vmware-harden 1.0.0__tar.gz

vmware_harden-1.0.0/.gitignore

@@ -0,0 +1,12 @@
+__pycache__/
+*.pyc
+.pytest_cache/
+.venv/
+dist/
+build/
+*.egg-info/
+*.duckdb
+*.duckdb.wal
+.env
+.coverage
+htmlcov/

vmware_harden-1.0.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Wei Zhou
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OF OTHER DEALINGS IN THE
+SOFTWARE.

vmware_harden-1.0.0/PKG-INFO

@@ -0,0 +1,128 @@
+Metadata-Version: 2.4
+Name: vmware-harden
+Version: 1.0.0
+Summary: AI-native VMware compliance and baseline enforcement
+Author-email: Wei Zhou <wei-wz.zhou@broadcom.com>
+License-Expression: MIT
+License-File: LICENSE
+Requires-Python: >=3.10
+Requires-Dist: anthropic<1.0,>=0.40
+Requires-Dist: duckdb<2.0,>=0.10
+Requires-Dist: fastapi<1.0,>=0.110
+Requires-Dist: httpx<1.0,>=0.27
+Requires-Dist: jinja2<4.0,>=3.1
+Requires-Dist: mcp<2.0,>=1.0
+Requires-Dist: pydantic<3.0,>=2.5
+Requires-Dist: pyyaml<7.0,>=6.0
+Requires-Dist: typer<1.0,>=0.12
+Requires-Dist: uvicorn[standard]<1.0,>=0.27
+Requires-Dist: vmware-policy<2.0,>=1.0.0
+Description-Content-Type: text/markdown
+
+# vmware-harden
+
+> **Disclaimer**: Community-maintained open-source project. **Not affiliated with, endorsed by, or sponsored by VMware, Inc. or Broadcom Inc.** "VMware", "vSphere", "ESXi", and "NSX" are trademarks of Broadcom. Source code is publicly auditable at [github.com/zw008/VMware-Harden](https://github.com/zw008/VMware-Harden) under the MIT license.
+
+AI-native VMware compliance and baseline enforcement. Sibling to the `vmware-*` skill family.
+
+## v1.0.0 — first public release
+
+Production-ready compliance platform with **4 built-in baselines** (CIS ESXi, vSphere SCG v8, **等保 2.0 三级**, PCI-DSS 4.0), **65 rules**, multi-vCenter Twin, drift detection, **LLM Remediation Advisor**, **MCP server** with 6 audited tools, and a 3-page web dashboard.
+
+## Quickstart
+
+```bash
+uv tool install vmware-harden
+
+# List built-in baselines
+vmware-harden baseline list
+
+# Run a scan
+vmware-harden scan --target <vcenter-name> --baseline cis-vmware-esxi-8.0-subset
+
+# Or use 等保 2.0 三级 (国内合规独家)
+vmware-harden scan --target <vc> --baseline dengbao-2.0-level3-vmware
+
+# View results
+vmware-harden report
+vmware-harden drift
+
+# Generate remediation suggestions
+export ANTHROPIC_API_KEY=...  # optional; falls back to mock without
+vmware-harden advise --all-critical
+
+# Web dashboard
+vmware-harden web --port 8080  # → http://127.0.0.1:8080
+```
+
+## Built-in baselines
+
+| Baseline | Rules | Applies to | Source |
+|----------|-------|-----------|--------|
+| `cis-vmware-esxi-8.0-subset` | 20 | host | CIS Benchmark v1.0 |
+| `vsphere-scg-v8-subset` | 15 | host, vm | [VMware vcf-security-and-compliance-guidelines](https://github.com/vmware/vcf-security-and-compliance-guidelines) |
+| `dengbao-2.0-level3-vmware` | 20 | host, vm, datastore, dfw_rule | GB/T 22239-2019 三级 |
+| `pci-dss-4.0-vmware` | 10 | host, dfw_rule | PCI-DSS v4.0 |
+
+## Custom baselines
+
+```bash
+vmware-harden baseline validate ./my-strict.yaml
+vmware-harden baseline import ./my-strict.yaml --name my-strict-cis
+vmware-harden scan --target <vc> --baseline my-strict-cis
+```
+
+YAML supports `extends:` for inheriting from a built-in baseline. See `skills/vmware-harden/references/cli-reference.md`.
+
+## MCP server
+
+```bash
+vmware-harden-mcp  # stdio MCP server
+```
+
+Configure your MCP client with one of `examples/mcp-configs/*.json`. 6 read-only tools: `list_baselines`, `list_violations`, `get_remediation`, `list_drift_events`, `get_baseline_rules`, `scan_target`.
+
+## Architecture
+
+- **Estate Digital Twin** — DuckDB single file at `~/.vmware-harden/twin.duckdb`. Multi-target safe via target prefix on all node IDs.
+- **Collectors** — lazy-import sibling vmware-* skills (no spawn overhead). All scans are READ; writes deferred to vmware-pilot.
+- **Baseline schema** — Pydantic v2, strict (`extra="forbid"`), `extends:` inheritance, user-dir override.
+- **Drift** — pure diff function with optional persistence; auto-runs after every scan.
+- **Advisor** — LLM-driven Suggestion generation; Anthropic provider with prompt caching; mock fallback for tests / no-API-key environments.
+- **Audit** — every MCP tool wrapped with `@vmware_tool` from family vmware-policy.
+- **Web** — FastAPI + Jinja2 + Tailwind/HTMX/ECharts CDN.
+
+## Lab regression
+
+```bash
+export VMWARE_HARDEN_LAB_TARGET=<your-vc>
+pytest tests/eval/regression -v -m lab
+```
+
+## Family
+
+- **vmware-aiops** — host inventory + ops (used by harden's HostCollector)
+- **vmware-monitor** — read-only counterpart
+- **vmware-storage** — datastore inventory
+- **vmware-nsx-security** — DFW inventory
+- **vmware-pilot** — execute remediations (writes; out of scope for harden)
+- **vmware-policy** — `@vmware_tool` audit decorator
+
+## Acceptance criteria for v1.0
+
+- 189+ tests passing
+- Bandit: 0 issues at any severity
+- All 6 MCP tools audited
+- SKILL.md ≤ 3000 words, family-convention compliant
+- SECURITY.md with 6 elements + Broadcom disclaimer
+- 4 built-in baselines
+
+## References
+
+- Design: parent monorepo `docs/plans/2026-05-03-vmware-harden-design.md`
+- M1/M2/M3 plans: `docs/plans/2026-05-04-vmware-harden-{m1,m2,m3}-plan.md`
+- Family CLAUDE.md: `/Users/zw/testany/myskills/CLAUDE.md`
+
+## License
+
+MIT

vmware_harden-1.0.0/README.md

@@ -0,0 +1,107 @@
+# vmware-harden
+
+> **Disclaimer**: Community-maintained open-source project. **Not affiliated with, endorsed by, or sponsored by VMware, Inc. or Broadcom Inc.** "VMware", "vSphere", "ESXi", and "NSX" are trademarks of Broadcom. Source code is publicly auditable at [github.com/zw008/VMware-Harden](https://github.com/zw008/VMware-Harden) under the MIT license.
+
+AI-native VMware compliance and baseline enforcement. Sibling to the `vmware-*` skill family.
+
+## v1.0.0 — first public release
+
+Production-ready compliance platform with **4 built-in baselines** (CIS ESXi, vSphere SCG v8, **等保 2.0 三级**, PCI-DSS 4.0), **65 rules**, multi-vCenter Twin, drift detection, **LLM Remediation Advisor**, **MCP server** with 6 audited tools, and a 3-page web dashboard.
+
+## Quickstart
+
+```bash
+uv tool install vmware-harden
+
+# List built-in baselines
+vmware-harden baseline list
+
+# Run a scan
+vmware-harden scan --target <vcenter-name> --baseline cis-vmware-esxi-8.0-subset
+
+# Or use 等保 2.0 三级 (国内合规独家)
+vmware-harden scan --target <vc> --baseline dengbao-2.0-level3-vmware
+
+# View results
+vmware-harden report
+vmware-harden drift
+
+# Generate remediation suggestions
+export ANTHROPIC_API_KEY=...  # optional; falls back to mock without
+vmware-harden advise --all-critical
+
+# Web dashboard
+vmware-harden web --port 8080  # → http://127.0.0.1:8080
+```
+
+## Built-in baselines
+
+| Baseline | Rules | Applies to | Source |
+|----------|-------|-----------|--------|
+| `cis-vmware-esxi-8.0-subset` | 20 | host | CIS Benchmark v1.0 |
+| `vsphere-scg-v8-subset` | 15 | host, vm | [VMware vcf-security-and-compliance-guidelines](https://github.com/vmware/vcf-security-and-compliance-guidelines) |
+| `dengbao-2.0-level3-vmware` | 20 | host, vm, datastore, dfw_rule | GB/T 22239-2019 三级 |
+| `pci-dss-4.0-vmware` | 10 | host, dfw_rule | PCI-DSS v4.0 |
+
+## Custom baselines
+
+```bash
+vmware-harden baseline validate ./my-strict.yaml
+vmware-harden baseline import ./my-strict.yaml --name my-strict-cis
+vmware-harden scan --target <vc> --baseline my-strict-cis
+```
+
+YAML supports `extends:` for inheriting from a built-in baseline. See `skills/vmware-harden/references/cli-reference.md`.
+
+## MCP server
+
+```bash
+vmware-harden-mcp  # stdio MCP server
+```
+
+Configure your MCP client with one of `examples/mcp-configs/*.json`. 6 read-only tools: `list_baselines`, `list_violations`, `get_remediation`, `list_drift_events`, `get_baseline_rules`, `scan_target`.
+
+## Architecture
+
+- **Estate Digital Twin** — DuckDB single file at `~/.vmware-harden/twin.duckdb`. Multi-target safe via target prefix on all node IDs.
+- **Collectors** — lazy-import sibling vmware-* skills (no spawn overhead). All scans are READ; writes deferred to vmware-pilot.
+- **Baseline schema** — Pydantic v2, strict (`extra="forbid"`), `extends:` inheritance, user-dir override.
+- **Drift** — pure diff function with optional persistence; auto-runs after every scan.
+- **Advisor** — LLM-driven Suggestion generation; Anthropic provider with prompt caching; mock fallback for tests / no-API-key environments.
+- **Audit** — every MCP tool wrapped with `@vmware_tool` from family vmware-policy.
+- **Web** — FastAPI + Jinja2 + Tailwind/HTMX/ECharts CDN.
+
+## Lab regression
+
+```bash
+export VMWARE_HARDEN_LAB_TARGET=<your-vc>
+pytest tests/eval/regression -v -m lab
+```
+
+## Family
+
+- **vmware-aiops** — host inventory + ops (used by harden's HostCollector)
+- **vmware-monitor** — read-only counterpart
+- **vmware-storage** — datastore inventory
+- **vmware-nsx-security** — DFW inventory
+- **vmware-pilot** — execute remediations (writes; out of scope for harden)
+- **vmware-policy** — `@vmware_tool` audit decorator
+
+## Acceptance criteria for v1.0
+
+- 189+ tests passing
+- Bandit: 0 issues at any severity
+- All 6 MCP tools audited
+- SKILL.md ≤ 3000 words, family-convention compliant
+- SECURITY.md with 6 elements + Broadcom disclaimer
+- 4 built-in baselines
+
+## References
+
+- Design: parent monorepo `docs/plans/2026-05-03-vmware-harden-design.md`
+- M1/M2/M3 plans: `docs/plans/2026-05-04-vmware-harden-{m1,m2,m3}-plan.md`
+- Family CLAUDE.md: `/Users/zw/testany/myskills/CLAUDE.md`
+
+## License
+
+MIT

vmware_harden-1.0.0/RELEASE_NOTES.md

@@ -0,0 +1,59 @@
+# Release Notes
+
+## v1.0.0 — 2026-05-04
+
+First public release. Production-ready compliance platform for VMware infrastructure with AI-native remediation guidance.
+
+### M3 highlights (this release)
+
+- **Remediation Advisor** — LLM-driven Suggestion generation per violation. Provider abstraction (Anthropic + Mock); falls back to mock with stderr warning when `ANTHROPIC_API_KEY` unset. Persisted to Twin alongside violations.
+- **MCP server** — Real FastMCP-based server (replaced the v0.x stub). 6 read-only tools: `list_baselines`, `list_violations`, `get_remediation`, `list_drift_events`, `get_baseline_rules`, `scan_target`. All wrapped with `@vmware_tool` for audit logging to `~/.vmware/audit.db`.
+- **CLI: `vmware-harden advise`** — generates Suggestions with `--violation-id` or `--all-critical`.
+- **Web Remediation panel** — HTMX-driven inline expansion on the violations page.
+- **Documentation** — comprehensive `SKILL.md`, `SECURITY.md`, and `references/` directory (cli-reference, capabilities, setup-guide).
+- **Publish artifacts** — `server.json` for MCP Registry; example configs for Claude Code/Cursor/Cline/VS Code Copilot/Goose; uvx fallback for corporate TLS environments.
+
+### M2 (recap — already in main)
+
+- 4 baselines (CIS ESXi, vSphere SCG v8, **等保 2.0 三级**, PCI-DSS 4.0) — 65 rules
+- 4 collectors: host, VM, datastore, NSX DFW
+- Multi-target Twin (target:moref namespacing)
+- Custom YAML import + extends inheritance
+- Drift detection (config + inventory + posture)
+- Web dashboard (FastAPI + HTMX + Tailwind + ECharts) — 3 pages
+
+### M1 (recap)
+
+- DuckDB Estate Twin
+- Pydantic-validated baseline schema
+- SQL-based query check executor
+- Initial CIS ESXi 8.0 baseline (20 rules)
+
+### Acceptance criteria for v1.0
+
+- 189+ tests passing
+- Bandit: 0 issues
+- 6 MCP tools, all audited
+- SKILL.md ≤ 3000 words, frontmatter compliant
+- SECURITY.md with 6 elements + Broadcom disclaimer
+- 4 built-in baselines
+
+### Known limitations (deferred to v1.1)
+
+- **MCP audit `skill` field** logs as `unknown` due to `vmware_policy._infer_skill` looking for `vmware_<skill>` package layout (we use `mcp_server`). Same as sibling skills; not a regression.
+- **vmware-pilot integration** is in this release (v1.0) but real Pilot endpoint integration may need adjustment based on Pilot v1.x API. Mock client is fully functional.
+- **ScriptCheck rules rejected at load time** — declarative SQL (`QueryCheck`)
+  covers all v1.0 baselines (CIS, SCG, 等保, PCI). Implementing executable
+  script checks is a v2 feature gated on a security threat model
+  (sandboxing arbitrary Python from baseline YAML). Tracked at
+  `vmware_harden/baselines/loader.py` (search for "DEFERRED to v2.0").
+
+### Upgrade notes
+
+This is the first public release; nothing to migrate from. New deployments:
+
+```bash
+uv tool install vmware-harden
+vmware-harden baseline list
+vmware-harden scan --target <vc> --baseline cis-vmware-esxi-8.0-subset
+```

vmware_harden-1.0.0/SECURITY.md

@@ -0,0 +1,79 @@
+# Security Policy
+
+## Disclaimer
+
+This is a community-maintained open-source project and is **not affiliated with, endorsed by, or sponsored by VMware, Inc. or Broadcom Inc.** "VMware" and "vSphere" are trademarks of Broadcom Inc.
+
+**Author**: Wei Zhou, VMware by Broadcom — wei-wz.zhou@broadcom.com
+
+## Reporting Vulnerabilities
+
+If you discover a security vulnerability, please report it privately:
+
+- **Email**: wei-wz.zhou@broadcom.com
+- **GitHub**: Open a [private security advisory](https://github.com/zw008/VMware-Harden/security/advisories/new)
+
+Do **not** open a public GitHub issue for security vulnerabilities.
+
+## Security Design
+
+### Credential Management
+
+- `vmware-harden` does **not** hold or read vSphere/NSX/Aria credentials directly. All infrastructure access is delegated to sibling skills (`vmware-aiops`, `vmware-monitor`, `vmware-nsx`, etc.), each of which manages its own `~/.vmware-<skill>/.env` with `chmod 600` enforcement.
+- The only credential consumed by this skill is the LLM provider API key (e.g. `ANTHROPIC_API_KEY`), which **must** be supplied via environment variable. It is never read from config files, never logged, and never persisted to disk.
+- Audit entries written to `~/.vmware/audit.db` contain operation metadata only — never credentials, raw prompts containing secrets, or LLM API keys.
+
+### Read-Only by Design
+
+This skill is **strictly non-destructive**. Every MCP tool and every CLI command performs only read operations: it reads compliance baselines (YAML), queries sibling skills' read-only twin APIs, runs LLM analysis, and writes findings to local report files. **No tool in this codebase can modify vSphere, NSX, Aria, or Kubernetes state.** Remediation work is intentionally deferred to `vmware-pilot`, which provides approval gating and audit trails for write operations.
+
+### Compliance Baselines as Data
+
+- Compliance baselines (CIS, DISA STIG, vendor hardening guides) ship as **YAML files** under `vmware_harden/baselines/`.
+- Baselines are loaded through Pydantic models in **strict mode** — unknown fields are rejected, types are enforced, and no field is ever passed to `eval()`, `exec()`, or a shell.
+- User-supplied baseline overrides go through the same Pydantic validation gate before being merged.
+
+### LLM Integration
+
+- The only LLM integration is the **Anthropic API** via the official SDK. No alternate providers, no proxies, no shell-out to local models.
+- LLM prompts are constructed from **typed Twin query results** (Pydantic-validated dataclasses from sibling skills), never from raw user free-text.
+- LLM responses are parsed back through Pydantic validators before being persisted as findings; malformed responses are rejected with a structured error rather than being trusted blindly.
+- The skill never executes LLM-generated code, shell commands, or API calls. LLM output is treated as data (text findings + structured severity), not as instructions.
+
+### Audit Logging
+
+- Every MCP tool invocation is wrapped with the `@vmware_tool` decorator from `vmware-policy`.
+- Each call appends an entry to `~/.vmware/audit.db` (SQLite WAL): timestamp, tool name, parameters (sanitized), result status, agent context.
+- Audit-write failures degrade to stderr warnings and never block the primary operation.
+
+### SSL/TLS Verification
+
+- `vmware-harden` makes **no direct TLS connections to vSphere, NSX, or Aria** — TLS verification policy is owned by the sibling skills it delegates to.
+- The Anthropic API client uses the system CA bundle and full certificate verification by default.
+
+### Transitive Dependencies
+
+- The only family-internal dependency is `vmware-policy` (the `@vmware_tool` decorator + audit logging).
+- All other dependencies are standard Python packages (Pydantic, PyYAML, anthropic, Click, Rich).
+- No post-install scripts, no background services, no daemons.
+
+### Prompt Injection Protection
+
+- Twin query results consumed by the LLM are **typed Pydantic objects**, not raw API blobs. Free-form text fields (VM names, event messages, host log lines) are sanitized via the upstream skill's `_sanitize()` (≤500 chars, C0/C1 stripped) before crossing the skill boundary.
+- LLM-side defense in depth: prompts wrap untrusted fields in explicit boundary markers (`[ASSET_NAME]`, `[EVENT_TEXT]`, …) so the model can distinguish data from instructions.
+- Findings returned by the LLM are validated through Pydantic before being persisted; any field that fails type/length/enum validation is rejected, not stored.
+
+## Static Analysis
+
+This project is scanned with [Bandit](https://bandit.readthedocs.io/) before every release, targeting 0 Medium+ issues:
+
+```bash
+uvx bandit -r vmware_harden/ mcp_server/
+```
+
+## Supported Versions
+
+| Version | Supported |
+|---------|-----------|
+| 1.5.x   | Yes       |
+| < 1.5   | No        |

vmware_harden-1.0.0/examples/mcp-configs/README.md

@@ -0,0 +1,43 @@
+# MCP Configuration Templates
+
+Copy the relevant config snippet into your AI agent's MCP configuration file.
+
+## Prerequisites
+
+```bash
+# Install vmware-harden (recommended — entry point is on PATH, no network at launch)
+uv tool install vmware-harden
+# or: pip install vmware-harden
+
+# Optional: enable the LLM Remediation Advisor
+export ANTHROPIC_API_KEY="sk-ant-..."
+# Without ANTHROPIC_API_KEY, the advisor falls back to a deterministic mock provider.
+
+# Twin DB defaults to ~/.vmware-harden/twin.duckdb; override with VMWARE_HARDEN_DB.
+```
+
+## Agent Configuration Files
+
+| Agent | Config File | Template |
+|-------|-------------|----------|
+| Claude Code / Desktop | `~/.claude/settings.json` (or Claude Desktop config) | [claude-code.json](claude-code.json) |
+| Cursor | Cursor MCP settings | [cursor.json](cursor.json) |
+| Cline (VS Code) | `cline_mcp_settings.json` | [cline.json](cline.json) |
+| VS Code Copilot | `.vscode/mcp.json` | [vscode-copilot.json](vscode-copilot.json) |
+| Goose | `goose configure` or UI | [goose.json](goose.json) |
+| uvx fallback (no install) | any of the above | [uvx-fallback.json](uvx-fallback.json) |
+
+## Corporate TLS / Proxy Notes
+
+If `uvx` fails with `invalid peer certificate: UnknownIssuer` behind a corporate
+TLS-intercepting proxy, prefer `uv tool install vmware-harden` and use the entry
+point directly (`vmware-harden-mcp`). The installed binary does not hit the
+network at launch. If you must use `uvx`, set `UV_NATIVE_TLS=true` so uv reads
+the system CA store — see [uvx-fallback.json](uvx-fallback.json) and
+references/setup-guide.md.
+
+## Safety Note
+
+All MCP tools in vmware-harden are **read-only by design** in M3. Remediation
+suggestions are returned as advisory data only — applying changes goes through
+the separate `vmware-pilot` workflow with explicit human approval gates.

vmware_harden-1.0.0/examples/mcp-configs/claude-code.json

@@ -0,0 +1,20 @@
+{
+  "_comment": [
+    "Claude Code / Claude Desktop MCP configuration for vmware-harden.",
+    "Prerequisites:",
+    "  1. Install: uv tool install vmware-harden  (or: pip install vmware-harden)",
+    "  2. Optional: set ANTHROPIC_API_KEY to enable the LLM Remediation Advisor",
+    "     (without it, the advisor falls back to a deterministic mock provider)",
+    "  3. Twin DB defaults to ~/.vmware-harden/twin.duckdb; override with VMWARE_HARDEN_DB",
+    "  4. Corporate TLS / proxy issues: see references/setup-guide.md (踩坑 #25)"
+  ],
+  "mcpServers": {
+    "vmware-harden": {
+      "command": "vmware-harden-mcp",
+      "args": [],
+      "env": {
+        "VMWARE_HARDEN_DB": "~/.vmware-harden/twin.duckdb"
+      }
+    }
+  }
+}

vmware_harden-1.0.0/examples/mcp-configs/cline.json

@@ -0,0 +1,13 @@
+{
+  "mcpServers": {
+    "vmware-harden": {
+      "command": "vmware-harden-mcp",
+      "args": [],
+      "env": {
+        "VMWARE_HARDEN_DB": "~/.vmware-harden/twin.duckdb"
+      },
+      "disabled": false,
+      "autoApprove": []
+    }
+  }
+}

vmware_harden-1.0.0/examples/mcp-configs/cursor.json

@@ -0,0 +1,11 @@
+{
+  "mcpServers": {
+    "vmware-harden": {
+      "command": "vmware-harden-mcp",
+      "args": [],
+      "env": {
+        "VMWARE_HARDEN_DB": "~/.vmware-harden/twin.duckdb"
+      }
+    }
+  }
+}

vmware_harden-1.0.0/examples/mcp-configs/goose.json

@@ -0,0 +1,9 @@
+{
+  "name": "vmware-harden",
+  "description": "AI-native VMware compliance and baseline enforcement with LLM Remediation Advisor",
+  "command": "vmware-harden-mcp",
+  "args": [],
+  "env": {
+    "VMWARE_HARDEN_DB": "~/.vmware-harden/twin.duckdb"
+  }
+}

vmware_harden-1.0.0/examples/mcp-configs/uvx-fallback.json

@@ -0,0 +1,21 @@
+{
+  "_comment": [
+    "Fallback config for users without `uv tool install vmware-harden`.",
+    "Uses uvx to resolve the package on each launch.",
+    "",
+    "Corporate TLS proxy: set UV_NATIVE_TLS=true so uv uses the system CA store",
+    "(otherwise uv's bundled webpki rejects MitM proxies; see CLAUDE.md 踩坑 #25).",
+    "Prefer `uv tool install vmware-harden` + the entry-point configs whenever possible —",
+    "uvx re-resolves PyPI on every launch and is fragile on restricted networks."
+  ],
+  "mcpServers": {
+    "vmware-harden": {
+      "command": "uvx",
+      "args": ["--from", "vmware-harden", "vmware-harden-mcp"],
+      "env": {
+        "UV_NATIVE_TLS": "true",
+        "VMWARE_HARDEN_DB": "~/.vmware-harden/twin.duckdb"
+      }
+    }
+  }
+}

vmware_harden-1.0.0/examples/mcp-configs/vscode-copilot.json

@@ -0,0 +1,12 @@
+{
+  "servers": {
+    "vmware-harden": {
+      "type": "stdio",
+      "command": "vmware-harden-mcp",
+      "args": [],
+      "env": {
+        "VMWARE_HARDEN_DB": "~/.vmware-harden/twin.duckdb"
+      }
+    }
+  }
+}

vmware_harden-1.0.0/mcp_server/server.py

@@ -0,0 +1,61 @@
+"""vmware-harden MCP server entry point.
+
+Tools are defined in vmware_harden.mcp.tools (so audit logs see skill=harden).
+This module wires them into a FastMCP server and provides the stdio entry point.
+"""
+import os
+from pathlib import Path
+
+from mcp.server.fastmcp import FastMCP
+
+from vmware_harden.mcp import tools as t
+
+
+def build_server(db_path: str | Path = "~/.vmware-harden/twin.duckdb") -> FastMCP:
+    """Construct and configure the MCP server."""
+    t._DB_PATH = Path(os.path.expanduser(str(db_path)))
+    server = FastMCP("vmware-harden")
+
+    @server.tool(name="list_baselines")
+    def _list_baselines_impl() -> list[dict]:
+        """[READ] List built-in and user-imported compliance baselines."""
+        return t.list_baselines()
+
+    @server.tool(name="list_violations")
+    def _list_violations_impl(severity: str | None = None) -> list[dict]:
+        """[READ] Latest snapshot's violations, optionally filtered by severity."""
+        return t.list_violations(severity)
+
+    @server.tool(name="get_remediation")
+    def _get_remediation_impl(violation_id: str) -> dict | None:
+        """[READ] Get the persisted Suggestion for a violation, or None."""
+        return t.get_remediation(violation_id)
+
+    @server.tool(name="list_drift_events")
+    def _list_drift_events_impl(limit: int = 50) -> list[dict]:
+        """[READ] Latest snapshot's change events."""
+        return t.list_drift_events(limit)
+
+    @server.tool(name="get_baseline_rules")
+    def _get_baseline_rules_impl(baseline_id: str) -> list[dict]:
+        """[READ] Return all rules of a given baseline."""
+        return t.get_baseline_rules(baseline_id)
+
+    @server.tool(name="scan_target")
+    def _scan_target_impl(
+        target: str, baseline: str = "cis-vmware-esxi-8.0-subset"
+    ) -> dict:
+        """[READ] Run a scan for `target` against `baseline`."""
+        return t.scan_target(target, baseline)
+
+    return server
+
+
+def main() -> None:
+    """Entry point for `vmware-harden-mcp` (stdio transport)."""
+    server = build_server()
+    server.run()
+
+
+if __name__ == "__main__":
+    main()

vmware_harden-1.0.0/pyproject.toml

@@ -0,0 +1,55 @@
+[project]
+name = "vmware-harden"
+version = "1.0.0"
+description = "AI-native VMware compliance and baseline enforcement"
+readme = "README.md"
+license = "MIT"
+authors = [{ name = "Wei Zhou", email = "wei-wz.zhou@broadcom.com" }]
+requires-python = ">=3.10"
+dependencies = [
+    "typer>=0.12,<1.0",
+    "pydantic>=2.5,<3.0",
+    "duckdb>=0.10,<2.0",
+    "pyyaml>=6.0,<7.0",
+    # Reserved for v1.1 MCP integration (@vmware_tool decorator + audit logging).
+    "vmware-policy>=1.0.0,<2.0",
+    "fastapi>=0.110,<1.0",
+    "uvicorn[standard]>=0.27,<1.0",
+    "jinja2>=3.1,<4.0",
+    "httpx>=0.27,<1.0",
+    "anthropic>=0.40,<1.0",
+    "mcp>=1.0,<2.0",
+]
+
+[dependency-groups]
+dev = [
+    "pytest>=8.0,<10.0",
+    "pytest-cov>=5.0,<8.0",
+    "ruff>=0.5,<1.0",
+]
+
+[project.scripts]
+vmware-harden = "vmware_harden.cli.main:app"
+vmware-harden-mcp = "mcp_server.server:main"
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.hatch.build.targets.wheel]
+packages = ["vmware_harden", "mcp_server"]
+
+[tool.ruff]
+line-length = 100
+target-version = "py310"
+
+[tool.ruff.lint]
+select = ["E", "F", "I", "N", "W", "UP"]
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+markers = [
+    "unit: Unit tests",
+    "integration: Integration tests with mocked external systems",
+    "lab: Tests requiring real VMware lab environment",
+]