fix(hub): fix hub config wiring and volume expansion in client

Makefile

@@ -1,4 +1,4 @@
-.PHONY: help install sync format lint typecheck test build-modules clean
+.PHONY: help install sync format lint typecheck test build-modules build-hub-images clean
 
 SHELL := /bin/bash
 
@@ -12,8 +12,9 @@ help:
 	@echo "  make lint          - Lint code with ruff"
 	@echo "  make typecheck     - Type check with mypy"
 	@echo "  make test          - Run all tests"
-	@echo "  make build-modules - Build all module container images"
-	@echo "  make clean         - Clean build artifacts"
+	@echo "  make build-modules     - Build all module container images"
+	@echo "  make build-hub-images  - Build all mcp-security-hub images"
+	@echo "  make clean             - Clean build artifacts"
 	@echo ""
 
 # Install all dependencies
@@ -93,6 +94,10 @@ build-modules:
 	@echo ""
 	@echo "✓ All modules built successfully!"
 
+# Build all mcp-security-hub images for the firmware analysis pipeline
+build-hub-images:
+	@bash scripts/build-hub-images.sh
+
 # Clean build artifacts
 clean:
 	find . -type d -name "__pycache__" -exec rm -rf {} + 2>/dev/null || true

fuzzforge-cli/src/fuzzforge_cli/commands/mcp.py

@@ -185,6 +185,8 @@ def _generate_mcp_config(
             "FUZZFORGE_ENGINE__TYPE": engine_type,
             "FUZZFORGE_ENGINE__GRAPHROOT": str(graphroot),
             "FUZZFORGE_ENGINE__RUNROOT": str(runroot),
+            "FUZZFORGE_HUB__ENABLED": "true",
+            "FUZZFORGE_HUB__CONFIG_PATH": str(fuzzforge_root / "hub-config.json"),
         },
     }
 
@@ -454,6 +456,7 @@ def install(
     console.print(f"  Modules Path:  {resolved_modules}")
     console.print(f"  Engine:        {engine}")
     console.print(f"  Socket:        {socket}")
+    console.print(f"  Hub Config:    {fuzzforge_root / 'hub-config.json'}")
     console.print()
 
     console.print("[bold]Next steps:[/bold]")

fuzzforge-common/src/fuzzforge_common/hub/client.py

@@ -13,6 +13,7 @@ from __future__ import annotations
 
 import asyncio
 import json
+import os
 import subprocess
 from contextlib import asynccontextmanager
 from typing import TYPE_CHECKING, Any, cast
@@ -242,7 +243,7 @@ class HubClient:
 
         # Add volumes
         for volume in config.volumes:
-            cmd.extend(["-v", volume])
+            cmd.extend(["-v", os.path.expanduser(volume)])
 
         # Add environment variables
         for key, value in config.environment.items():

hub-config.json

@@ -0,0 +1,105 @@
+{
+  "servers": [
+    {
+      "name": "nmap-mcp",
+      "description": "Network reconnaissance using Nmap - port scanning, service detection, OS fingerprinting",
+      "type": "docker",
+      "image": "nmap-mcp:latest",
+      "category": "reconnaissance",
+      "capabilities": ["NET_RAW"],
+      "enabled": true
+    },
+    {
+      "name": "binwalk-mcp",
+      "description": "Firmware extraction and analysis using Binwalk - file signatures, entropy analysis, embedded file extraction",
+      "type": "docker",
+      "image": "binwalk-mcp:latest",
+      "category": "binary-analysis",
+      "capabilities": [],
+      "volumes": ["~/.fuzzforge/hub/workspace:/data"],
+      "enabled": true
+    },
+    {
+      "name": "yara-mcp",
+      "description": "Pattern matching and malware classification using YARA rules",
+      "type": "docker",
+      "image": "yara-mcp:latest",
+      "category": "binary-analysis",
+      "capabilities": [],
+      "volumes": ["~/.fuzzforge/hub/workspace:/data"],
+      "enabled": true
+    },
+    {
+      "name": "capa-mcp",
+      "description": "Static capability detection using capa - identifies malware capabilities in binaries",
+      "type": "docker",
+      "image": "capa-mcp:latest",
+      "category": "binary-analysis",
+      "capabilities": [],
+      "volumes": ["~/.fuzzforge/hub/workspace:/data"],
+      "enabled": true
+    },
+    {
+      "name": "radare2-mcp",
+      "description": "Binary analysis and reverse engineering using radare2",
+      "type": "docker",
+      "image": "radare2-mcp:latest",
+      "category": "binary-analysis",
+      "capabilities": [],
+      "volumes": ["~/.fuzzforge/hub/workspace:/data"],
+      "enabled": true
+    },
+    {
+      "name": "ghidra-mcp",
+      "description": "Advanced binary decompilation and reverse engineering using Ghidra",
+      "type": "docker",
+      "image": "ghcr.io/clearbluejar/pyghidra-mcp:latest",
+      "category": "binary-analysis",
+      "capabilities": [],
+      "volumes": ["~/.fuzzforge/hub/workspace:/data"],
+      "enabled": true
+    },
+    {
+      "name": "searchsploit-mcp",
+      "description": "CVE and exploit search using SearchSploit / Exploit-DB",
+      "type": "docker",
+      "image": "searchsploit-mcp:latest",
+      "category": "exploitation",
+      "capabilities": [],
+      "volumes": ["~/.fuzzforge/hub/workspace:/data"],
+      "enabled": true
+    },
+    {
+      "name": "nuclei-mcp",
+      "description": "Vulnerability scanning using Nuclei templates",
+      "type": "docker",
+      "image": "nuclei-mcp:latest",
+      "category": "web-security",
+      "capabilities": ["NET_RAW"],
+      "volumes": ["~/.fuzzforge/hub/workspace:/data"],
+      "enabled": true
+    },
+    {
+      "name": "trivy-mcp",
+      "description": "Container and filesystem vulnerability scanning using Trivy",
+      "type": "docker",
+      "image": "trivy-mcp:latest",
+      "category": "cloud-security",
+      "capabilities": [],
+      "volumes": ["~/.fuzzforge/hub/workspace:/data"],
+      "enabled": true
+    },
+    {
+      "name": "gitleaks-mcp",
+      "description": "Secret and credential detection in code and firmware using Gitleaks",
+      "type": "docker",
+      "image": "gitleaks-mcp:latest",
+      "category": "secrets",
+      "capabilities": [],
+      "volumes": ["~/.fuzzforge/hub/workspace:/data"],
+      "enabled": true
+    }
+  ],
+  "default_timeout": 300,
+  "cache_tools": true
+}