_config.json"]
 
 
-def _chatgpt_candidates() -> List[Path]:
+def _chatgpt_candidates() -> list[Path]:
     system = platform.system()
     if system == "Darwin":
         return [
@@ -290,17 +359,17 @@ def _chatgpt_candidates() -> List[Path]:
     return [Path.home() / ".config" / "ChatGPT" / "config.json"]
 
 
-def _vscode_candidates() -> List[Path]:
+def _vscode_candidates() -> list[Path]:
     system = platform.system()
     if system == "Windows":
         base = Path(os.environ.get("APPDATA", Path.home()))
         return [base / "Code" / "User" / "mcp.json", base / "Code - Insiders" / "User" / "mcp.json"]
-    elif system == "Darwin":
+    if system == "Darwin":
         base = Path.home() / "Library" / "Application Support"
         return [base / "Code" / "User" / "mcp.json", base / "Code - Insiders" / "User" / "mcp.json"]
-    else:  # Linux and others
-        base = Path.home() / ".config"
-        return [base / "Code" / "User" / "mcp.json", base / "Code - Insiders" / "User" / "mcp.json"]
+    # Linux and others
+    base = Path.home() / ".config"
+    return [base / "Code" / "User" / "mcp.json", base / "Code - Insiders" / "User" / "mcp.json"]
 
 if __name__ == "__main__":
     main()

crowdsec_local_mcp-0.8.0.post1.dev0.dist-info/METADATA

@@ -0,0 +1,114 @@
+Metadata-Version: 2.4
+Name: crowdsec-local-mcp
+Version: 0.8.0.post1.dev0
+Summary: An MCP exposing prompts and tools to help users write WAF rules, scenarios etc.
+License-Expression: MIT
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: System :: Systems Administration
+Classifier: Topic :: Utilities
+Requires-Python: >=3.12
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: jsonschema>=4.25.1
+Requires-Dist: mcp>=1.15.0
+Requires-Dist: pyyaml>=6.0.3
+Requires-Dist: requests>=2.32.5
+Dynamic: license-file
+
+<p align="center">
+<img src="https://github.com/crowdsecurity/crowdsec-docs/blob/main/crowdsec-docs/static/img/crowdsec_logo.png" alt="CrowdSec" title="CrowdSec" width="400" height="260"/>
+</p>
+
+
+**Life is too short to write YAML, just ask nicely!**
+
+> A Model Context Protocol (MCP) server to generate, validate, and deploy CrowdSec WAF rules & Scenarios.
+
+
+## Features
+
+### WAF Rules Features
+
+- **WAF Rule Generation**: Generate CrowdSec WAF rules from user input or a CVE reference
+- **Validation**: Validate syntaxical correctness of WAF rules
+- **Linting**: Get warnings and hints to improve your WAF rules
+- **Deployment Guide**: Step-by-step deployment instructions
+- **Docker Test Harness**: Spin up CrowdSec + nginx + bouncer to exercise rules for false positives/negatives
+- **Nuclei Lookup**: Quickly jump to existing templates in the official `projectdiscovery/nuclei-templates` repository for a given CVE
+
+### Scenarios Features
+
+- **CrowdSec Scenarios Generation**: Generate CrowdSec scenarios
+- **Validation**: Validate syntaxical correctness of scenarios
+- **Linting**: Get warnings and hints to improve your scenarios
+- **Deployment Guide**: Step-by-step deployment instructions
+- **Docker Test Harness**: Spin up CrowdSec to test scenario behavior
+
+## Demo
+
+### WAF Rules Creation and testing
+
+ - [Rule creation from natural language](https://claude.ai/share/f0f246b2-6b20-4d70-a16c-c6b627ab2d80)
+ - [Rule creation from CVE reference](https://claude.ai/share/b6599407-82dd-443c-a12d-9a9825ed99df)
+
+### Scenario Creation and testing
+
+ - [Rule creation on HTTP events](https://claude.ai/share/3658165a-5636-4a7e-8043-01e7a7517200)
+ - [Rule creation based on GeoLocation factors](https://claude.ai/share/ff154e66-3c1a-44e6-a464-b694f65bd67e)
+
+## Prerequisites
+
+- [uv](https://docs.astral.sh/uv/) 0.4 or newer, which provides the `uvx` runner used in the examples below.
+- Docker with the Compose plugin (Compose v2).
+
+## Installation
+
+You can install the MCP using `uvx` **or** use packaged `.mcpb` file for claude code.
+
+### Using `.mcpb` package
+
+If you're using `claude desktop`, you can configure the MCP directly by double-clicking the `.mcpb` file that accompanies the release.
+
+> [!IMPORTANT]
+> On MacOS, configure `uv` path in the extension settings if `uv` isn't installed in the standard path. 
+
+### Using `uvx`
+
+- Configure supported clients automatically with `uvx --from crowdsec-local-mcp init <client>`, where `<client>` is one of `claude-desktop`, `claude-code`, `chatgpt`, `vscode`, or `stdio`:
+
+```bash
+uvx --from crowdsec-local-mcp init --dry-run claude-code
+```
+
+Run `uvx --from crowdsec-local-mcp init --help` to see all flags and supported targets.
+
+#### What `init` configures
+
+The `init` helper writes the CrowdSec MCP server definition into the client’s JSON configuration:
+
+- `claude-desktop` → `claude_desktop_config.json` in the Claude Desktop settings directory
+- `claude-code` → invoke `claude mcp` command with needed args
+- `chatgpt` → `config.json` in the ChatGPT Desktop settings directory
+- `vscode` → `mcp.json` for VS Code (stable and insiders are both detected)
+
+If the client's configuration file already exists, a `.bak` backup is created before the MCP server block is updated. When the file is missing you can either pass `--force` to create it, or point `--config-path` to a custom location. Combine `--dry-run` with these options to preview the JSON without making any changes.
+
+By default the CLI launches the server with `uvx --from crowdsec-local-mcp crowdsec-mcp`. If neither `uvx` nor `uv` is available, it falls back to your current Python interpreter; you can override the executable with `--command` and the working directory with `--cwd`.
+
+#### Using the `stdio` target
+
+`stdio` does not modify any files. Instead, `init stdio` prints a ready-to-paste JSON snippet that you can drop into any stdio-compatible MCP client configuration. This is useful when you want to manually wire the server into tools that do not have built-in automation support yet.
+
+## Troubleshooting
+
+If you just installed the mcp extension via `.mcpb` and `uv` or `uvx` isn't in the standard path, check the extension settings to configure `uv` path.
+
+## Logging
+
+- The MCP server writes its log file to your operating system's temporary directory. On Linux/macOS this is typically `/tmp/crowdsec-mcp.log`; on Windows it resolves via `%TEMP%\crowdsec-mcp.log`.

crowdsec_local_mcp-0.8.0.post1.dev0.dist-info/RECORD

@@ -0,0 +1,39 @@
+crowdsec_local_mcp/__init__.py,sha256=OrcWsdYsNOPPV4W05EsheZKz0kHcYMujo7pfRyHJ_9Q,236
+crowdsec_local_mcp/__main__.py,sha256=Fb43e7FGfENpdWH-4Ojpz52uuT5_GCC8sInr82JOLz4,512
+crowdsec_local_mcp/_version.py,sha256=MW1G6gkS04nDt7uvLYiQhV-JMbiJNiVvFxmhHQQjW4I,33
+crowdsec_local_mcp/mcp_core.py,sha256=FAy5SCzuUPkXdDQhkU72f4XsQZDohIPqZ4f0bIFAriM,8278
+crowdsec_local_mcp/mcp_scenarios.py,sha256=tWoo5N92hEhaOBmbfxccunoxcq1XmfS2ntYbfnlj6eY,37207
+crowdsec_local_mcp/mcp_waf.py,sha256=uhWhaK-og66fXqDoQ9I2ZGAxz5L3ZhDsN6foAFIGBkU,61247
+crowdsec_local_mcp/setup_cli.py,sha256=1RXhVtG3LgqknBkebzz1z6x_VAW51oDmYXTmQEqv6UY,11354
+crowdsec_local_mcp/compose/scenario-test/.gitignore,sha256=hcFPKNf-CWOt-TmuTPZpafoUwaWxYNbJEEiOl9411fs,16
+crowdsec_local_mcp/compose/scenario-test/docker-compose.yml,sha256=JEkCu9P-9Um3_IBw6xeZ8Tsj4jsdNK-Di-U9ktia1xw,580
+crowdsec_local_mcp/compose/scenario-test/scenarios/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+crowdsec_local_mcp/compose/waf-test/.gitignore,sha256=BLMbJuVqzOfzHCa3Ru2nmNXaZdbj5P_hliIeIGgptAk,111
+crowdsec_local_mcp/compose/waf-test/docker-compose.yml,sha256=MFMd-6F6e8c2Y54Y73aL46V6R90-gJIEiSjx_joCoCw,2124
+crowdsec_local_mcp/compose/waf-test/crowdsec/init-bouncer.sh,sha256=vI8onvy5V2ENrjwKxTvptBNkTlVhR7S2bK33lekIwWM,578
+crowdsec_local_mcp/compose/waf-test/crowdsec/acquis.d/appsec.yaml,sha256=qg1xZmcDUSaUfX4SCaT7CcCilMWpz91fyvVGl1LUTTA,189
+crowdsec_local_mcp/compose/waf-test/crowdsec/appsec-configs/mcp-appsec.yaml.template,sha256=9PoFbUJ6IJep7vVZ6UPs4-MDOSL320U0x4a5mB2tvp0,330
+crowdsec_local_mcp/compose/waf-test/nginx/Dockerfile,sha256=-6QWfRkv1AhdViYVA6rbmUpd_DeISgLmcQ3cboDpsgw,2050
+crowdsec_local_mcp/compose/waf-test/nginx/nginx.conf,sha256=mZpWFNQK9haOj8Fd-ab4GpC4Li3m0qUJLIpg5StL3pU,472
+crowdsec_local_mcp/compose/waf-test/nginx/crowdsec/crowdsec-openresty-bouncer.conf,sha256=s_53rJk5qcSUG1XuHAh4XRUU84xw_tEcJWOYON6JsdU,630
+crowdsec_local_mcp/compose/waf-test/nginx/site-enabled/default-site.conf,sha256=Rq4_jPkTkEL50YF4pNq2jwTjJmokgniQzKy7Y3ca964,357
+crowdsec_local_mcp/compose/waf-test/rules/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+crowdsec_local_mcp/compose/waf-test/rules/base-config.yaml,sha256=Xvk_SxmgKPJBWvr1cN9NIKX2A4-pTMmQo4dmIwPC7yA,1066
+crowdsec_local_mcp/prompts/prompt-expr-helpers.txt,sha256=o6g1-fth5XP0KCDtKc85c6Cb4m2bbDvO-oNqCt5_SlA,16613
+crowdsec_local_mcp/prompts/prompt-scenario-deploy.txt,sha256=re2lJiLzvkdlFJBmV57Lhm2zrqFeGnC6oMUtNS0Rq50,2378
+crowdsec_local_mcp/prompts/prompt-scenario-examples.txt,sha256=H-LdAyhhjWBysquIaL90oKGNdZ20L_PqhqJVuCZL6vw,7484
+crowdsec_local_mcp/prompts/prompt-scenario.txt,sha256=XIrgc0Hw0UAwEIuSRkWzZ9BI3qUjZsaZ-zXs_cBWwpM,7059
+crowdsec_local_mcp/prompts/prompt-waf-deploy.txt,sha256=xFotKHMZiSVYZpjC-PItf1Ee0l3PVpof7917bybZtQg,3247
+crowdsec_local_mcp/prompts/prompt-waf-examples.txt,sha256=e76mjm-wQa_clk61_7E6AsRgdt55m3MycY0lBkfL2Mc,11095
+crowdsec_local_mcp/prompts/prompt-waf-pr.txt,sha256=omA1FE68YRUS3egGn6GRLzU81WPb_Iccl3rDrGz7AyM,617
+crowdsec_local_mcp/prompts/prompt-waf-tests.txt,sha256=ZvSKsQ-B44c6BoORXwDiW33297ORuyoSeq-7EW8MaAM,4654
+crowdsec_local_mcp/prompts/prompt-waf-top-level.txt,sha256=U9rUHw8uJDweG0g8NUYGxmAmM1OFH_pBAr9cAk8wW3c,2628
+crowdsec_local_mcp/prompts/prompt-waf.txt,sha256=VxTc7QM3yYtZoj5nYUMAIQJHyeniPstU-cPrHdyq7bs,10920
+crowdsec_local_mcp/yaml-schemas/appsec_rules_schema.yaml,sha256=zXu-ikNT-bZNGWdOi5hOqZjpjM_dOnKIdMTtwng8lOM,10639
+crowdsec_local_mcp/yaml-schemas/scenario_schema.yaml,sha256=k0NYxyOUicmMip3Req3zE2CM7tyy8ARcxHlYkSSXbSI,24078
+crowdsec_local_mcp-0.8.0.post1.dev0.dist-info/licenses/LICENSE,sha256=3UN9Hca_TnpUOAecGoPKh1fjI5Ol-rSoP8epbBuERE4,1065
+crowdsec_local_mcp-0.8.0.post1.dev0.dist-info/METADATA,sha256=N5tWmFfuFBbnq0D97GlAU4ipFnFquY5RBtz5vDoTJAE,5234
+crowdsec_local_mcp-0.8.0.post1.dev0.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+crowdsec_local_mcp-0.8.0.post1.dev0.dist-info/entry_points.txt,sha256=EFTrsplHoT4x-GRrip0jxSQmH7NKBb5w5nX0PphGxTY,106
+crowdsec_local_mcp-0.8.0.post1.dev0.dist-info/top_level.txt,sha256=MC0OAZ7qK5gG78swUkedPT3pfekze1NL5cO90s90CYM,19
+crowdsec_local_mcp-0.8.0.post1.dev0.dist-info/RECORD,,

{crowdsec_local_mcp-0.2.0.dist-info → crowdsec_local_mcp-0.8.0.post1.dev0.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (80.9.0)
+Generator: setuptools (80.10.2)
 Root-Is-Purelib: true
 Tag: py3-none-any