Files
CyberStrikeAI/docs/en-US/mcp-federation.md
T
2026-07-07 14:04:18 +08:00

87 lines
1.9 KiB
Markdown

# MCP Federation
[中文](../zh-CN/mcp-federation.md)
CyberStrikeAI uses MCP as the primary tool protocol. Tools can be built-in, YAML-backed, Skill-local, or provided by external MCP servers.
## Built-In MCP
The internal MCP server registers:
- YAML command tools;
- security execution tools;
- knowledge tools;
- project fact tools;
- C2 tools;
- WebShell tools;
- batch task tools;
- vision analysis.
Agents usually call these internally without extra setup.
## HTTP MCP
```yaml
mcp:
enabled: true
host: 0.0.0.0
port: 8081
auth_header: "X-MCP-Token"
auth_header_value: "random-secret"
```
Always set an auth value and restrict network access.
## External MCP Lifecycle
1. Register config: name, type, command/URL, environment.
2. Start connection: stdio process or HTTP/SSE client.
3. Pull tool list: names, descriptions, schemas.
4. Expose to Agent: affected by role, tool_search, HITL.
5. Execute: validate args, call, monitor.
6. Recover: handle process/network failure.
7. Stop/delete: remove runtime and config.
Debug by locating the failed step.
## Tool Naming
Good names are stable, specific, and action-object oriented:
```text
burp_send_to_repeater
asset_lookup_domain
cloud_list_public_buckets
```
Avoid:
```text
run
execute
scan
tool1
```
Specific names improve tool_search and reduce misuse.
## Security Review
Before connecting an external MCP, ask:
- Can it read/write local files?
- Can it execute commands?
- What network does it access?
- Does it send data to third parties?
- Are tool descriptions trustworthy?
- Can output contain prompt injection?
- Should it run under a separate OS user or container?
## Source Anchors
- External manager: `internal/mcp/external_manager.go`
- Recovery: `internal/mcp/connection_recovery.go`
- Tool adapter: `internal/einomcp/mcp_tools.go`
- Handler: `internal/handler/external_mcp.go`
- Invoke notification: `internal/einomcp/tool_invoke_notify.go`