-
Notifications
You must be signed in to change notification settings - Fork 17
Expand file tree
/
Copy pathmain.go
More file actions
111 lines (91 loc) · 2.75 KB
/
main.go
File metadata and controls
111 lines (91 loc) · 2.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package main
import (
"fmt"
"os"
"github.com/mark3labs/mcp-go/mcp"
"github.com/mark3labs/mcp-go/server"
)
var version = "dev"
func main() {
if err := run(); err != nil {
fmt.Fprintf(os.Stderr, "Error: %v\n", err)
os.Exit(1)
}
}
func run() error {
cfg, err := loadConfig()
if err != nil {
return fmt.Errorf("failed to load configuration: %w", err)
}
if version != "dev" {
cfg.Server.Version = version
}
log, err := newLogger(cfg.Logging)
if err != nil {
return fmt.Errorf("failed to initialize logger: %w", err)
}
configFile := os.Getenv("MCP_SHELL_SEC_CONFIG_FILE")
if configFile != "" {
log.Info().Str("config_file", configFile).Msg("Loading security config")
} else {
log.Info().Msg("No security config file specified, security disabled")
}
log.Info().
Str("server_name", cfg.Server.Name).
Str("version", cfg.Server.Version).
Str("log_level", cfg.Logging.Level).
Str("log_format", cfg.Logging.Format).
Bool("security_enabled", cfg.Security.Enabled).
Msg("Configuration loaded")
if cfg.Security.Enabled {
log.Info().
Str("working_dir", cfg.Security.WorkingDirectory).
Dur("max_execution_time", cfg.Security.MaxExecutionTime).
Int("max_output_size", cfg.Security.MaxOutputSize).
Int("allowed_commands", len(cfg.Security.AllowedCommands)).
Int("blocked_commands", len(cfg.Security.BlockedCommands)).
Int("blocked_patterns", len(cfg.Security.BlockedPatterns)).
Bool("audit_log", cfg.Security.AuditLog).
Msg("Security configuration")
log.Debug().
Strs("allowed_commands", cfg.Security.AllowedCommands).
Msg("Allowed commands list")
log.Debug().
Strs("blocked_commands", cfg.Security.BlockedCommands).
Msg("Blocked commands list")
log.Debug().
Strs("blocked_patterns", cfg.Security.BlockedPatterns).
Msg("Blocked patterns list")
}
validator := newSecurityValidator(cfg.Security, log)
executor := newCommandExecutor(cfg.Security, log)
shellHandler := newShellHandler(validator, executor, log)
s := server.NewMCPServer(
cfg.Server.Name,
cfg.Server.Version,
server.WithToolCapabilities(false),
)
shellTool := mcp.NewTool(
"shell_exec",
mcp.WithDescription(
"Execute shell commands with configurable security constraints. Returns structured JSON with stdout, stderr, exit code and execution metadata.",
),
mcp.WithString("command",
mcp.Required(),
mcp.Description("Shell command to execute"),
),
mcp.WithBoolean(
"base64",
mcp.DefaultBool(false),
mcp.Description(
"Return stdout/stderr as base64-encoded strings (useful for binary data)",
),
),
)
s.AddTool(shellTool, shellHandler.handle)
log.Info().Msg("MCP server initialized, serving on stdio")
if err := server.ServeStdio(s); err != nil {
return fmt.Errorf("server error: %w", err)
}
return nil
}