fix(MCP,CLI): sync MCP tools, autoApprove, CLI docs with actual implementation

- MCP: add get_symbols tool, inject add verify param, test_serial add timeout param
- mcp.json: autoApprove add missing get_symbols, serial_send, test_serial, file_list, file_stat, file_download
- steering: update mcp-fpbinject.md tool count to 21, add get_symbols entry
- Docs/CLI.md: document all 21 commands and missing global options (was only 9)

Author: FASTSHIFT

.kiro/settings/mcp.json

@@ -12,17 +12,23 @@
         "decompile",
         "signature",
         "search",
+        "get_symbols",
         "compile_patch",
         "info",
         "serial_read",
+        "serial_send",
         "connect",
         "inject",
         "unpatch",
         "disconnect",
+        "test_serial",
+        "file_list",
+        "file_stat",
+        "file_download",
         "mem_read",
         "mem_write",
         "mem_dump"
       ]
     }
   }
-}
+}

.kiro/steering/mcp-fpbinject.md

@@ -4,13 +4,14 @@ inclusion: auto
 
 # FPBInject MCP Server
 
-项目内置 MCP server（`Tools/WebServer/fpb_mcp_server.py`），提供 20 个 tools 用于 ARM 固件分析和运行时注入。
+项目内置 MCP server（`Tools/WebServer/fpb_mcp_server.py`），提供 21 个 tools 用于 ARM 固件分析和运行时注入。
 
 ## Tools 一览
 
 | 类别 | Tool | 说明 |
 |------|------|------|
-| 离线 | `search` | 按名称搜索符号表 |
+| 离线 | `search` | 按名称搜索函数（最多 20 个结果） |
+| 离线 | `get_symbols` | 获取完整符号表（支持过滤和限制数量） |
 | 离线 | `analyze` | 分析函数（地址、签名、汇编行数） |
 | 离线 | `disasm` | 反汇编函数 |
 | 离线 | `decompile` | Ghidra 反编译（需安装） |
@@ -33,7 +34,7 @@ inclusion: auto
 
 ## 使用流程
 
-1. 用 `search` / `analyze` / `disasm` 了解目标函数
+1. 用 `search` / `get_symbols` / `analyze` / `disasm` 了解目标函数
 2. 编写补丁 `.c` 文件（必须含 `/* FPB_INJECT */` 标记）
 3. `compile_patch` 离线验证编译
 4. `connect` → `inject` → `serial_read` 观察效果

Docs/CLI.md

@@ -27,10 +27,16 @@ fpb_cli.py [OPTIONS] <command> [args...]
 
 Options:
   -v, --verbose              Enable verbose output
+  --version                  Show version
   --port, -p <device>        Serial port (e.g., /dev/ttyACM0, COM3)
   --baudrate, -b <rate>      Serial baudrate (default: 115200)
   --elf <path>               Path to ELF file (global default)
   --compile-commands <path>  Path to compile_commands.json
+  --tx-chunk-size <bytes>    TX chunk size for serial commands (0=disabled, default: 0)
+  --tx-chunk-delay <secs>    Delay between TX chunks in seconds (default: 0.005)
+  --max-retries <num>        Maximum retry attempts for file transfer (default: 10)
+  --direct                   Force direct serial connection (skip WebServer proxy detection)
+  --server-url <url>         WebServer URL for proxy mode (default: http://localhost:5500)
 ```
 
 ## Commands
@@ -105,12 +111,40 @@ fpb_cli.py search <elf_path> <pattern>
 }
 ```
 
-#### 6. `compile` - Compile patch source (offline validation)
+#### 6. `get-symbols` - Get all symbols from ELF
+
+More comprehensive than `search` — returns all symbol types via `nm`, with optional filtering.
+
+```bash
+fpb_cli.py get-symbols <elf_path> [--filter <pattern>] [--limit <num>]
+```
+
+**Options:**
+- `--filter <pattern>` — Case-insensitive substring filter (default: all symbols)
+- `--limit <num>` — Maximum results, 0 for unlimited (default: 0)
+
+**Output:**
+```json
+{
+  "success": true,
+  "count": 3,
+  "total": 150,
+  "symbols": [
+    {"name": "gpio_init", "addr": "0x08001000", "type": "func"},
+    {"name": "gpio_pin_map", "addr": "0x08002000", "type": "other"}
+  ]
+}
+```
+
+#### 7. `compile` - Compile patch source (offline validation)
 
 ```bash
 fpb_cli.py compile <source_file> --elf <elf> --compile-commands <path> [--addr <base_addr>]
 ```
 
+**Options:**
+- `--addr <base_addr>` — Base address for patch code (default: 0x20001000)
+
 **Output:**
 ```json
 {
@@ -121,9 +155,25 @@ fpb_cli.py compile <source_file> --elf <elf> --compile-commands <path> [--addr <
 }
 ```
 
+### Connection Commands
+
+#### 8. `connect` - Connect to device
+
+```bash
+fpb_cli.py --port /dev/ttyACM0 connect
+```
+
+Establishes a serial connection. Required before any online command when using `--direct` mode.
+
+#### 9. `disconnect` - Disconnect from device
+
+```bash
+fpb_cli.py disconnect
+```
+
 ### Online Commands (Device Required)
 
-#### 7. `info` - Get device FPB info
+#### 10. `info` - Get device FPB info
 
 ```bash
 fpb_cli.py --port /dev/ttyACM0 info
@@ -141,7 +191,7 @@ fpb_cli.py --port /dev/ttyACM0 info
 }
 ```
 
-#### 8. `inject` - Inject patch to device
+#### 11. `inject` - Inject patch to device
 
 ```bash
 fpb_cli.py --port <device> --elf <elf> --compile-commands <path> \
@@ -178,13 +228,136 @@ fpb_cli.py --port /dev/ttyACM0 --elf firmware.elf \
 }
 ```
 
-#### 9. `unpatch` - Remove patch
+#### 12. `unpatch` - Remove patch
 
 ```bash
 fpb_cli.py --port /dev/ttyACM0 unpatch --comp <slot>
 fpb_cli.py --port /dev/ttyACM0 unpatch --all
 ```
 
+#### 13. `test-serial` - Test serial throughput
+
+3-phase probing to find optimal transfer parameters.
+
+```bash
+fpb_cli.py --port /dev/ttyACM0 test-serial [options]
+
+Options:
+  --start-size <bytes>  Starting test size (default: 16)
+  --max-size <bytes>    Maximum test size (default: 4096)
+  --timeout <secs>      Timeout per test (default: 2.0)
+```
+
+### Serial I/O Commands (Device Required)
+
+#### 14. `serial-send` - Send data to device
+
+```bash
+fpb_cli.py --port /dev/ttyACM0 serial-send <data> [options]
+
+Options:
+  --no-read          Don't read response after sending
+  --timeout <secs>   Response read timeout (default: 1.0)
+```
+
+**Output:**
+```json
+{
+  "success": true,
+  "sent": "ps",
+  "response": "  PID GROUP PRI POLICY   TYPE    NPX STATE   ..."
+}
+```
+
+> WARNING: Avoid sending `fl` commands directly — use `inject`/`unpatch`/`info` instead.
+
+#### 15. `serial-read` - Read serial output
+
+```bash
+fpb_cli.py --port /dev/ttyACM0 serial-read [options]
+
+Options:
+  --timeout <secs>   How long to wait for data (default: 1.0)
+  --lines <num>      Max log lines to return (default: 50)
+```
+
+**Output:**
+```json
+{
+  "success": true,
+  "new_data": "Patched: pin=13 val=1\r\n",
+  "log": ["Patched: pin=13 val=1"],
+  "log_count": 1,
+  "total_buffered": 1
+}
+```
+
+### Memory Access Commands (Device Required)
+
+#### 16. `mem-read` - Read device memory
+
+```bash
+fpb_cli.py --port /dev/ttyACM0 mem-read <addr> <length> [--fmt hex|raw|u32]
+```
+
+**Example:**
+```bash
+fpb_cli.py --port /dev/ttyACM0 mem-read 0x20000000 64 --fmt hex
+```
+
+#### 17. `mem-write` - Write to device memory
+
+```bash
+fpb_cli.py --port /dev/ttyACM0 mem-write <addr> <hex_data>
+```
+
+**Example:**
+```bash
+fpb_cli.py --port /dev/ttyACM0 mem-write 0x20001000 DEADBEEF01020304
+```
+
+#### 18. `mem-dump` - Dump memory to file
+
+```bash
+fpb_cli.py --port /dev/ttyACM0 mem-dump <addr> <length> <output_file>
+```
+
+**Example:**
+```bash
+fpb_cli.py --port /dev/ttyACM0 mem-dump 0x20000000 4096 /tmp/ram.bin
+```
+
+### File Transfer Commands (Device Required)
+
+#### 19. `file-list` - List device directory
+
+```bash
+fpb_cli.py --port /dev/ttyACM0 file-list [path]
+```
+
+Default path is `/`.
+
+#### 20. `file-stat` - Get file info
+
+```bash
+fpb_cli.py --port /dev/ttyACM0 file-stat <path>
+```
+
+Returns size, modification time, and type (file/dir).
+
+#### 21. `file-download` - Download file from device
+
+```bash
+fpb_cli.py --port /dev/ttyACM0 file-download <remote_path> <local_path>
+```
+
+Transfers via chunked Base64 encoding with CRC verification.
+
+**Example:**
+```bash
+fpb_cli.py --port /dev/ttyACM0 file-download /data/log.bin /tmp/log.bin
+```
+
 ## Typical Workflow
 
 ```bash

Tools/WebServer/fpb_mcp_server.py

@@ -172,6 +172,26 @@ def search(elf_path: str, pattern: str) -> dict:
     return _capture_cli_output(cli.search, elf_path, pattern)
 
 
+@mcp.tool()
+def get_symbols(
+    elf_path: str,
+    pattern: str = "",
+    limit: int = 0,
+) -> dict:
+    """Get all symbols from an ELF binary via nm.
+
+    Returns a complete symbol list with optional filtering and limiting.
+    More comprehensive than search() - includes all symbol types, not just functions.
+
+    Args:
+        elf_path: Path to the ELF firmware file
+        pattern: Filter pattern (case-insensitive substring match, default: "" for all)
+        limit: Maximum number of results (0 for unlimited, default: 0)
+    """
+    cli = _get_cli(elf_path=elf_path)
+    return _capture_cli_output(cli.get_symbols, elf_path, pattern, limit)
+
+
 @mcp.tool()
 def compile_patch(
     source_file: str,
@@ -260,6 +280,7 @@ def inject(
     port: Optional[str] = None,
     patch_mode: str = "trampoline",
     comp: int = -1,
+    verify: bool = False,
 ) -> dict:
     """Inject a patch to replace a function on the device.
 
@@ -276,6 +297,7 @@ def inject(
         port: Serial port (uses existing connection if omitted)
         patch_mode: Patch mode - trampoline, debugmon, or direct (default: trampoline)
         comp: FPB slot number, -1 for auto-assign (default: -1)
+        verify: Verify patch after injection (default: False)
     """
     cli = _get_cli(port=port, elf_path=elf_path, compile_commands=compile_commands)
     return _capture_cli_output(
@@ -286,6 +308,7 @@ def inject(
         compile_commands,
         patch_mode,
         comp,
+        verify,
     )
 
 
@@ -311,6 +334,7 @@ def test_serial(
     port: Optional[str] = None,
     start_size: int = 16,
     max_size: int = 4096,
+    timeout: float = 2.0,
 ) -> dict:
     """Test serial throughput with 3-phase probing to find optimal parameters.
 
@@ -325,9 +349,10 @@ def test_serial(
         port: Serial port (uses existing connection if omitted)
         start_size: Starting test size in bytes for upload probe (default: 16)
         max_size: Maximum test size in bytes for upload probe (default: 4096)
+        timeout: Timeout per test in seconds (default: 2.0)
     """
     cli = _get_cli(port=port)
-    return _capture_cli_output(cli.test_serial, start_size, max_size)
+    return _capture_cli_output(cli.test_serial, start_size, max_size, timeout)
 
 
 # ============================================================