honeymcp 0.1.0__py3-none-any.whl

honeymcp/dashboard/app.py

@@ -0,0 +1,228 @@
+"""HoneyMCP Dashboard - Real-time attack visualization with Streamlit."""
+
+import asyncio
+import sys
+from datetime import date, datetime, timedelta
+from pathlib import Path
+from typing import List
+
+import streamlit as st
+
+# Add parent directory to path for imports
+sys.path.insert(0, str(Path(__file__).parent.parent.parent))
+
+# pylint: disable=wrong-import-position
+from honeymcp.models.events import AttackFingerprint
+from honeymcp.storage.event_store import list_events
+
+# Page configuration
+st.set_page_config(
+    page_title="HoneyMCP Dashboard",
+    page_icon="🍯",
+    layout="wide",
+    initial_sidebar_state="expanded",
+)
+
+
+def load_events() -> List[AttackFingerprint]:
+    """Load attack events from storage."""
+    try:
+        events = asyncio.run(list_events())
+        return events
+    except Exception as e:
+        st.error(f"Failed to load events: {e}")
+        return []
+
+
+def get_threat_emoji(threat_level: str) -> str:
+    """Get emoji for threat level."""
+    emoji_map = {
+        "critical": "🔴",
+        "high": "🟠",
+        "medium": "🟡",
+        "low": "🟢",
+    }
+    return emoji_map.get(threat_level.lower(), "⚪")
+
+
+def format_timestamp(dt: datetime) -> str:
+    """Format timestamp for display."""
+    return dt.strftime("%Y-%m-%d %H:%M:%S")
+
+
+def main():  # pylint: disable=too-many-branches,too-many-statements
+    """Main dashboard application."""
+
+    # Header
+    st.title("🍯 HoneyMCP Dashboard")
+    st.markdown("**Real-time AI Agent Attack Detection & Intelligence**")
+    st.markdown("---")
+
+    # Load events
+    events = load_events()
+
+    # Sidebar filters
+    st.sidebar.header("Filters")
+
+    # Date range filter
+    if events:
+        min_date = min(e.timestamp for e in events).date()
+        max_date = max(e.timestamp for e in events).date()
+    else:
+        min_date = date.today() - timedelta(days=7)
+        max_date = date.today()
+
+    st.sidebar.date_input(
+        "Date Range",
+        value=(min_date, max_date),
+        min_value=min_date,
+        max_value=max_date,
+    )
+
+    # Threat level filter
+    threat_filter = st.sidebar.selectbox(
+        "Threat Level",
+        ["All", "Critical", "High", "Medium", "Low"],
+    )
+
+    # Attack category filter
+    if events:
+        categories = sorted(set(e.attack_category for e in events))
+    else:
+        categories = []
+
+    category_filter = st.sidebar.selectbox(
+        "Attack Category",
+        ["All"] + categories,
+    )
+
+    # Apply filters
+    filtered_events = events
+
+    if threat_filter != "All":
+        filtered_events = [
+            e for e in filtered_events if e.threat_level.lower() == threat_filter.lower()
+        ]
+
+    if category_filter != "All":
+        filtered_events = [e for e in filtered_events if e.attack_category == category_filter]
+
+    # Metrics row
+    st.header("📊 Attack Metrics")
+    col1, col2, col3, col4 = st.columns(4)
+
+    with col1:
+        today_attacks = len([e for e in events if (datetime.utcnow() - e.timestamp).days < 1])
+        st.metric(
+            "Total Attacks",
+            len(events),
+            delta=f"+{today_attacks} today",
+        )
+
+    with col2:
+        critical_count = len([e for e in events if e.threat_level == "critical"])
+        st.metric("Critical Threats", critical_count)
+
+    with col3:
+        unique_tools = len(set(e.ghost_tool_called for e in events)) if events else 0
+        st.metric("Unique Ghost Tools", unique_tools)
+
+    with col4:
+        if events:
+            unique_sessions = len(set(e.session_id for e in events))
+            st.metric("Unique Sessions", unique_sessions)
+        else:
+            st.metric("Unique Sessions", 0)
+
+    st.markdown("---")
+
+    # Attack breakdown
+    if events:
+        st.header("🎯 Attack Breakdown")
+        col1, col2 = st.columns(2)
+
+        with col1:
+            st.subheader("By Threat Level")
+            threat_counts = {}
+            for e in events:
+                threat_counts[e.threat_level] = threat_counts.get(e.threat_level, 0) + 1
+            st.bar_chart(threat_counts)
+
+        with col2:
+            st.subheader("By Category")
+            category_counts = {}
+            for e in events:
+                category_counts[e.attack_category] = category_counts.get(e.attack_category, 0) + 1
+            st.bar_chart(category_counts)
+
+        st.markdown("---")
+
+    # Event feed
+    st.header("🚨 Recent Attacks")
+
+    if not filtered_events:
+        st.info("No attacks detected yet. Ghost tools are active and monitoring.")
+    else:
+        # Sort by timestamp (newest first)
+        filtered_events.sort(key=lambda e: e.timestamp, reverse=True)
+
+        # Display events
+        for event in filtered_events:
+            threat_emoji = get_threat_emoji(event.threat_level)
+
+            # Expander header with key info
+            header = (
+                f"{threat_emoji} **{event.ghost_tool_called}** | "
+                f"{format_timestamp(event.timestamp)} | "
+                f"Session: {event.session_id[:8]}... | "
+                f"Threat: {event.threat_level.upper()}"
+            )
+
+            with st.expander(header):
+                # Event details
+                col1, col2 = st.columns(2)
+
+                with col1:
+                    st.markdown("**Event Details**")
+                    st.text(f"Event ID: {event.event_id}")
+                    st.text(f"Timestamp: {format_timestamp(event.timestamp)}")
+                    st.text(f"Session ID: {event.session_id}")
+                    st.text(f"Threat Level: {event.threat_level}")
+                    st.text(f"Category: {event.attack_category}")
+
+                with col2:
+                    st.markdown("**Tool Call Sequence**")
+                    for i, tool in enumerate(event.tool_call_sequence, 1):
+                        if tool == event.ghost_tool_called:
+                            st.markdown(f"{i}. **{tool}** ⚠️ (honeypot)")
+                        else:
+                            st.text(f"{i}. {tool}")
+
+                # Arguments
+                if event.arguments:
+                    st.markdown("**Arguments Passed**")
+                    st.json(event.arguments)
+
+                # Response sent
+                st.markdown("**Fake Response Sent to Attacker**")
+                st.code(event.response_sent, language="text")
+
+                # Full event data
+                with st.expander("View Full Event JSON"):
+                    st.json(event.model_dump(mode="json"))
+
+    # Footer
+    st.markdown("---")
+    st.markdown("🍯 **HoneyMCP** - Deception Middleware for AI Agents")
+
+    # Auto-refresh button
+    if st.button("🔄 Refresh", key="refresh_btn"):
+        st.rerun()
+
+    # Auto-refresh timer info
+    st.sidebar.markdown("---")
+    st.sidebar.info("💡 Click 'Refresh' to reload events")
+
+
+if __name__ == "__main__":
+    main()

honeymcp/integrations/__init__.py

@@ -0,0 +1,3 @@
+"""External integrations for HoneyMCP."""
+
+__all__: list[str] = []

honeymcp/llm/__init__.py

@@ -0,0 +1,6 @@
+"""LLM utilities for dynamic ghost tool generation."""
+
+from honeymcp.llm.analyzers import ToolInfo, extract_tool_info
+from honeymcp.llm.prompts import format_prompt, get_prompts
+
+__all__ = ["format_prompt", "get_prompts", "extract_tool_info", "ToolInfo"]

honeymcp/llm/analyzers.py

@@ -0,0 +1,278 @@
+"""Tool and server analysis utilities."""
+
+import inspect
+import logging
+from dataclasses import dataclass
+from typing import Any, Dict, List, Optional
+
+from fastmcp import FastMCP
+
+logger = logging.getLogger(__name__)
+
+
+@dataclass
+class ToolInfo:
+    """Information about a tool extracted from an MCP server."""
+
+    name: str
+    """Tool name"""
+
+    description: str
+    """Tool description"""
+
+    parameters: Dict[str, Any]
+    """JSON schema for tool parameters"""
+
+    category: Optional[str] = None
+    """Optional category classification"""
+
+
+async def extract_tool_info(  # pylint: disable=too-many-branches,too-many-statements,too-many-nested-blocks,protected-access
+    server: FastMCP,
+) -> List[ToolInfo]:
+    """Extract tool information from a FastMCP server.
+
+    This function attempts to extract tool information using multiple methods
+    to ensure compatibility with different FastMCP versions.
+
+    Args:
+        server: FastMCP server instance
+
+    Returns:
+        List of ToolInfo objects containing tool metadata
+
+    Raises:
+        ValueError: If no tools can be extracted from the server
+    """
+    tools = []
+
+    # Method 1: Try using the public list_tools method if available
+    if hasattr(server, "list_tools"):
+        try:
+            tool_list = await server.list_tools()
+            for tool in tool_list:
+                # Handle both dict and object formats
+                if isinstance(tool, dict):
+                    name = tool.get("name", "unknown")
+                    description = tool.get("description", "No description")
+                    parameters = tool.get("inputSchema", {})
+                else:
+                    # Handle FunctionTool or similar objects
+                    name = getattr(tool, "name", "unknown")
+                    description = getattr(tool, "description", "No description")
+                    parameters = getattr(tool, "inputSchema", {})
+                    if not parameters and hasattr(tool, "parameters"):
+                        parameters = tool.parameters
+
+                tools.append(
+                    ToolInfo(
+                        name=name,
+                        description=description,
+                        parameters=parameters,
+                        category=None,
+                    )
+                )
+            if tools:
+                logger.info("Extracted %s tools using list_tools method", len(tools))
+                return tools
+        except Exception as e:
+            logger.warning("Failed to extract tools using list_tools: %s", e)
+
+    # Method 2: Try accessing internal _tools dictionary
+    if hasattr(server, "_tools"):
+        try:
+            internal_tools = server._tools
+            for tool_name, tool_obj in internal_tools.items():
+                description = "No description"
+                parameters = {}
+
+                # Extract description
+                if hasattr(tool_obj, "description"):
+                    description = tool_obj.description
+                elif hasattr(tool_obj, "__doc__") and tool_obj.__doc__:
+                    description = tool_obj.__doc__.strip()
+
+                # Extract parameters from function signature if available
+                if hasattr(tool_obj, "fn"):
+                    sig = inspect.signature(tool_obj.fn)
+                    properties = {}
+                    required = []
+
+                    for param_name, param in sig.parameters.items():
+                        if param_name in ("self", "cls"):
+                            continue
+
+                        param_type = "string"  # Default type
+                        if param.annotation != inspect.Parameter.empty:
+                            if param.annotation == int:
+                                param_type = "integer"
+                            elif param.annotation == float:
+                                param_type = "number"
+                            elif param.annotation == bool:
+                                param_type = "boolean"
+                            elif param.annotation == list:
+                                param_type = "array"
+                            elif param.annotation == dict:
+                                param_type = "object"
+
+                        properties[param_name] = {
+                            "type": param_type,
+                            "description": f"Parameter {param_name}",
+                        }
+
+                        if param.default == inspect.Parameter.empty:
+                            required.append(param_name)
+
+                    if properties:
+                        parameters = {
+                            "type": "object",
+                            "properties": properties,
+                            "required": required,
+                        }
+
+                tools.append(
+                    ToolInfo(
+                        name=tool_name,
+                        description=description,
+                        parameters=parameters,
+                        category=None,
+                    )
+                )
+
+            if tools:
+                logger.info("Extracted %s tools using _tools dictionary", len(tools))
+                return tools
+        except Exception as e:
+            logger.warning("Failed to extract tools using _tools: %s", e)
+
+    # Method 3: Try accessing internal docket
+    if hasattr(server, "_docket") and hasattr(server._docket, "tools"):
+        try:
+            docket_tools = server._docket.tools
+            for tool_name, tool_obj in docket_tools.items():
+                description = "No description"
+                parameters = {}
+
+                if hasattr(tool_obj, "description"):
+                    description = tool_obj.description
+
+                if hasattr(tool_obj, "parameters"):
+                    parameters = tool_obj.parameters
+                elif hasattr(tool_obj, "input_schema"):
+                    parameters = tool_obj.input_schema
+
+                tools.append(
+                    ToolInfo(
+                        name=tool_name,
+                        description=description,
+                        parameters=parameters,
+                        category=None,
+                    )
+                )
+
+            if tools:
+                logger.info("Extracted %s tools using _docket", len(tools))
+                return tools
+        except Exception as e:
+            logger.warning("Failed to extract tools using _docket: %s", e)
+
+    # If no tools were extracted, raise an error
+    if not tools:
+        raise ValueError(
+            "Could not extract tools from FastMCP server. "
+            "The server may not have any tools registered, or the FastMCP version "
+            "may not be compatible with the extraction methods."
+        )
+
+    return tools
+
+
+def categorize_tools(tools: List[ToolInfo]) -> Dict[str, List[ToolInfo]]:
+    """Categorize tools based on their names and descriptions.
+
+    Args:
+        tools: List of ToolInfo objects
+
+    Returns:
+        Dictionary mapping category names to lists of tools
+    """
+    categories = {
+        "file_system": [],
+        "database": [],
+        "api": [],
+        "security": [],
+        "development": [],
+        "communication": [],
+        "data_processing": [],
+        "other": [],
+    }
+
+    # Keywords for each category
+    category_keywords = {
+        "file_system": [
+            "file",
+            "read",
+            "write",
+            "directory",
+            "path",
+            "folder",
+            "upload",
+            "download",
+        ],
+        "database": [
+            "database",
+            "query",
+            "sql",
+            "table",
+            "record",
+            "insert",
+            "update",
+            "delete",
+        ],
+        "api": ["api", "request", "response", "endpoint", "http", "rest", "graphql"],
+        "security": [
+            "auth",
+            "token",
+            "credential",
+            "password",
+            "key",
+            "secret",
+            "permission",
+        ],
+        "development": [
+            "build",
+            "deploy",
+            "test",
+            "debug",
+            "compile",
+            "run",
+            "execute",
+        ],
+        "communication": ["send", "message", "email", "notify", "alert", "webhook"],
+        "data_processing": [
+            "process",
+            "transform",
+            "parse",
+            "convert",
+            "analyze",
+            "calculate",
+        ],
+    }
+
+    for tool in tools:
+        text = f"{tool.name} {tool.description}".lower()
+        categorized = False
+
+        for category, keywords in category_keywords.items():
+            if any(keyword in text for keyword in keywords):
+                categories[category].append(tool)
+                tool.category = category
+                categorized = True
+                break
+
+        if not categorized:
+            categories["other"].append(tool)
+            tool.category = "other"
+
+    # Remove empty categories
+    return {k: v for k, v in categories.items() if v}

honeymcp/llm/clients/__init__.py

@@ -0,0 +1,102 @@
+"""LLM client module for different providers."""
+
+import os
+from pathlib import Path
+from typing import Dict, Optional, Any
+from dotenv import load_dotenv
+from honeymcp.llm.clients.provider_type import LLMProviderType
+
+# Load .env.honeymcp first (if exists), then .env as fallback
+# This allows honeymcp-specific config without interfering with project's .env
+_honeymcp_env = Path.cwd() / ".env.honeymcp"
+if _honeymcp_env.exists():
+    load_dotenv(_honeymcp_env)
+else:
+    load_dotenv()  # Fall back to .env
+
+LLM_PROVIDER = LLMProviderType(os.getenv("LLM_PROVIDER", LLMProviderType.WATSONX.value))
+
+
+def _get_base_llm_settings(model_name: str, model_parameters: Optional[Dict]) -> Dict:
+    if model_parameters is None:
+        model_parameters = {}
+
+    if LLM_PROVIDER == LLMProviderType.WATSONX:
+        parameters = {
+            "max_new_tokens": model_parameters.get("max_tokens", 100),
+            "decoding_method": model_parameters.get("decoding_method", "greedy"),
+            "temperature": model_parameters.get("temperature", 0.9),
+            "repetition_penalty": model_parameters.get("repetition_penalty", 1.0),
+            "top_k": model_parameters.get("top_k", 50),
+            "top_p": model_parameters.get("top_p", 1.0),
+            "stop_sequences": model_parameters.get("stop_sequences", []),
+        }
+
+        return {
+            "url": os.getenv("WATSONX_API_ENDPOINT"),
+            "project_id": os.getenv("WATSONX_PROJECT_ID"),
+            "apikey": os.getenv("WATSONX_API_KEY"),
+            "model_id": model_name,
+            "params": parameters,
+        }
+
+    if LLM_PROVIDER == LLMProviderType.OPENAI:
+        parameters = {
+            "max_tokens": model_parameters.get("max_tokens", 100),
+            "temperature": model_parameters.get("temperature", 0),
+            "stop": model_parameters.get("stop_sequences", []),
+        }
+        return {
+            "api_key": os.getenv("OPENAI_API_KEY"),
+            "model": model_name,
+            **parameters,
+        }
+
+    if LLM_PROVIDER == LLMProviderType.RITS:
+        rits_base_url = os.getenv("RITS_API_BASE_URL")
+
+        parameters = {
+            "max_tokens": model_parameters.get("max_tokens", 100),
+            "temperature": model_parameters.get("temperature", 0.9),
+            "top_p": model_parameters.get("top_p", 1.0),
+            "stop": model_parameters.get("stop_sequences", []),
+        }
+
+        return {
+            "base_url": f"{rits_base_url}/v1",
+            "model": model_name,
+            "api_key": os.getenv("RITS_API_KEY"),
+            "extra_body": parameters,
+        }
+
+    raise ValueError(f"Incorrect LLM provider: {LLM_PROVIDER}")
+
+
+def get_chat_llm_client(
+    model_name: str = "rits/openai/gpt-oss-120b",
+    model_parameters: Optional[Dict] = None,
+) -> Any:
+    """Get a chat LLM client based on the configured provider.
+
+    Args:
+        model_name: The name of the model to use.
+        model_parameters: Optional model parameters.
+
+    Returns:
+        The LLM client instance.
+    """
+    if LLM_PROVIDER in (LLMProviderType.OPENAI, LLMProviderType.RITS):
+        from langchain_openai import ChatOpenAI  # pylint: disable=import-outside-toplevel
+
+        return ChatOpenAI(
+            **_get_base_llm_settings(model_name=model_name, model_parameters=model_parameters)
+        )
+
+    if LLM_PROVIDER == LLMProviderType.WATSONX:
+        from langchain_ibm import ChatWatsonx  # pylint: disable=import-outside-toplevel
+
+        return ChatWatsonx(
+            **_get_base_llm_settings(model_name=model_name, model_parameters=model_parameters)
+        )
+
+    raise ValueError(f"Unsupported LLM provider: {LLM_PROVIDER}")

honeymcp/llm/clients/provider_type.py

@@ -0,0 +1,11 @@
+"""LLM provider type enumeration module."""
+
+from enum import Enum
+
+
+class LLMProviderType(Enum):
+    """Enumeration of supported LLM provider types."""
+
+    WATSONX = "watsonx"
+    OPENAI = "openai"
+    RITS = "rits"