[OSPP] Implement a mcp server to run any scripts or commands securely#3547
Merged
Aias00 merged 52 commits intoapache:masterfrom Sep 22, 2025
Merged
[OSPP] Implement a mcp server to run any scripts or commands securely#3547Aias00 merged 52 commits intoapache:masterfrom
Aias00 merged 52 commits intoapache:masterfrom
Conversation
1. Add a tool to get the available shell in unix-like machine. 2. Support powershell and script execution
Dev: version 0.1
tomsun28
changed the title
Validator will check the whitelist firstly and then check the blacklist. Add some comment in config.toml. Whitelist have 'commands' and 'regex' settings, validator full matches the commands and uses the rust crate `regex` to match strings in 'regex'
Contributor
Author
|
Latest developments:
Unit tests will be added soon. |
**Summary** Added 67 unit tests covering all core modules with 100% pass rate. **Test Coverage** - **Config (6 tests)**: TOML parsing, validation, error handling - **Validator (13 tests)**: Command security, whitelist/blacklist, regex patterns - **OAuth (17 tests)**: Authentication flow, token management, security validation - **Bash Server (17 tests)**: Command execution, timeout handling, serialization - **Main (9 tests)**: HTTP handlers, middleware, OAuth mock tests - **Additional OAuth Mock (5 tests)**: Store functionality, authorization flow, token exchange, middleware, error handling
Aias00
requested changes
Aug 18, 2025
yexuanyang
commented
Aug 19, 2025
yexuanyang
commented
Aug 19, 2025
Co-authored-by: Yang Yexuan <yyxrust@bupt.edu.cn> Signed-off-by: aias00 <liuhongyu@apache.org>
Co-authored-by: Yang Yexuan <yyxrust@bupt.edu.cn> Signed-off-by: aias00 <liuhongyu@apache.org>
Aias00
requested changes
Aug 31, 2025
Contributor
|
add ci test for ur code, pls |
Contributor
Author
|
I have added CI tests |
Contributor
|
hi, codecov is no needed, remove this for fixing ci |
Contributor
Author
|
I didn't add the backend-build workflow which has codecov action and I don't know why these code can not pass the check. |
Contributor
Author
|
It seems to be the bug in action codecov@v4, read this codecov/codecov-action#1280 . Retry the check maybe ok. |
Contributor
Author
|
Maybe try changing the codecov-action to |
Contributor
rerun it, and ci passed 😂 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What's changed?
Hello, everyone! Currently, we are looking at monitoring data or alarm data on hertzbeat platform, but we can't make the next step such as automatic recovery, automatic repair, etc. for alarm data or collected data. Now with AI's capabilities, we can automate monitoring and alerting with the help of AI, which generates and decides on its own the repair scripts or tasks for abnormal services on the other end based on the alert information, monitoring information, etc., and then calls the mcp server deployed on the other end to execute them. So I wrote a mcp server and put it under the
mcp-serversfolder, other mcp servers can be put into this same directory, so that it is easy to add new mcp servers to hertzbeat.This mcp server currently accomplishes the following:
#!ASCII text executable file in unix-like os using shibang#!in the header, windowsbatformat is not tested.Some things that need to be done in the future:
Sorry, this pr might be a bit big, I'll try to work with reviewer to ease the pain of review.
Checklist