CalvinBackup/fuzzforge_ai
1
0
Fork 0
mirror of https://github.com/FuzzingLabs/fuzzforge_ai.git synced 2026-04-09 17:42:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: CalvinBackup:feature/tui-agent-setup
Branches Tags
CalvinBackup:master CalvinBackup:feat/rename-secpipe CalvinBackup:feat/report-generation CalvinBackup:feat/skill-packs CalvinBackup:feat/artifact-management CalvinBackup:feat/workflow-hints CalvinBackup:dev CalvinBackup:fix/modules-build-command CalvinBackup:feature/tui-agent-setup CalvinBackup:refactor/remove-module-system-use-mcp-tools CalvinBackup:feature/hub-integration CalvinBackup:fix/fuzzforge-ai-onboarding CalvinBackup:features/hub-integration CalvinBackup:cleanup/remove-dead-code CalvinBackup:fuzzforge-ai-new-version CalvinBackup:fix/cross-platform-improvements CalvinBackup:feature/cognee-ladybug-s3 CalvinBackup:feature/native-findings-format-rebased CalvinBackup:feature/native-findings-format CalvinBackup:chore-code-quality CalvinBackup:fix/a2a-agent-discovery CalvinBackup:test/automated-workflow-testing CalvinBackup:ci/worker-validation-and-docker-builds CalvinBackup:feature/llm-proxy CalvinBackup:docs/update-temporal-architecture CalvinBackup:feature/ai_module CalvinBackup:feat/artifact_transfer CalvinBackup:feature/cognee-service CalvinBackup:feat/android_workflow CalvinBackup:fix/config-command-routing
CalvinBackup:v0.8.0 CalvinBackup:v0.7.2 CalvinBackup:v0.7.0
...
compare: CalvinBackup:feat/rename-secpipe
Branches Tags
CalvinBackup:master CalvinBackup:feat/rename-secpipe CalvinBackup:feat/report-generation CalvinBackup:feat/skill-packs CalvinBackup:feat/artifact-management CalvinBackup:feat/workflow-hints CalvinBackup:dev CalvinBackup:fix/modules-build-command CalvinBackup:feature/tui-agent-setup CalvinBackup:refactor/remove-module-system-use-mcp-tools CalvinBackup:feature/hub-integration CalvinBackup:fix/fuzzforge-ai-onboarding CalvinBackup:features/hub-integration CalvinBackup:cleanup/remove-dead-code CalvinBackup:fuzzforge-ai-new-version CalvinBackup:fix/cross-platform-improvements CalvinBackup:feature/cognee-ladybug-s3 CalvinBackup:feature/native-findings-format-rebased CalvinBackup:feature/native-findings-format CalvinBackup:chore-code-quality CalvinBackup:fix/a2a-agent-discovery CalvinBackup:test/automated-workflow-testing CalvinBackup:ci/worker-validation-and-docker-builds CalvinBackup:feature/llm-proxy CalvinBackup:docs/update-temporal-architecture CalvinBackup:feature/ai_module CalvinBackup:feat/artifact_transfer CalvinBackup:feature/cognee-service CalvinBackup:feat/android_workflow CalvinBackup:fix/config-command-routing
CalvinBackup:v0.8.0 CalvinBackup:v0.7.2 CalvinBackup:v0.7.0

36 Commits
feature/tu ... feat/renam

Author SHA1 Message Date
AFredefon
be009a4094 rename: FuzzForge → SecPipe 
Rename the entire project from FuzzForge to SecPipe:
- Python packages: fuzzforge_cli → secpipe_cli, fuzzforge_common → secpipe_common,
  fuzzforge_mcp → secpipe_mcp, fuzzforge_tests → secpipe_tests
- Directories: fuzzforge-cli → secpipe-cli, fuzzforge-common → secpipe-common,
  fuzzforge-mcp → secpipe-mcp, fuzzforge-tests → secpipe-tests
- Environment variables: FUZZFORGE_* → SECPIPE_*
- MCP server name: SecPipe MCP Server
- CI workflows, Makefile, Dockerfile, hub-config, NOTICE updated
- Fix mcp-server.yml to use uvicorn secpipe_mcp.application:app
 2026-04-09 04:10:46 +02:00
AFredefon
bbf864e88b Merge pull request #55 from FuzzingLabs/feat/report-generation 
feat: implement report generation
 2026-04-08 03:14:45 +02:00
AFredefon
d04797b21d Merge pull request #54 from FuzzingLabs/feat/skill-packs 
feat: implement skill packs system
 2026-04-08 03:10:47 +02:00
AFredefon
0ea8c4bd1d Merge pull request #53 from FuzzingLabs/feat/artifact-management 
feat: implement artifact management tools
 2026-04-08 03:09:31 +02:00
AFredefon
af7532c811 Merge pull request #52 from FuzzingLabs/feat/workflow-hints 
feat: implement workflow suggestions pipeline
 2026-04-08 03:08:52 +02:00
AFredefon
0d410bd5b4 feat: implement report generation 2026-04-07 16:25:36 +02:00
AFredefon
d3a20b3846 feat: implement skill packs system 2026-04-07 16:12:14 +02:00
AFredefon
664278da3f feat: implement artifact management tools 2026-04-07 16:06:47 +02:00
AFredefon
9374fd3aee feat: implement workflow suggestions pipeline 2026-04-07 01:50:21 +02:00
tduhamel42
01e6bc3fb1 docs: rename FuzzForge to SecPipe in all markdown files 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-03 14:04:49 +02:00
tduhamel42
b634214e01 Update README.md 2026-04-03 13:52:06 +02:00
AFredefon
e7022c2c82 Merge pull request #48 from FuzzingLabs/dev 2026-03-17 08:15:42 +01:00
AFredefon
2e96517d11 chore: reset hub-config.json to empty default and gitignore it 2026-03-17 08:08:31 +01:00
AFredefon
575b90f8d4 docs: rewrite README for hub-centric architecture, remove demo GIFs 2026-03-17 07:58:26 +01:00
AFredefon
c59b6ba81a fix(mcp): fix mypy type error in executions resource and improve tool docstrings 2026-03-17 04:21:06 +01:00
AFredefon
a51c495d34 feat(mcp): update application instructions and hub config 2026-03-16 02:10:16 +01:00
AFredefon
7924e44245 feat(hub): volume mounts, get_agent_context convention, category filter 2026-03-16 02:09:04 +01:00
AFredefon
a824809294 feat(mcp): add project assets storage and output directory management 2026-03-16 02:08:20 +01:00
AFredefon
07c32de294 Merge pull request #46 from FuzzingLabs/dev 
Refactor hub integration and enhance TUI with new features
 2026-03-11 08:07:05 +01:00
AFredefon
bc5e9373ce fix: document mount paths in execute_hub_tool and inject volumes into persistent sessions 2026-03-11 07:55:58 +01:00
AFredefon
73a0170d65 fix: resolve mypy type errors in TUI app and build_log screen 2026-03-11 07:09:58 +01:00
AFredefon
6cdd0caec0 fix: suppress BLE001 for intentional broad catch in execute_hub_tool 2026-03-11 07:00:25 +01:00
AFredefon
462f6ed408 fix: resolve ruff lint errors in TUI modules 2026-03-11 06:57:38 +01:00
AFredefon
9cfbc29677 fix: add noqa for optional git URL fetch exception 2026-03-11 06:49:37 +01:00
AFredefon
6ced81affc fix: inject project assets as Docker volume mounts in execute_hub_tool 2026-03-11 06:46:51 +01:00
AFredefon
b975d285c6 tui: fix single-click buttons and double-modal push 2026-03-11 05:30:29 +01:00
AFredefon
1891a43189 tui: background image builds with live log viewer 2026-03-11 04:42:25 +01:00
AFredefon
a3441676a3 tui: in-UI image building, hub registry auto-recovery, clean hub-config 2026-03-11 03:02:36 +01:00
AFredefon
f192771b9b fix: improve new user experience and docs 2026-03-11 02:20:18 +01:00
AFredefon
976947cf5c feat: add FUZZFORGE_USER_DIR env var to override user-global data dir 2026-03-11 02:09:06 +01:00
AFredefon
544569ddbd fix: use ~/.fuzzforge for user-global data, keep workspace .fuzzforge for project storage 2026-03-11 02:04:51 +01:00
AFredefon
6f967fff63 fix: find_fuzzforge_root searches cwd first instead of __file__ 2026-03-11 01:41:47 +01:00
AFredefon
47c254e2bd fix: add workspace packages as root deps so uv sync installs everything 2026-03-11 01:32:17 +01:00
AFredefon
b137f48e7f fix(ci): use uv sync 2026-03-11 01:17:43 +01:00
AFredefon
f8002254e5 ci: add GitHub Actions workflows with lint, typecheck and tests 2026-03-11 01:13:35 +01:00
AFredefon
f2dca0a7e7 Merge pull request #45 from FuzzingLabs/feature/tui-agent-setup 
feat(tui): add terminal UI with hub and agent management
 2026-03-10 04:11:50 +01:00
132 changed files with 3774 additions and 1557 deletions
Expand all files Collapse all files

86
.github/workflows/ci.yml vendored Normal file
View File

@@ -0,0 +1,86 @@
name: CI
on:
push:
branches: [main, dev, feature/*]
pull_request:
branches: [main, dev]
workflow_dispatch:
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v5
with:
version: "latest"
- name: Set up Python
run: uv python install 3.14
- name: Install dependencies
run: uv sync
- name: Ruff check (secpipe-cli)
run: |
cd secpipe-cli
uv run --extra lints ruff check src/
- name: Ruff check (secpipe-mcp)
run: |
cd secpipe-mcp
uv run --extra lints ruff check src/
- name: Ruff check (secpipe-common)
run: |
cd secpipe-common
uv run --extra lints ruff check src/
- name: Mypy type check (secpipe-cli)
run: |
cd secpipe-cli
uv run --extra lints mypy src/
- name: Mypy type check (secpipe-mcp)
run: |
cd secpipe-mcp
uv run --extra lints mypy src/
# NOTE: Mypy check for secpipe-common temporarily disabled
# due to 37 pre-existing type errors in legacy code.
# TODO: Fix type errors and re-enable strict checking
#- name: Mypy type check (secpipe-common)
# run: |
# cd secpipe-common
# uv run --extra lints mypy src/
test:
name: Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v5
with:
version: "latest"
- name: Set up Python
run: uv python install 3.14
- name: Install dependencies
run: uv sync --all-extras
- name: Run MCP tests
run: |
cd secpipe-mcp
uv run --extra tests pytest -v
- name: Run common tests
run: |
cd secpipe-common
uv run --extra tests pytest -v

49
.github/workflows/mcp-server.yml vendored Normal file
View File

@@ -0,0 +1,49 @@
name: MCP Server Smoke Test
on:
push:
branches: [main, dev]
pull_request:
branches: [main, dev]
workflow_dispatch:
jobs:
mcp-server:
name: MCP Server Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v5
with:
version: "latest"
- name: Set up Python
run: uv python install 3.14
- name: Install dependencies
run: uv sync --all-extras
- name: Start MCP server in background
run: |
cd secpipe-mcp
nohup uv run uvicorn secpipe_mcp.application:app --host 127.0.0.1 --port 8000 > server.log 2>&1 &
echo $! > server.pid
sleep 3
- name: Run MCP tool tests
run: |
cd secpipe-mcp
uv run --extra tests pytest tests/test_resources.py -v
- name: Stop MCP server
if: always()
run: |
if [ -f secpipe-mcp/server.pid ]; then
kill $(cat secpipe-mcp/server.pid) || true
fi
- name: Show server logs
if: failure()
run: cat secpipe-mcp/server.log || true

4
.gitignore vendored
View File

@@ -10,3 +10,7 @@ __pycache__
# Podman/Docker container storage artifacts
~/.fuzzforge/
# User-specific hub config (generated at runtime)
hub-config.json
*.egg-info/

88
CONTRIBUTING.md
View File

@@ -1,8 +1,8 @@
# Contributing to FuzzForge AI
# Contributing to SecPipe AI
Thank you for your interest in contributing to FuzzForge AI! We welcome contributions from the community and are excited to collaborate with you.
Thank you for your interest in contributing to SecPipe AI! We welcome contributions from the community and are excited to collaborate with you.
**Our Vision**: FuzzForge aims to be a **universal platform for security research** across all cybersecurity domains. Through our modular architecture, any security tool—from fuzzing engines to cloud scanners, from mobile app analyzers to IoT security tools—can be integrated as a containerized module and controlled via AI agents.
**Our Vision**: SecPipe aims to be a **universal platform for security research** across all cybersecurity domains. Through our modular architecture, any security tool—from fuzzing engines to cloud scanners, from mobile app analyzers to IoT security tools—can be integrated as a containerized module and controlled via AI agents.
## Ways to Contribute
@@ -13,7 +13,7 @@ Thank you for your interest in contributing to FuzzForge AI! We welcome contribu
- **Documentation** - Improve guides, tutorials, and module documentation
- **Testing** - Help test new features and report issues
- **AI Integration** - Improve MCP tools and AI agent interactions
- **Tool Integrations** - Wrap existing security tools as FuzzForge modules
- **Tool Integrations** - Wrap existing security tools as SecPipe modules
## Contribution Guidelines
@@ -71,13 +71,13 @@ test(runner): add container execution tests
3. **Test Your Changes**
```bash
# Test modules
FUZZFORGE_MODULES_PATH=./fuzzforge-modules uv run fuzzforge modules list
SECPIPE_MODULES_PATH=./secpipe-modules uv run secpipe modules list
# Run a module
uv run fuzzforge modules run your-module --assets ./test-assets
uv run secpipe modules run your-module --assets ./test-assets
# Test MCP integration (if applicable)
uv run fuzzforge mcp status
uv run secpipe mcp status
```
4. **Submit Pull Request**
@@ -88,11 +88,11 @@ test(runner): add container execution tests
## Module Development
FuzzForge uses a modular architecture where security tools run as isolated containers. The `fuzzforge-modules-sdk` provides everything you need to create new modules.
SecPipe uses a modular architecture where security tools run as isolated containers. The `secpipe-modules-sdk` provides everything you need to create new modules.
**Documentation:**
- [Module SDK Documentation](fuzzforge-modules/fuzzforge-modules-sdk/README.md) - Complete SDK reference
- [Module Template](fuzzforge-modules/fuzzforge-module-template/) - Starting point for new modules
- [Module SDK Documentation](secpipe-modules/secpipe-modules-sdk/README.md) - Complete SDK reference
- [Module Template](secpipe-modules/secpipe-module-template/) - Starting point for new modules
- [USAGE Guide](USAGE.md) - Setup and installation instructions
### Creating a New Module
@@ -100,8 +100,8 @@ FuzzForge uses a modular architecture where security tools run as isolated conta
1. **Use the Module Template**
```bash
# Generate a new module from template
cd fuzzforge-modules/
cp -r fuzzforge-module-template my-new-module
cd secpipe-modules/
cp -r secpipe-module-template my-new-module
cd my-new-module
```
@@ -127,8 +127,8 @@ FuzzForge uses a modular architecture where security tools run as isolated conta
Edit `src/module/mod.py`:
```python
from fuzzforge_modules_sdk.api.modules import BaseModule
from fuzzforge_modules_sdk.api.models import ModuleResult
from secpipe_modules_sdk.api.modules import BaseModule
from secpipe_modules_sdk.api.models import ModuleResult
from .models import MyModuleConfig, MyModuleOutput
class MyModule(BaseModule[MyModuleConfig, MyModuleOutput]):
@@ -157,7 +157,7 @@ FuzzForge uses a modular architecture where security tools run as isolated conta
Edit `src/module/models.py`:
```python
from pydantic import BaseModel, Field
from fuzzforge_modules_sdk.api.models import BaseModuleConfig, BaseModuleOutput
from secpipe_modules_sdk.api.models import BaseModuleConfig, BaseModuleOutput
class MyModuleConfig(BaseModuleConfig):
"""Configuration for your module."""
@@ -173,31 +173,31 @@ FuzzForge uses a modular architecture where security tools run as isolated conta
5. **Build Your Module**
```bash
# Build the SDK first (if not already done)
cd ../fuzzforge-modules-sdk
cd ../secpipe-modules-sdk
uv build
mkdir -p .wheels
cp ../../dist/fuzzforge_modules_sdk-*.whl .wheels/
cp ../../dist/secpipe_modules_sdk-*.whl .wheels/
cd ../..
docker build -t localhost/fuzzforge-modules-sdk:0.1.0 fuzzforge-modules/fuzzforge-modules-sdk/
docker build -t localhost/secpipe-modules-sdk:0.1.0 secpipe-modules/secpipe-modules-sdk/
# Build your module
cd fuzzforge-modules/my-new-module
docker build -t fuzzforge-my-new-module:0.1.0 .
cd secpipe-modules/my-new-module
docker build -t secpipe-my-new-module:0.1.0 .
```
6. **Test Your Module**
```bash
# Run with test assets
uv run fuzzforge modules run my-new-module --assets ./test-assets
uv run secpipe modules run my-new-module --assets ./test-assets
# Check module info
uv run fuzzforge modules info my-new-module
uv run secpipe modules info my-new-module
```
### Module Development Guidelines
**Important Conventions:**
- **Input/Output**: Use `/fuzzforge/input` for assets and `/fuzzforge/output` for results
- **Input/Output**: Use `/secpipe/input` for assets and `/secpipe/output` for results
- **Configuration**: Support JSON configuration via stdin or file
- **Logging**: Use structured logging (structlog is pre-configured)
- **Error Handling**: Return proper exit codes and error messages
@@ -206,12 +206,12 @@ FuzzForge uses a modular architecture where security tools run as isolated conta
- **Dependencies**: Minimize container size, use multi-stage builds
**See also:**
- [Module SDK API Reference](fuzzforge-modules/fuzzforge-modules-sdk/src/fuzzforge_modules_sdk/api/)
- [Module SDK API Reference](secpipe-modules/secpipe-modules-sdk/src/secpipe_modules_sdk/api/)
- [Dockerfile Best Practices](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/)
### Module Types
FuzzForge is designed to support modules across **all cybersecurity domains**. The modular architecture allows any security tool to be containerized and integrated. Here are the main categories:
SecPipe is designed to support modules across **all cybersecurity domains**. The modular architecture allows any security tool to be containerized and integrated. Here are the main categories:
**Application Security**
- Fuzzing engines (coverage-guided, grammar-based, mutation-based)
@@ -273,8 +273,8 @@ FuzzForge is designed to support modules across **all cybersecurity domains**. T
```python
# src/module/mod.py
from pathlib import Path
from fuzzforge_modules_sdk.api.modules import BaseModule
from fuzzforge_modules_sdk.api.models import ModuleResult
from secpipe_modules_sdk.api.modules import BaseModule
from secpipe_modules_sdk.api.models import ModuleResult
from .models import ScannerConfig, ScannerOutput
class SecurityScanner(BaseModule[ScannerConfig, ScannerOutput]):
@@ -341,7 +341,7 @@ uv run pytest
## Contributing to Core Features
Beyond modules, you can contribute to FuzzForge's core components.
Beyond modules, you can contribute to SecPipe's core components.
**Useful Resources:**
- [Project Structure](README.md) - Overview of the codebase
@@ -350,18 +350,18 @@ Beyond modules, you can contribute to FuzzForge's core components.
### Core Components
- **fuzzforge-mcp** - MCP server for AI agent integration
- **fuzzforge-runner** - Module execution engine
- **fuzzforge-cli** - Command-line interface
- **fuzzforge-common** - Shared utilities and sandbox engines
- **fuzzforge-types** - Type definitions and schemas
- **secpipe-mcp** - MCP server for AI agent integration
- **secpipe-runner** - Module execution engine
- **secpipe-cli** - Command-line interface
- **secpipe-common** - Shared utilities and sandbox engines
- **secpipe-types** - Type definitions and schemas
### Development Setup
1. **Clone and Install**
```bash
git clone https://github.com/FuzzingLabs/fuzzforge_ai.git
cd fuzzforge_ai
git clone https://github.com/FuzzingLabs/secpipe_ai.git
cd secpipe_ai
uv sync --all-extras
```
@@ -371,7 +371,7 @@ Beyond modules, you can contribute to FuzzForge's core components.
make test
# Run specific package tests
cd fuzzforge-mcp
cd secpipe-mcp
uv run pytest
```
@@ -381,7 +381,7 @@ Beyond modules, you can contribute to FuzzForge's core components.
make typecheck
# Type check specific package
cd fuzzforge-runner
cd secpipe-runner
uv run mypy .
```
@@ -399,7 +399,7 @@ Beyond modules, you can contribute to FuzzForge's core components.
When reporting bugs, please include:
- **Environment**: OS, Python version, Docker version, uv version
- **FuzzForge Version**: Output of `uv run fuzzforge --version`
- **SecPipe Version**: Output of `uv run secpipe --version`
- **Module**: Which module or component is affected
- **Steps to Reproduce**: Clear steps to recreate the issue
- **Expected Behavior**: What should happen
@@ -419,7 +419,7 @@ When reporting bugs, please include:
**Module:** my-custom-scanner
**Steps to Reproduce:**
1. Run `uv run fuzzforge modules run my-scanner --assets ./test-target`
1. Run `uv run secpipe modules run my-scanner --assets ./test-target`
2. Module fails with timeout error
**Expected:** Module completes analysis
@@ -491,7 +491,7 @@ Brief description of what this module does.
## Usage
\`\`\`bash
uv run fuzzforge modules run module-name --assets ./path/to/assets
uv run secpipe modules run module-name --assets ./path/to/assets
\`\`\`
## Output
@@ -538,7 +538,7 @@ Before submitting a new module:
## License
By contributing to FuzzForge AI, you agree that your contributions will be licensed under the same license as the project (see [LICENSE](LICENSE)).
By contributing to SecPipe AI, you agree that your contributions will be licensed under the same license as the project (see [LICENSE](LICENSE)).
For module contributions:
- Modules you create remain under the project license
@@ -552,12 +552,12 @@ For module contributions:
Need help contributing?
- Join our [Discord](https://discord.gg/8XEX33UUwZ)
- Read the [Module SDK Documentation](fuzzforge-modules/fuzzforge-modules-sdk/README.md)
- Read the [Module SDK Documentation](secpipe-modules/secpipe-modules-sdk/README.md)
- Check the module template for examples
- Contact: contact@fuzzinglabs.com
---
**Thank you for making FuzzForge better!**
**Thank you for making SecPipe better!**
Every contribution, no matter how small, helps build a stronger security research platform. Whether you're creating a module for web security, cloud scanning, mobile analysis, or any other cybersecurity domain, your work makes FuzzForge more powerful and versatile for the entire security community!
Every contribution, no matter how small, helps build a stronger security research platform. Whether you're creating a module for web security, cloud scanning, mobile analysis, or any other cybersecurity domain, your work makes SecPipe more powerful and versatile for the entire security community!

14
Makefile
View File

@@ -4,7 +4,7 @@ SHELL := /bin/bash
# Default target
help:
@echo "FuzzForge AI Development Commands"
@echo "SecPipe AI Development Commands"
@echo ""
@echo " make install - Install all dependencies"
@echo " make sync - Sync shared packages from upstream"
@@ -20,17 +20,17 @@ help:
install:
uv sync
# Sync shared packages from upstream fuzzforge-core
# Sync shared packages from upstream secpipe-core
sync:
@if [ -z "$(UPSTREAM)" ]; then \
echo "Usage: make sync UPSTREAM=/path/to/fuzzforge-core"; \
echo "Usage: make sync UPSTREAM=/path/to/secpipe-core"; \
exit 1; \
fi
./scripts/sync-upstream.sh $(UPSTREAM)
# Format all packages
format:
@for pkg in packages/fuzzforge-*/; do \
@for pkg in packages/secpipe-*/; do \
if [ -f "$$pkg/pyproject.toml" ]; then \
echo "Formatting $$pkg..."; \
cd "$$pkg" && uv run ruff format . && cd -; \
@@ -39,7 +39,7 @@ format:
# Lint all packages
lint:
@for pkg in packages/fuzzforge-*/; do \
@for pkg in packages/secpipe-*/; do \
if [ -f "$$pkg/pyproject.toml" ]; then \
echo "Linting $$pkg..."; \
cd "$$pkg" && uv run ruff check . && cd -; \
@@ -48,7 +48,7 @@ lint:
# Type check all packages
typecheck:
@for pkg in packages/fuzzforge-*/; do \
@for pkg in packages/secpipe-*/; do \
if [ -f "$$pkg/pyproject.toml" ] && [ -f "$$pkg/mypy.ini" ]; then \
echo "Type checking $$pkg..."; \
cd "$$pkg" && uv run mypy . && cd -; \
@@ -57,7 +57,7 @@ typecheck:
# Run all tests
test:
@for pkg in packages/fuzzforge-*/; do \
@for pkg in packages/secpipe-*/; do \
if [ -f "$$pkg/pytest.ini" ]; then \
echo "Testing $$pkg..."; \
cd "$$pkg" && uv run pytest && cd -; \

4
NOTICE
View File

@@ -1,4 +1,4 @@
FuzzForge
SecPipe
Copyright (c) 2025 FuzzingLabs
This product includes software developed by FuzzingLabs (https://fuzzforge.ai).
@@ -7,6 +7,6 @@ Licensed under the Business Source License 1.1 (BSL).
After the Change Date (four years from the date of publication), this version
of the Licensed Work will be made available under the Apache License, Version 2.0.
You may not use the name "FuzzingLabs" or "FuzzForge" nor the names of its
You may not use the name "FuzzingLabs" or "SecPipe" nor the names of its
contributors to endorse or promote products derived from this software
without specific prior written permission.

275
README.md
View File

@@ -1,4 +1,4 @@
<h1 align="center"> FuzzForge AI</h1>
<h1 align="center">SecPipe</h1>
<h3 align="center">AI-Powered Security Research Orchestration via MCP</h3>
<p align="center">
@@ -6,7 +6,6 @@
<a href="LICENSE"><img src="https://img.shields.io/badge/license-BSL%201.1-blue" alt="License: BSL 1.1"></a>
<a href="https://www.python.org/downloads/"><img src="https://img.shields.io/badge/python-3.12%2B-blue" alt="Python 3.12+"/></a>
<a href="https://modelcontextprotocol.io"><img src="https://img.shields.io/badge/MCP-compatible-green" alt="MCP Compatible"/></a>
<a href="https://fuzzforge.ai"><img src="https://img.shields.io/badge/Website-fuzzforge.ai-purple" alt="Website"/></a>
</p>
<p align="center">
@@ -17,63 +16,68 @@
<sub>
<a href="#-overview"><b>Overview</b></a> •
<a href="#-features"><b>Features</b></a> •
<a href="#-mcp-security-hub"><b>Security Hub</b></a> •
<a href="#-installation"><b>Installation</b></a> •
<a href="USAGE.md"><b>Usage Guide</b></a> •
<a href="#-modules"><b>Modules</b></a> •
<a href="#-contributing"><b>Contributing</b></a>
</sub>
</p>
---
> 🚧 **FuzzForge AI is under active development.** Expect breaking changes and new features!
> 🚧 **SecPipe AI is under active development.** Expect breaking changes and new features!
---
## 🚀 Overview
**FuzzForge AI** is an open-source runtime that enables AI agents (GitHub Copilot, Claude, etc.) to orchestrate security research workflows through the **Model Context Protocol (MCP)**.
**SecPipe AI** is an open-source MCP server that enables AI agents (GitHub Copilot, Claude, etc.) to orchestrate security research workflows through the **Model Context Protocol (MCP)**.
### The Core: Modules
SecPipe connects your AI assistant to **MCP tool hubs** — collections of containerized security tools that the agent can discover, chain, and execute autonomously. Instead of manually running security tools, describe what you want and let your AI assistant handle it.
At the heart of FuzzForge are **modules** - containerized security tools that AI agents can discover, configure, and orchestrate. Each module encapsulates a specific security capability (static analysis, fuzzing, crash analysis, etc.) and runs in an isolated container.
### The Core: Hub Architecture
- **🔌 Plug & Play**: Modules are self-contained - just pull and run
- **🤖 AI-Native**: Designed for AI agent orchestration via MCP
- **🔗 Composable**: Chain modules together into automated workflows
- **📦 Extensible**: Build custom modules with the Python SDK
SecPipe acts as a **meta-MCP server** — a single MCP endpoint that gives your AI agent access to tools from multiple MCP hub servers. Each hub server is a containerized security tool (Binwalk, YARA, Radare2, Nmap, etc.) that the agent can discover at runtime.
FuzzForge AI handles module discovery, execution, and result collection. Security modules (developed separately) provide the actual security tooling - from static analyzers to fuzzers to crash triagers.
- **🔍 Discovery**: The agent lists available hub servers and discovers their tools
- **🤖 AI-Native**: Hub tools provide agent context — usage tips, workflow guidance, and domain knowledge
- **🔗 Composable**: Chain tools from different hubs into automated pipelines
- **📦 Extensible**: Add your own MCP servers to the hub registry
Instead of manually running security tools, describe what you want and let your AI assistant handle it.
### 🎬 Use Case: Firmware Vulnerability Research
> **Scenario**: Analyze a firmware image to find security vulnerabilities — fully automated by an AI agent.
```
User: "Search for vulnerabilities in firmware.bin"
Agent → Binwalk: Extract filesystem from firmware image
Agent → YARA: Scan extracted files for vulnerability patterns
Agent → Radare2: Trace dangerous function calls in prioritized binaries
Agent → Report: 8 vulnerabilities found (2 critical, 4 high, 2 medium)
```
### 🎬 Use Case: Rust Fuzzing Pipeline
> **Scenario**: Fuzz a Rust crate to discover vulnerabilities using AI-assisted harness generation and parallel fuzzing.
<table align="center">
<tr>
<th>1⃣ Analyze, Generate & Validate Harnesses</th>
<th>2⃣ Run Parallel Continuous Fuzzing</th>
</tr>
<tr>
<td><img src="assets/demopart2.gif" alt="FuzzForge Demo - Analysis Pipeline" width="100%"></td>
<td><img src="assets/demopart1.gif" alt="FuzzForge Demo - Parallel Fuzzing" width="100%"></td>
</tr>
<tr>
<td align="center"><sub>AI agent analyzes code, generates harnesses, and validates they compile</sub></td>
<td align="center"><sub>Multiple fuzzing sessions run in parallel with live metrics</sub></td>
</tr>
</table>
```
User: "Fuzz the blurhash crate for vulnerabilities"
Agent → Rust Analyzer: Identify fuzzable functions and attack surface
Agent → Harness Gen: Generate and validate fuzzing harnesses
Agent → Cargo Fuzzer: Run parallel coverage-guided fuzzing sessions
Agent → Crash Analysis: Deduplicate and triage discovered crashes
```
---
## ⭐ Support the Project
If you find FuzzForge useful, please **star the repo** to support development! 🚀
If you find SecPipe useful, please **star the repo** to support development! 🚀
<a href="https://github.com/FuzzingLabs/fuzzforge_ai/stargazers">
<img src="https://img.shields.io/github/stars/FuzzingLabs/fuzzforge_ai?style=social" alt="GitHub Stars">
<a href="https://github.com/FuzzingLabs/secpipe_ai/stargazers">
<img src="https://img.shields.io/github/stars/FuzzingLabs/secpipe_ai?style=social" alt="GitHub Stars">
</a>
---
@@ -82,13 +86,13 @@ If you find FuzzForge useful, please **star the repo** to support development!
| Feature | Description |
|---------|-------------|
| 🤖 **AI-Native** | Built for MCP - works with GitHub Copilot, Claude, and any MCP-compatible agent |
| 📦 **Containerized** | Each module runs in isolation via Docker or Podman |
| 🔄 **Continuous Mode** | Long-running tasks (fuzzing) with real-time metrics streaming |
| 🔗 **Workflows** | Chain multiple modules together in automated pipelines |
| 🛠️ **Extensible** | Create custom modules with the Python SDK |
| 🏠 **Local First** | All execution happens on your machine - no cloud required |
| 🔒 **Secure** | Sandboxed containers with no network access by default |
| 🤖 **AI-Native** | Built for MCP works with GitHub Copilot, Claude, and any MCP-compatible agent |
| 🔌 **Hub System** | Connect to MCP tool hubs — each hub brings dozens of containerized security tools |
| 🔍 **Tool Discovery** | Agents discover available tools at runtime with built-in usage guidance |
| 🔗 **Pipelines** | Chain tools from different hubs into automated multi-step workflows |
| 🔄 **Persistent Sessions** | Long-running tools (Radare2, fuzzers) with stateful container sessions |
| 🏠 **Local First** | All execution happens on your machine no cloud required |
| 🔒 **Sandboxed** | Every tool runs in an isolated container via Docker or Podman |
---
@@ -101,28 +105,58 @@ If you find FuzzForge useful, please **star the repo** to support development!
│ MCP Protocol (stdio)
┌─────────────────────────────────────────────────────────────────┐
FuzzForge MCP Server │
┌─────────────┐ ┌──────────────┐ ┌────────────────────────┐
│list_modules │ │execute_module│ │start_continuous_module │
───────────── ──────────────┘ └────────────────────────┘
SecPipe MCP Server
Projects Hub Discovery Hub Execution
┌────────────── ──────────────────┐ ┌───────────────────
│ │init_project │ │list_hub_servers │ │execute_hub_tool │ │
│ │set_assets │ │discover_hub_tools│ │start_hub_server │ │
│ │list_results │ │get_tool_schema │ │stop_hub_server │ │
│ └──────────────┘ └──────────────────┘ └───────────────────┘ │
└───────────────────────────┬─────────────────────────────────────┘
Docker/Podman
┌─────────────────────────────────────────────────────────────────┐
FuzzForge Runner
Container Engine (Docker/Podman)
└────────────────────────────────────────────────────────────────
┌───────────────────┼───────────────────┐
▼ ▼
───────────────┐ ┌───────────────┐ ┌───────────────┐
Module A │ Module B │ │ Module C
(Container) │ │ (Container) (Container)
───────────────┘ └───────────────┘ └───────────────┘
MCP Hub Servers
│ ┌───────────┐ ┌───────────┐ ┌───────────┐ ┌───────────┐ │
│ Binwalk YARA │ Radare2 │ │ Nmap │
6 tools │ │ 5 tools │ │ 32 tools │ │ 8 tools │ │
│ └───────────┘ └───────────┘ └───────────┘ └───────────┘
┌───────────┐ ─────────── ┌───────────┐ ┌───────────┐
│ Nuclei SQLMap │ │ Trivy │ │ ...
│ 7 tools │ │ 8 tools │ │ 7 tools │ │ 36 hubs │
└───────────┘ ─────────── └───────────┘ └───────────┘
└─────────────────────────────────────────────────────────────────┘
```
---
## 🔧 MCP Security Hub
SecPipe ships with built-in support for the **[MCP Security Hub](https://github.com/FuzzingLabs/mcp-security-hub)** — a collection of 36 production-ready, Dockerized MCP servers covering offensive security:
| Category | Servers | Examples |
|----------|---------|----------|
| 🔍 **Reconnaissance** | 8 | Nmap, Masscan, Shodan, WhatWeb |
| 🌐 **Web Security** | 6 | Nuclei, SQLMap, ffuf, Nikto |
| 🔬 **Binary Analysis** | 6 | Radare2, Binwalk, YARA, Capa, Ghidra |
| ⛓️ **Blockchain** | 3 | Medusa, Solazy, DAML Viewer |
| ☁️ **Cloud Security** | 3 | Trivy, Prowler, RoadRecon |
| 💻 **Code Security** | 1 | Semgrep |
| 🔑 **Secrets Detection** | 1 | Gitleaks |
| 💥 **Exploitation** | 1 | SearchSploit |
| 🎯 **Fuzzing** | 2 | Boofuzz, Dharma |
| 🕵️ **OSINT** | 2 | Maigret, DNSTwist |
| 🛡️ **Threat Intel** | 2 | VirusTotal, AlienVault OTX |
| 🏰 **Active Directory** | 1 | BloodHound |
> 185+ individual tools accessible through a single MCP connection.
The hub is open source and can be extended with your own MCP servers. See the [mcp-security-hub repository](https://github.com/FuzzingLabs/mcp-security-hub) for details.
---
## 📦 Installation
### Prerequisites
@@ -135,138 +169,77 @@ If you find FuzzForge useful, please **star the repo** to support development!
```bash
# Clone the repository
git clone https://github.com/FuzzingLabs/fuzzforge_ai.git
cd fuzzforge_ai
git clone https://github.com/FuzzingLabs/secpipe_ai.git
cd secpipe_ai
# Install dependencies
uv sync
# Build module images
make build-modules
```
### Link the Security Hub
```bash
# Clone the MCP Security Hub
git clone https://github.com/FuzzingLabs/mcp-security-hub.git ~/.secpipe/hubs/mcp-security-hub
# Build the Docker images for the hub tools
./scripts/build-hub-images.sh
```
Or use the terminal UI (`uv run secpipe ui`) to link hubs interactively.
### Configure MCP for Your AI Agent
```bash
# For GitHub Copilot
uv run fuzzforge mcp install copilot
uv run secpipe mcp install copilot
# For Claude Code (CLI)
uv run fuzzforge mcp install claude-code
uv run secpipe mcp install claude-code
# For Claude Desktop (standalone app)
uv run fuzzforge mcp install claude-desktop
uv run secpipe mcp install claude-desktop
# Verify installation
uv run fuzzforge mcp status
uv run secpipe mcp status
```
**Restart your editor** and your AI agent will have access to FuzzForge tools!
**Restart your editor** and your AI agent will have access to SecPipe tools!
---
## 📦 Modules
## 🧑‍💻 Usage
FuzzForge modules are containerized security tools that AI agents can orchestrate. The module ecosystem is designed around a simple principle: **the OSS runtime orchestrates, enterprise modules execute**.
Once installed, just talk to your AI agent:
### Module Ecosystem
| | FuzzForge AI | FuzzForge Enterprise Modules |
|---|---|---|
| **What** | Runtime & MCP server | Security research modules |
| **License** | Apache 2.0 | BSL 1.1 (Business Source License) |
| **Compatibility** | ✅ Runs any compatible module | ✅ Works with FuzzForge AI |
**Enterprise modules** are developed separately and provide production-ready security tooling:
| Category | Modules | Description |
|----------|---------|-------------|
| 🔍 **Static Analysis** | Rust Analyzer, Solidity Analyzer, Cairo Analyzer | Code analysis and fuzzable function detection |
| 🎯 **Fuzzing** | Cargo Fuzzer, Honggfuzz, AFL++ | Coverage-guided fuzz testing |
| 💥 **Crash Analysis** | Crash Triager, Root Cause Analyzer | Automated crash deduplication and analysis |
| 🔐 **Vulnerability Detection** | Pattern Matcher, Taint Analyzer | Security vulnerability scanning |
| 📝 **Reporting** | Report Generator, SARIF Exporter | Automated security report generation |
> 💡 **Build your own modules!** The FuzzForge SDK allows you to create custom modules that integrate seamlessly with FuzzForge AI. See [Creating Custom Modules](#-creating-custom-modules).
### Execution Modes
Modules run in two execution modes:
#### One-shot Execution
Run a module once and get results:
```python
result = execute_module("my-analyzer", assets_path="/path/to/project")
```
"What security tools are available?"
"Scan this firmware image for vulnerabilities"
"Analyze this binary with radare2"
"Run nuclei against https://example.com"
```
#### Continuous Execution
The agent will use SecPipe to discover the right hub tools, chain them into a pipeline, and return results — all without you touching a terminal.
For long-running tasks like fuzzing, with real-time metrics:
```python
# Start continuous execution
session = start_continuous_module("my-fuzzer",
assets_path="/path/to/project",
configuration={"target": "my_target"})
# Check status with live metrics
status = get_continuous_status(session["session_id"])
# Stop and collect results
stop_continuous_module(session["session_id"])
```
---
## 🛠️ Creating Custom Modules
Build your own security modules with the FuzzForge SDK:
```python
from fuzzforge_modules_sdk import FuzzForgeModule, FuzzForgeModuleResults
class MySecurityModule(FuzzForgeModule):
def _run(self, resources):
self.emit_event("started", target=resources[0].path)
# Your analysis logic here
results = self.analyze(resources)
self.emit_progress(100, status="completed",
message=f"Analysis complete")
return FuzzForgeModuleResults.SUCCESS
```
📖 See the [Module SDK Guide](fuzzforge-modules/fuzzforge-modules-sdk/README.md) for details.
See the [Usage Guide](USAGE.md) for detailed setup and advanced workflows.
---
## 📁 Project Structure
```
fuzzforge_ai/
├── fuzzforge-cli/ # Command-line interface
├── fuzzforge-common/ # Shared abstractions (containers, storage)
├── fuzzforge-mcp/ # MCP server for AI agents
├── fuzzforge-modules/ # Security modules
│ └── fuzzforge-modules-sdk/ # Module development SDK
├── fuzzforge-runner/ # Local execution engine
── fuzzforge-types/ # Type definitions & schemas
└── demo/ # Demo projects for testing
secpipe_ai/
├── secpipe-mcp/ # MCP server — the core of SecPipe
├── secpipe-cli/ # Command-line interface & terminal UI
├── secpipe-common/ # Shared abstractions (containers, storage)
├── secpipe-runner/ # Container execution engine (Docker/Podman)
├── secpipe-tests/ # Integration tests
├── mcp-security-hub/ # Default hub: 36 offensive security MCP servers
── scripts/ # Hub image build scripts
```
---
## 🗺️ What's Next
**[MCP Security Hub](https://github.com/FuzzingLabs/mcp-security-hub) integration** — Bridge 175+ offensive security tools (Nmap, Nuclei, Ghidra, and more) into FuzzForge workflows, all orchestrated by AI agents.
See [ROADMAP.md](ROADMAP.md) for the full roadmap.
---
## 🤝 Contributing
We welcome contributions from the community!
@@ -274,7 +247,7 @@ We welcome contributions from the community!
- 🐛 Report bugs via [GitHub Issues](../../issues)
- 💡 Suggest features or improvements
- 🔧 Submit pull requests
- 📦 Share your custom modules
- 🔌 Add new MCP servers to the [Security Hub](https://github.com/FuzzingLabs/mcp-security-hub)
See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
@@ -289,4 +262,4 @@ BSL 1.1 - See [LICENSE](LICENSE) for details.
<p align="center">
<strong>Maintained by <a href="https://fuzzinglabs.com">FuzzingLabs</a></strong>
<br>
</p>
</p>

65
RELEASE_NOTES.md Normal file
View File

@@ -0,0 +1,65 @@
# v0.8.0 — MCP Hub Architecture
SecPipe AI v0.8.0 is a major architectural rewrite. The previous module system has been replaced by the **MCP Hub** architecture — SecPipe now acts as a meta-MCP server that connects AI agents to collections of containerized security tools, discovered and orchestrated at runtime.
---
## Highlights
### MCP Hub System
SecPipe no longer ships its own security modules. Instead, it connects to **MCP tool hubs** — registries of Dockerized MCP servers that AI agents can discover, chain, and execute autonomously.
- **Runtime tool discovery** — agents call `list_hub_servers` and `discover_hub_tools` to find available tools
- **Agent context convention** — hub tools provide built-in usage tips, workflow guidance, and domain knowledge so agents can use them without human intervention
- **Category filtering** — servers are organized by category (`binary-analysis`, `web-security`, `reconnaissance`, etc.) for efficient discovery
- **Persistent sessions** — stateful tools like Radare2 run in long-lived containers with `start_hub_server` / `stop_hub_server`
- **Volume mounts** — project assets are automatically mounted into tool containers for seamless file access
- **Continuous mode** — long-running tools (fuzzers) with real-time status via `start_continuous_hub_tool`
### MCP Security Hub Integration
Ships with built-in support for the [MCP Security Hub](https://github.com/FuzzingLabs/mcp-security-hub) — **36 production-ready MCP servers** covering:
| Category | Servers | Examples |
|----------|---------|----------|
| Reconnaissance | 8 | Nmap, Masscan, Shodan, WhatWeb |
| Web Security | 6 | Nuclei, SQLMap, ffuf, Nikto |
| Binary Analysis | 6 | Radare2, Binwalk, YARA, Capa, Ghidra |
| Blockchain | 3 | Medusa, Solazy, DAML Viewer |
| Cloud Security | 3 | Trivy, Prowler, RoadRecon |
| Code Security | 1 | Semgrep |
| Secrets Detection | 1 | Gitleaks |
| Exploitation | 1 | SearchSploit |
| Fuzzing | 2 | Boofuzz, Dharma |
| OSINT | 2 | Maigret, DNSTwist |
| Threat Intel | 2 | VirusTotal, AlienVault OTX |
| Active Directory | 1 | BloodHound |
> **185+ individual security tools** accessible through a single MCP connection.
### Terminal UI
A new interactive terminal interface (`uv run secpipe ui`) for managing hubs and agents:
- Dashboard with hub status overview
- One-click MCP server installation for GitHub Copilot, Claude Code, and Claude Desktop
- In-UI Docker image building with live log viewer
- Hub linking and registry management
---
## Breaking Changes
- The module system has been removed (`list_modules`, `execute_module`, `start_continuous_module`)
- Replaced by hub tools: `list_hub_servers`, `discover_hub_tools`, `execute_hub_tool`, `start_hub_server`, `stop_hub_server`, etc.
- `make build-modules` replaced by `./scripts/build-hub-images.sh`
---
## Other Changes
- **CI**: GitHub Actions workflows with ruff lint, mypy typecheck, and tests
- **Config**: `SECPIPE_USER_DIR` environment variable to override user-global data directory
- **Storage**: `~/.secpipe` for user-global data, `.secpipe/` in workspace for project storage
- **Docs**: README rewritten for hub-centric architecture

20
ROADMAP.md
View File

@@ -1,6 +1,6 @@
# FuzzForge AI Roadmap
# SecPipe AI Roadmap
This document outlines the planned features and development direction for FuzzForge AI.
This document outlines the planned features and development direction for SecPipe AI.
---
@@ -10,27 +10,27 @@ This document outlines the planned features and development direction for FuzzFo
**Status:** 🔄 Planned
Integrate [mcp-security-hub](https://github.com/FuzzingLabs/mcp-security-hub) tools into FuzzForge, giving AI agents access to 28 MCP servers and 163+ security tools through a unified interface.
Integrate [mcp-security-hub](https://github.com/FuzzingLabs/mcp-security-hub) tools into SecPipe, giving AI agents access to 28 MCP servers and 163+ security tools through a unified interface.
#### How It Works
Unlike native FuzzForge modules (built with the SDK), mcp-security-hub tools are **standalone MCP servers**. The integration will bridge these tools so they can be:
Unlike native SecPipe modules (built with the SDK), mcp-security-hub tools are **standalone MCP servers**. The integration will bridge these tools so they can be:
- Discovered via `list_modules` alongside native modules
- Executed through FuzzForge's orchestration layer
- Executed through SecPipe's orchestration layer
- Chained with native modules in workflows
| Aspect | Native Modules | MCP Hub Tools |
|--------|----------------|---------------|
| **Runtime** | FuzzForge SDK container | Standalone MCP server container |
| **Runtime** | SecPipe SDK container | Standalone MCP server container |
| **Protocol** | Direct execution | MCP-to-MCP bridge |
| **Configuration** | Module config | Tool-specific args |
| **Output** | FuzzForge results format | Tool-native format (normalized) |
| **Output** | SecPipe results format | Tool-native format (normalized) |
#### Goals
- Unified discovery of all available tools (native + hub)
- Orchestrate hub tools through FuzzForge's workflow engine
- Orchestrate hub tools through SecPipe's workflow engine
- Normalize outputs for consistent result handling
- No modification required to mcp-security-hub tools
@@ -65,7 +65,7 @@ AI Agent:
**Status:** 🔄 Planned
A graphical interface to manage FuzzForge without the command line.
A graphical interface to manage SecPipe without the command line.
#### Goals
@@ -115,7 +115,7 @@ Features under consideration for future releases:
Have suggestions for the roadmap?
- Open an issue on [GitHub](https://github.com/FuzzingLabs/fuzzforge_ai/issues)
- Open an issue on [GitHub](https://github.com/FuzzingLabs/secpipe_ai/issues)
- Join our [Discord](https://discord.gg/8XEX33UUwZ)
---

147
USAGE.md
View File

@@ -1,9 +1,9 @@
# FuzzForge AI Usage Guide
# SecPipe AI Usage Guide
This guide covers everything you need to know to get started with FuzzForge AI — from installation to linking your first MCP hub and running security research workflows with AI.
This guide covers everything you need to know to get started with SecPipe AI — from installation to linking your first MCP hub and running security research workflows with AI.
> **FuzzForge is designed to be used with AI agents** (GitHub Copilot, Claude, etc.) via MCP.
> A terminal UI (`fuzzforge ui`) is provided for managing agents and hubs.
> **SecPipe is designed to be used with AI agents** (GitHub Copilot, Claude, etc.) via MCP.
> A terminal UI (`secpipe ui`) is provided for managing agents and hubs.
> The CLI is available for advanced users but the primary experience is through natural language interaction with your AI assistant.
---
@@ -27,7 +27,7 @@ This guide covers everything you need to know to get started with FuzzForge AI
- [GitHub Copilot](#github-copilot)
- [Claude Code (CLI)](#claude-code-cli)
- [Claude Desktop](#claude-desktop)
- [Using FuzzForge with AI](#using-fuzzforge-with-ai)
- [Using SecPipe with AI](#using-secpipe-with-ai)
- [CLI Reference](#cli-reference)
- [Environment Variables](#environment-variables)
- [Troubleshooting](#troubleshooting)
@@ -41,16 +41,19 @@ This guide covers everything you need to know to get started with FuzzForge AI
```bash
# 1. Clone and install
git clone https://github.com/FuzzingLabs/fuzzforge_ai.git
cd fuzzforge_ai
git clone https://github.com/FuzzingLabs/secpipe_ai.git
cd secpipe_ai
uv sync
# 2. Launch the terminal UI
uv run fuzzforge ui
uv run secpipe ui
# 3. Press 'h' → "FuzzingLabs Hub" to clone & link the default security hub
# 4. Select an agent row and press Enter to link it
# 5. Restart your AI agent and start talking:
# 4. Select an agent row and press Enter to install the MCP server for your agent
# 5. Build the Docker images for the hub tools (required before tools can run)
./scripts/build-hub-images.sh
# 6. Restart your AI agent and start talking:
# "What security tools are available?"
# "Scan this binary with binwalk and yara"
# "Analyze this Rust crate for fuzzable functions"
@@ -60,23 +63,26 @@ Or do it entirely from the command line:
```bash
# Install MCP for your AI agent
uv run fuzzforge mcp install copilot # For VS Code + GitHub Copilot
uv run secpipe mcp install copilot # For VS Code + GitHub Copilot
# OR
uv run fuzzforge mcp install claude-code # For Claude Code CLI
uv run secpipe mcp install claude-code # For Claude Code CLI
# Build hub tool images
# Clone and link the default security hub
git clone git@github.com:FuzzingLabs/mcp-security-hub.git ~/.secpipe/hubs/mcp-security-hub
# Build hub tool images (required — tools only run once their image is built)
./scripts/build-hub-images.sh
# Restart your AI agent — done!
```
> **Note:** FuzzForge uses Docker by default. Podman is also supported via `--engine podman`.
> **Note:** SecPipe uses Docker by default. Podman is also supported via `--engine podman`.
---
## Prerequisites
Before installing FuzzForge AI, ensure you have:
Before installing SecPipe AI, ensure you have:
- **Python 3.12+** — [Download Python](https://www.python.org/downloads/)
- **uv** package manager — [Install uv](https://docs.astral.sh/uv/)
@@ -106,7 +112,7 @@ sudo usermod -aG docker $USER
```
> **Note:** Podman is also supported. Use `--engine podman` with CLI commands
> or set `FUZZFORGE_ENGINE=podman` environment variable.
> or set `SECPIPE_ENGINE=podman` environment variable.
---
@@ -115,8 +121,8 @@ sudo usermod -aG docker $USER
### 1. Clone the Repository
```bash
git clone https://github.com/FuzzingLabs/fuzzforge_ai.git
cd fuzzforge_ai
git clone https://github.com/FuzzingLabs/secpipe_ai.git
cd secpipe_ai
```
### 2. Install Dependencies
@@ -125,24 +131,24 @@ cd fuzzforge_ai
uv sync
```
This installs all FuzzForge components in a virtual environment.
This installs all SecPipe components in a virtual environment.
### 3. Verify Installation
```bash
uv run fuzzforge --help
uv run secpipe --help
```
---
## Terminal UI
FuzzForge ships with a terminal user interface (TUI) built on [Textual](https://textual.textualize.io/) for managing AI agents and MCP hub servers from a single dashboard.
SecPipe ships with a terminal user interface (TUI) built on [Textual](https://textual.textualize.io/) for managing AI agents and MCP hub servers from a single dashboard.
### Launching the UI
```bash
uv run fuzzforge ui
uv run secpipe ui
```
### Dashboard
@@ -167,11 +173,11 @@ The main screen is split into two panels:
Select an agent row in the AI Agents table and press `Enter`:
- **If the agent is not linked** → a setup dialog opens asking for your container engine (Docker or Podman), then installs the FuzzForge MCP configuration
- **If the agent is already linked** → a confirmation dialog offers to unlink it (removes the `fuzzforge` entry without touching other MCP servers)
- **If the agent is not linked** → a setup dialog opens asking for your container engine (Docker or Podman), then installs the SecPipe MCP configuration
- **If the agent is already linked** → a confirmation dialog offers to unlink it (removes the `secpipe` entry without touching other MCP servers)
The setup auto-detects:
- FuzzForge installation root
- SecPipe installation root
- Docker/Podman socket path
- Hub configuration from `hub-config.json`
@@ -181,8 +187,8 @@ Press `h` to open the hub manager. This is where you manage your MCP hub reposit
| Button | Action |
|--------|--------|
| **FuzzingLabs Hub** | One-click clone of the official [mcp-security-hub](https://github.com/FuzzingLabs/mcp-security-hub) repository — clones to `~/.fuzzforge/hubs/mcp-security-hub`, scans for tools, and registers them in `hub-config.json` |
| **Link Path** | Link any local directory as a hub — enter a name and path, FuzzForge scans it for `category/tool-name/Dockerfile` patterns |
| **FuzzingLabs Hub** | One-click clone of the official [mcp-security-hub](https://github.com/FuzzingLabs/mcp-security-hub) repository — clones to `~/.secpipe/hubs/mcp-security-hub`, scans for tools, and registers them in `hub-config.json` |
| **Link Path** | Link any local directory as a hub — enter a name and path, SecPipe scans it for `category/tool-name/Dockerfile` patterns |
| **Clone URL** | Clone any git repository and link it as a hub |
| **Remove** | Unlink the selected hub and remove its servers from the configuration |
@@ -213,7 +219,7 @@ my-hub/
└── ...
```
FuzzForge scans for the pattern `category/tool-name/Dockerfile` and auto-generates server configuration entries for each discovered tool.
SecPipe scans for the pattern `category/tool-name/Dockerfile` and auto-generates server configuration entries for each discovered tool.
### FuzzingLabs Security Hub
@@ -236,14 +242,14 @@ The default MCP hub is [mcp-security-hub](https://github.com/FuzzingLabs/mcp-sec
**Clone it via the UI:**
1. `uv run fuzzforge ui`
1. `uv run secpipe ui`
2. Press `h` → click **FuzzingLabs Hub**
3. Wait for the clone to finish — servers are auto-registered
**Or clone manually:**
```bash
git clone git@github.com:FuzzingLabs/mcp-security-hub.git ~/.fuzzforge/hubs/mcp-security-hub
git clone git@github.com:FuzzingLabs/mcp-security-hub.git ~/.secpipe/hubs/mcp-security-hub
```
### Linking a Custom Hub
@@ -280,32 +286,32 @@ If you prefer the command line over the TUI, you can configure agents directly:
### GitHub Copilot
```bash
uv run fuzzforge mcp install copilot
uv run secpipe mcp install copilot
```
The command auto-detects:
- **FuzzForge root** — Where FuzzForge is installed
- **SecPipe root** — Where SecPipe is installed
- **Docker socket** — Auto-detects `/var/run/docker.sock`
**Optional overrides:**
```bash
uv run fuzzforge mcp install copilot --engine podman
uv run secpipe mcp install copilot --engine podman
```
**After installation:** Restart VS Code. FuzzForge tools appear in GitHub Copilot Chat.
**After installation:** Restart VS Code. SecPipe tools appear in GitHub Copilot Chat.
### Claude Code (CLI)
```bash
uv run fuzzforge mcp install claude-code
uv run secpipe mcp install claude-code
```
Installs to `~/.claude.json`. FuzzForge tools are available from any directory after restarting Claude.
Installs to `~/.claude.json`. SecPipe tools are available from any directory after restarting Claude.
### Claude Desktop
```bash
uv run fuzzforge mcp install claude-desktop
uv run secpipe mcp install claude-desktop
```
**After installation:** Restart Claude Desktop.
@@ -313,28 +319,28 @@ uv run fuzzforge mcp install claude-desktop
### Check Status
```bash
uv run fuzzforge mcp status
uv run secpipe mcp status
```
### Remove Configuration
```bash
uv run fuzzforge mcp uninstall copilot
uv run fuzzforge mcp uninstall claude-code
uv run fuzzforge mcp uninstall claude-desktop
uv run secpipe mcp uninstall copilot
uv run secpipe mcp uninstall claude-code
uv run secpipe mcp uninstall claude-desktop
```
---
## Using FuzzForge with AI
## Using SecPipe with AI
Once MCP is configured and hub images are built, interact with FuzzForge through natural language with your AI assistant.
Once MCP is configured and hub images are built, interact with SecPipe through natural language with your AI assistant.
### Example Conversations
**Discover available tools:**
```
You: "What security tools are available in FuzzForge?"
You: "What security tools are available in SecPipe?"
AI: Queries hub tools → "I found 15 tools across categories: nmap for
port scanning, binwalk for firmware analysis, semgrep for code
scanning, cargo-fuzzer for Rust fuzzing..."
@@ -371,43 +377,50 @@ AI: Uses semgrep-mcp → "Found 5 findings: 2 high severity SQL injection
### UI Command
```bash
uv run fuzzforge ui # Launch the terminal dashboard
uv run secpipe ui # Launch the terminal dashboard
```
### MCP Commands
```bash
uv run fuzzforge mcp status # Check agent configuration status
uv run fuzzforge mcp install <agent> # Install MCP config (copilot|claude-code|claude-desktop)
uv run fuzzforge mcp uninstall <agent> # Remove MCP config
uv run fuzzforge mcp generate <agent> # Preview config without installing
uv run secpipe mcp status # Check agent configuration status
uv run secpipe mcp install <agent> # Install MCP config (copilot|claude-code|claude-desktop)
uv run secpipe mcp uninstall <agent> # Remove MCP config
uv run secpipe mcp generate <agent> # Preview config without installing
```
### Project Commands
```bash
uv run fuzzforge project init # Initialize a project
uv run fuzzforge project info # Show project info
uv run fuzzforge project executions # List executions
uv run fuzzforge project results <id> # Get execution results
uv run secpipe project init # Initialize a project
uv run secpipe project info # Show project info
uv run secpipe project executions # List executions
uv run secpipe project results <id> # Get execution results
```
---
## Environment Variables
Configure FuzzForge using environment variables:
Configure SecPipe using environment variables:
```bash
# Storage path for projects and execution results
export FUZZFORGE_STORAGE_PATH=/path/to/storage
# Override the SecPipe installation root (auto-detected from cwd by default)
export SECPIPE_ROOT=/path/to/secpipe_ai
# Override the user-global data directory (default: ~/.secpipe)
# Useful for isolated testing without touching your real installation
export SECPIPE_USER_DIR=/tmp/my-secpipe-test
# Storage path for projects and execution results (default: <workspace>/.secpipe/storage)
export SECPIPE_STORAGE__PATH=/path/to/storage
# Container engine (Docker is default)
export FUZZFORGE_ENGINE__TYPE=docker # or podman
export SECPIPE_ENGINE__TYPE=docker # or podman
# Podman-specific settings
export FUZZFORGE_ENGINE__GRAPHROOT=~/.fuzzforge/containers/storage
export FUZZFORGE_ENGINE__RUNROOT=~/.fuzzforge/containers/run
# Podman-specific container storage paths
export SECPIPE_ENGINE__GRAPHROOT=~/.secpipe/containers/storage
export SECPIPE_ENGINE__RUNROOT=~/.secpipe/containers/run
```
---
@@ -460,7 +473,7 @@ docker build -t <tool-name>:latest mcp-security-hub/<category>/<tool-name>/
```bash
# Check agent configuration
uv run fuzzforge mcp status
uv run secpipe mcp status
# Verify the config file path exists and contains valid JSON
cat ~/.config/Code/User/mcp.json # Copilot
@@ -471,29 +484,29 @@ cat ~/.claude.json # Claude Code
```bash
# Install with Podman engine
uv run fuzzforge mcp install copilot --engine podman
uv run secpipe mcp install copilot --engine podman
# Or set environment variable
export FUZZFORGE_ENGINE=podman
export SECPIPE_ENGINE=podman
```
### Hub Registry
FuzzForge stores linked hub information in `~/.fuzzforge/hubs.json`. If something goes wrong:
SecPipe stores linked hub information in `~/.secpipe/hubs.json`. If something goes wrong:
```bash
# View registry
cat ~/.fuzzforge/hubs.json
cat ~/.secpipe/hubs.json
# Reset registry
rm ~/.fuzzforge/hubs.json
rm ~/.secpipe/hubs.json
```
---
## Next Steps
- 🖥️ Launch `uv run fuzzforge ui` and explore the dashboard
- 🖥️ Launch `uv run secpipe ui` and explore the dashboard
- 🔒 Clone the [mcp-security-hub](https://github.com/FuzzingLabs/mcp-security-hub) for 40+ security tools
- 💬 Join our [Discord](https://discord.gg/8XEX33UUwZ) for support

BIN
assets/demopart1.gif
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 360 KiB

BIN
assets/demopart2.gif
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.1 MiB

3
fuzzforge-cli/README.md
View File

@@ -1,3 +0,0 @@
# FuzzForge CLI
...

15
fuzzforge-cli/ruff.toml
View File

@@ -1,15 +0,0 @@
line-length = 120
[lint]
select = [ "ALL" ]
ignore = [
"COM812", # conflicts with the formatter
"D203", # conflicts with 'D211'
"D213", # conflicts with 'D212'
]
[lint.per-file-ignores]
"tests/*" = [
"PLR2004", # allowing comparisons using unamed numerical constants in tests
"S101", # allowing 'assert' statements in tests
]

1
fuzzforge-cli/src/fuzzforge_cli/tui/__init__.py
View File

@@ -1 +0,0 @@
"""FuzzForge terminal user interface."""

1
fuzzforge-cli/src/fuzzforge_cli/tui/screens/__init__.py
View File

@@ -1 +0,0 @@
"""TUI screens for FuzzForge."""

3
fuzzforge-common/README.md
View File

@@ -1,3 +0,0 @@
# FuzzForge Common
...

20
fuzzforge-common/ruff.toml
View File

@@ -1,20 +0,0 @@
line-length = 120
[lint]
select = [ "ALL" ]
ignore = [
"COM812", # conflicts with the formatter
"D100", # ignoring missing docstrings in public modules
"D104", # ignoring missing docstrings in public packages
"D203", # conflicts with 'D211'
"D213", # conflicts with 'D212'
"TD002", # ignoring missing author in 'TODO' statements
"TD003", # ignoring missing issue link in 'TODO' statements
]
[lint.per-file-ignores]
"tests/*" = [
"ANN401", # allowing 'typing.Any' to be used to type function parameters in tests
"PLR2004", # allowing comparisons using unamed numerical constants in tests
"S101", # allowing 'assert' statements in tests
]

38
fuzzforge-common/src/fuzzforge_common/__init__.py
View File

@@ -1,38 +0,0 @@
"""FuzzForge Common - Shared abstractions and implementations for FuzzForge.
This package provides:
- Sandbox engine abstractions (Podman, Docker)
- Common exceptions
Example usage:
from fuzzforge_common import (
AbstractFuzzForgeSandboxEngine,
ImageInfo,
Podman,
PodmanConfiguration,
)
"""
from fuzzforge_common.exceptions import FuzzForgeError
from fuzzforge_common.sandboxes import (
AbstractFuzzForgeEngineConfiguration,
AbstractFuzzForgeSandboxEngine,
Docker,
DockerConfiguration,
FuzzForgeSandboxEngines,
ImageInfo,
Podman,
PodmanConfiguration,
)
__all__ = [
"AbstractFuzzForgeEngineConfiguration",
"AbstractFuzzForgeSandboxEngine",
"Docker",
"DockerConfiguration",
"FuzzForgeError",
"FuzzForgeSandboxEngines",
"ImageInfo",
"Podman",
"PodmanConfiguration",
]

23
fuzzforge-common/src/fuzzforge_common/sandboxes/__init__.py
View File

@@ -1,23 +0,0 @@
"""FuzzForge sandbox abstractions and implementations."""
from fuzzforge_common.sandboxes.engines import (
AbstractFuzzForgeEngineConfiguration,
AbstractFuzzForgeSandboxEngine,
Docker,
DockerConfiguration,
FuzzForgeSandboxEngines,
ImageInfo,
Podman,
PodmanConfiguration,
)
__all__ = [
"AbstractFuzzForgeEngineConfiguration",
"AbstractFuzzForgeSandboxEngine",
"Docker",
"DockerConfiguration",
"FuzzForgeSandboxEngines",
"ImageInfo",
"Podman",
"PodmanConfiguration",
]

21
fuzzforge-common/src/fuzzforge_common/sandboxes/engines/__init__.py
View File

@@ -1,21 +0,0 @@
"""Container engine implementations for FuzzForge sandboxes."""
from fuzzforge_common.sandboxes.engines.base import (
AbstractFuzzForgeEngineConfiguration,
AbstractFuzzForgeSandboxEngine,
ImageInfo,
)
from fuzzforge_common.sandboxes.engines.docker import Docker, DockerConfiguration
from fuzzforge_common.sandboxes.engines.enumeration import FuzzForgeSandboxEngines
from fuzzforge_common.sandboxes.engines.podman import Podman, PodmanConfiguration
__all__ = [
"AbstractFuzzForgeEngineConfiguration",
"AbstractFuzzForgeSandboxEngine",
"Docker",
"DockerConfiguration",
"FuzzForgeSandboxEngines",
"ImageInfo",
"Podman",
"PodmanConfiguration",
]

15
fuzzforge-common/src/fuzzforge_common/sandboxes/engines/base/__init__.py
View File

@@ -1,15 +0,0 @@
"""Base engine abstractions."""
from fuzzforge_common.sandboxes.engines.base.configuration import (
AbstractFuzzForgeEngineConfiguration,
)
from fuzzforge_common.sandboxes.engines.base.engine import (
AbstractFuzzForgeSandboxEngine,
ImageInfo,
)
__all__ = [
"AbstractFuzzForgeEngineConfiguration",
"AbstractFuzzForgeSandboxEngine",
"ImageInfo",
]

24
fuzzforge-common/src/fuzzforge_common/sandboxes/engines/base/configuration.py
View File

@@ -1,24 +0,0 @@
from abc import ABC, abstractmethod
from typing import TYPE_CHECKING
from pydantic import BaseModel
from fuzzforge_common.sandboxes.engines.enumeration import (
FuzzForgeSandboxEngines, # noqa: TC001 (required by 'pydantic' at runtime)
)
if TYPE_CHECKING:
from fuzzforge_common.sandboxes.engines.base.engine import AbstractFuzzForgeSandboxEngine
class AbstractFuzzForgeEngineConfiguration(ABC, BaseModel):
"""TODO."""
#: TODO.
kind: FuzzForgeSandboxEngines
@abstractmethod
def into_engine(self) -> AbstractFuzzForgeSandboxEngine:
"""TODO."""
message: str = f"method 'into_engine' is not implemented for class '{self.__class__.__name__}'"
raise NotImplementedError(message)

13
fuzzforge-common/src/fuzzforge_common/sandboxes/engines/docker/__init__.py
View File

@@ -1,13 +0,0 @@
"""Docker container engine implementation."""
from fuzzforge_common.sandboxes.engines.docker.cli import DockerCLI
from fuzzforge_common.sandboxes.engines.docker.configuration import (
DockerConfiguration,
)
from fuzzforge_common.sandboxes.engines.docker.engine import Docker
__all__ = [
"Docker",
"DockerCLI",
"DockerConfiguration",
]

22
fuzzforge-common/src/fuzzforge_common/sandboxes/engines/docker/configuration.py
View File

@@ -1,22 +0,0 @@
from typing import TYPE_CHECKING, Literal
from fuzzforge_common.sandboxes.engines.base.configuration import AbstractFuzzForgeEngineConfiguration
from fuzzforge_common.sandboxes.engines.docker.engine import Docker
from fuzzforge_common.sandboxes.engines.enumeration import FuzzForgeSandboxEngines
if TYPE_CHECKING:
from fuzzforge_common.sandboxes.engines.base.engine import AbstractFuzzForgeSandboxEngine
class DockerConfiguration(AbstractFuzzForgeEngineConfiguration):
"""TODO."""
#: TODO.
kind: Literal[FuzzForgeSandboxEngines.DOCKER] = FuzzForgeSandboxEngines.DOCKER
#: TODO.
socket: str
def into_engine(self) -> AbstractFuzzForgeSandboxEngine:
"""TODO."""
return Docker(socket=self.socket)

13
fuzzforge-common/src/fuzzforge_common/sandboxes/engines/podman/__init__.py
View File

@@ -1,13 +0,0 @@
"""Podman container engine implementation."""
from fuzzforge_common.sandboxes.engines.podman.cli import PodmanCLI
from fuzzforge_common.sandboxes.engines.podman.configuration import (
PodmanConfiguration,
)
from fuzzforge_common.sandboxes.engines.podman.engine import Podman
__all__ = [
"Podman",
"PodmanCLI",
"PodmanConfiguration",
]

22
fuzzforge-common/src/fuzzforge_common/sandboxes/engines/podman/configuration.py
View File

@@ -1,22 +0,0 @@
from typing import TYPE_CHECKING, Literal
from fuzzforge_common.sandboxes.engines.base.configuration import AbstractFuzzForgeEngineConfiguration
from fuzzforge_common.sandboxes.engines.enumeration import FuzzForgeSandboxEngines
from fuzzforge_common.sandboxes.engines.podman.engine import Podman
if TYPE_CHECKING:
from fuzzforge_common.sandboxes.engines.base.engine import AbstractFuzzForgeSandboxEngine
class PodmanConfiguration(AbstractFuzzForgeEngineConfiguration):
"""TODO."""
#: TODO.
kind: Literal[FuzzForgeSandboxEngines.PODMAN] = FuzzForgeSandboxEngines.PODMAN
#: TODO.
socket: str
def into_engine(self) -> AbstractFuzzForgeSandboxEngine:
"""TODO."""
return Podman(socket=self.socket)

1
fuzzforge-common/tests/conftest.py
View File

@@ -1 +0,0 @@
pytest_plugins = ["fuzzforge_tests.fixtures"]

16
fuzzforge-mcp/ruff.toml
View File

@@ -1,16 +0,0 @@
line-length = 120
[lint]
select = [ "ALL" ]
ignore = [
"COM812", # conflicts with the formatter
"D203", # conflicts with 'D211'
"D213", # conflicts with 'D212'
]
[lint.per-file-ignores]
"tests/*" = [
"PLR0913", # allowing functions with many arguments in tests (required for fixtures)
"PLR2004", # allowing comparisons using unamed numerical constants in tests
"S101", # allowing 'assert' statements in tests
]

70
fuzzforge-mcp/src/fuzzforge_mcp/application.py
View File

@@ -1,70 +0,0 @@
"""FuzzForge MCP Server Application.
This is the main entry point for the FuzzForge MCP server, providing
AI agents with tools to discover and execute MCP hub tools for
security research.
"""
from contextlib import asynccontextmanager
from typing import TYPE_CHECKING
from fastmcp import FastMCP
from fastmcp.server.middleware.error_handling import ErrorHandlingMiddleware
from fuzzforge_mcp import resources, tools
from fuzzforge_mcp.settings import Settings
if TYPE_CHECKING:
from collections.abc import AsyncGenerator
@asynccontextmanager
async def lifespan(_: FastMCP) -> AsyncGenerator[Settings]:
"""Initialize MCP server lifespan context.
Loads settings from environment variables and makes them
available to all tools and resources.
:param mcp: FastMCP server instance (unused).
:return: Settings instance for dependency injection.
"""
settings: Settings = Settings()
yield settings
mcp: FastMCP = FastMCP(
name="FuzzForge MCP Server",
instructions="""
FuzzForge is a security research orchestration platform. Use these tools to:
1. **List hub servers**: Discover registered MCP tool servers
2. **Discover tools**: Find available tools from hub servers
3. **Execute hub tools**: Run security tools in isolated containers
4. **Manage projects**: Initialize and configure projects
5. **Get results**: Retrieve execution results
Typical workflow:
1. Initialize a project with `init_project`
2. Set project assets with `set_project_assets` (optional, only needed once for the source directory)
3. List available hub servers with `list_hub_servers`
4. Discover tools from servers with `discover_hub_tools`
5. Execute hub tools with `execute_hub_tool`
Hub workflow:
1. List available hub servers with `list_hub_servers`
2. Discover tools from servers with `discover_hub_tools`
3. Execute hub tools with `execute_hub_tool`
""",
lifespan=lifespan,
)
mcp.add_middleware(middleware=ErrorHandlingMiddleware())
mcp.mount(resources.mcp)
mcp.mount(tools.mcp)
# HTTP app for testing (primary mode is stdio)
app = mcp.http_app()

5
fuzzforge-mcp/src/fuzzforge_mcp/exceptions.py
View File

@@ -1,5 +0,0 @@
"""TODO."""
class FuzzForgeMCPError(Exception):
"""TODO."""

203
fuzzforge-mcp/src/fuzzforge_mcp/storage.py
View File

@@ -1,203 +0,0 @@
"""FuzzForge MCP Server - Local project storage.
Lightweight project storage for managing `.fuzzforge/` directories,
execution results, and project configuration. Extracted from the
former fuzzforge-runner storage module.
Storage is placed directly in the project directory as `.fuzzforge/`
for maximum visibility and ease of debugging.
"""
from __future__ import annotations
import json
import logging
import shutil
from pathlib import Path
from tarfile import open as Archive # noqa: N812
logger = logging.getLogger("fuzzforge-mcp")
#: Name of the FuzzForge storage directory within projects.
FUZZFORGE_DIR_NAME: str = ".fuzzforge"
#: Standard results archive filename.
RESULTS_ARCHIVE_FILENAME: str = "results.tar.gz"
class StorageError(Exception):
"""Raised when a storage operation fails."""
class LocalStorage:
"""Local filesystem storage backend for FuzzForge.
Provides lightweight storage for project configuration and
execution results tracking.
Directory structure (inside project directory)::
{project_path}/.fuzzforge/
config.json # Project config (source path reference)
runs/ # Execution results
{execution_id}/
results.tar.gz
"""
_base_path: Path
def __init__(self, base_path: Path) -> None:
"""Initialize storage backend.
:param base_path: Root directory for global storage (fallback).
"""
self._base_path = base_path
self._base_path.mkdir(parents=True, exist_ok=True)
def _get_project_path(self, project_path: Path) -> Path:
"""Get the .fuzzforge storage path for a project.
:param project_path: Path to the project directory.
:returns: Storage path (.fuzzforge inside project).
"""
return project_path / FUZZFORGE_DIR_NAME
def init_project(self, project_path: Path) -> Path:
"""Initialize storage for a new project.
Creates a .fuzzforge/ directory inside the project for storing
configuration and execution results.
:param project_path: Path to the project directory.
:returns: Path to the project storage directory.
"""
storage_path = self._get_project_path(project_path)
storage_path.mkdir(parents=True, exist_ok=True)
(storage_path / "runs").mkdir(parents=True, exist_ok=True)
# Create .gitignore to avoid committing large files
gitignore_path = storage_path / ".gitignore"
if not gitignore_path.exists():
gitignore_path.write_text(
"# FuzzForge storage - ignore large/temporary files\n"
"runs/\n"
"!config.json\n"
)
logger.info("Initialized project storage: %s", storage_path)
return storage_path
def get_project_assets_path(self, project_path: Path) -> Path | None:
"""Get the configured source path for a project.
:param project_path: Path to the project directory.
:returns: Path to source directory, or None if not configured.
"""
storage_path = self._get_project_path(project_path)
config_path = storage_path / "config.json"
if config_path.exists():
config = json.loads(config_path.read_text())
source_path = config.get("source_path")
if source_path:
path = Path(source_path)
if path.exists():
return path
return None
def set_project_assets(self, project_path: Path, assets_path: Path) -> Path:
"""Set the source path for a project (reference only, no copying).
:param project_path: Path to the project directory.
:param assets_path: Path to source directory.
:returns: The assets path (unchanged).
:raises StorageError: If path doesn't exist.
"""
if not assets_path.exists():
msg = f"Assets path does not exist: {assets_path}"
raise StorageError(msg)
assets_path = assets_path.resolve()
storage_path = self._get_project_path(project_path)
storage_path.mkdir(parents=True, exist_ok=True)
config_path = storage_path / "config.json"
config: dict = {}
if config_path.exists():
config = json.loads(config_path.read_text())
config["source_path"] = str(assets_path)
config_path.write_text(json.dumps(config, indent=2))
logger.info("Set project assets: %s -> %s", project_path.name, assets_path)
return assets_path
def list_executions(self, project_path: Path) -> list[str]:
"""List all execution IDs for a project.
:param project_path: Path to the project directory.
:returns: List of execution IDs.
"""
runs_dir = self._get_project_path(project_path) / "runs"
if not runs_dir.exists():
return []
return [d.name for d in runs_dir.iterdir() if d.is_dir()]
def get_execution_results(
self,
project_path: Path,
execution_id: str,
) -> Path | None:
"""Retrieve execution results path.
:param project_path: Path to the project directory.
:param execution_id: Execution ID.
:returns: Path to results archive, or None if not found.
"""
storage_path = self._get_project_path(project_path)
# Try direct path
results_path = storage_path / "runs" / execution_id / RESULTS_ARCHIVE_FILENAME
if results_path.exists():
return results_path
# Search in all run directories
runs_dir = storage_path / "runs"
if runs_dir.exists():
for run_dir in runs_dir.iterdir():
if run_dir.is_dir() and execution_id in run_dir.name:
candidate = run_dir / RESULTS_ARCHIVE_FILENAME
if candidate.exists():
return candidate
return None
def extract_results(self, results_path: Path, destination: Path) -> Path:
"""Extract a results archive to a destination directory.
:param results_path: Path to the results archive.
:param destination: Directory to extract to.
:returns: Path to extracted directory.
:raises StorageError: If extraction fails.
"""
try:
destination.mkdir(parents=True, exist_ok=True)
with Archive(results_path, "r:gz") as tar:
tar.extractall(path=destination) # noqa: S202
logger.info("Extracted results: %s -> %s", results_path, destination)
return destination
except Exception as exc:
msg = f"Failed to extract results: {exc}"
raise StorageError(msg) from exc

149
fuzzforge-mcp/src/fuzzforge_mcp/tools/projects.py
View File

@@ -1,149 +0,0 @@
"""Project management tools for FuzzForge MCP."""
from __future__ import annotations
from pathlib import Path
from typing import Any
from fastmcp import FastMCP
from fastmcp.exceptions import ToolError
from fuzzforge_mcp.dependencies import get_project_path, get_storage, set_current_project_path
mcp: FastMCP = FastMCP()
@mcp.tool
async def init_project(project_path: str | None = None) -> dict[str, Any]:
"""Initialize a new FuzzForge project.
Creates a `.fuzzforge/` directory inside the project for storing:
- config.json: Project configuration
- runs/: Execution results
This should be called before executing hub tools.
:param project_path: Path to the project directory. If not provided, uses current directory.
:return: Project initialization result.
"""
storage = get_storage()
try:
path = Path(project_path) if project_path else get_project_path()
# Track this as the current active project
set_current_project_path(path)
storage_path = storage.init_project(path)
return {
"success": True,
"project_path": str(path),
"storage_path": str(storage_path),
"message": f"Project initialized. Storage at {path}/.fuzzforge/",
}
except Exception as exception:
message: str = f"Failed to initialize project: {exception}"
raise ToolError(message) from exception
@mcp.tool
async def set_project_assets(assets_path: str) -> dict[str, Any]:
"""Set the initial assets (source code) for a project.
This sets the DEFAULT source directory that will be mounted into
hub tool containers via volume mounts.
:param assets_path: Path to the project source directory.
:return: Result including stored assets path.
"""
storage = get_storage()
project_path: Path = get_project_path()
try:
stored_path = storage.set_project_assets(
project_path=project_path,
assets_path=Path(assets_path),
)
return {
"success": True,
"project_path": str(project_path),
"assets_path": str(stored_path),
"message": f"Assets stored from {assets_path}",
}
except Exception as exception:
message: str = f"Failed to set project assets: {exception}"
raise ToolError(message) from exception
@mcp.tool
async def list_executions() -> dict[str, Any]:
"""List all executions for the current project.
Returns a list of execution IDs that can be used to retrieve results.
:return: List of execution IDs.
"""
storage = get_storage()
project_path: Path = get_project_path()
try:
executions = storage.list_executions(project_path)
return {
"success": True,
"project_path": str(project_path),
"executions": executions,
"count": len(executions),
}
except Exception as exception:
message: str = f"Failed to list executions: {exception}"
raise ToolError(message) from exception
@mcp.tool
async def get_execution_results(execution_id: str, extract_to: str | None = None) -> dict[str, Any]:
"""Get results for a specific execution.
:param execution_id: The execution ID to retrieve results for.
:param extract_to: Optional directory to extract results to.
:return: Result including path to results archive.
"""
storage = get_storage()
project_path: Path = get_project_path()
try:
results_path = storage.get_execution_results(project_path, execution_id)
if results_path is None:
return {
"success": False,
"execution_id": execution_id,
"error": "Execution results not found",
}
result: dict[str, Any] = {
"success": True,
"execution_id": execution_id,
"results_path": str(results_path),
}
# Extract if requested
if extract_to:
extracted_path = storage.extract_results(results_path, Path(extract_to))
result["extracted_path"] = str(extracted_path)
return result
except Exception as exception:
message: str = f"Failed to get execution results: {exception}"
raise ToolError(message) from exception

3
fuzzforge-tests/README.md
View File

@@ -1,3 +0,0 @@
# fuzzforge-tests
Common test utilities and fixtures for FuzzForge packages.

9
fuzzforge-tests/src/fuzzforge_tests/__init__.py
View File

@@ -1,9 +0,0 @@
"""Common test utilities and fixtures for FuzzForge packages.
This package provides shared test utilities, fixtures, and helpers that can be
reused across multiple FuzzForge packages to reduce code duplication and ensure
consistency in testing approaches.
"""
__all__ = []

364
hub-config.json
View File

@@ -1,126 +1,5 @@
{
"servers": [
{
"name": "nmap-mcp",
"description": "Network reconnaissance using Nmap - port scanning, service detection, OS fingerprinting",
"type": "docker",
"image": "nmap-mcp:latest",
"category": "reconnaissance",
"capabilities": [
"NET_RAW"
],
"enabled": true
},
{
"name": "binwalk-mcp",
"description": "Firmware extraction and analysis using Binwalk - file signatures, entropy analysis, embedded file extraction",
"type": "docker",
"image": "binwalk-mcp:latest",
"category": "binary-analysis",
"capabilities": [],
"volumes": [
"~/.fuzzforge/hub/workspace:/data"
],
"enabled": true
},
{
"name": "yara-mcp",
"description": "Pattern matching and malware classification using YARA rules",
"type": "docker",
"image": "yara-mcp:latest",
"category": "binary-analysis",
"capabilities": [],
"volumes": [
"~/.fuzzforge/hub/workspace:/data"
],
"enabled": true
},
{
"name": "capa-mcp",
"description": "Static capability detection using capa - identifies malware capabilities in binaries",
"type": "docker",
"image": "capa-mcp:latest",
"category": "binary-analysis",
"capabilities": [],
"volumes": [
"~/.fuzzforge/hub/workspace:/data"
],
"enabled": true
},
{
"name": "radare2-mcp",
"description": "Binary analysis and reverse engineering using radare2",
"type": "docker",
"image": "radare2-mcp:latest",
"category": "binary-analysis",
"capabilities": [],
"volumes": [
"~/.fuzzforge/hub/workspace:/data"
],
"enabled": true
},
{
"name": "ghidra-mcp",
"description": "Advanced binary decompilation and reverse engineering using Ghidra",
"type": "docker",
"image": "ghcr.io/clearbluejar/pyghidra-mcp:latest",
"category": "binary-analysis",
"capabilities": [],
"volumes": [
"~/.fuzzforge/hub/workspace:/data"
],
"enabled": true
},
{
"name": "searchsploit-mcp",
"description": "CVE and exploit search using SearchSploit / Exploit-DB",
"type": "docker",
"image": "searchsploit-mcp:latest",
"category": "exploitation",
"capabilities": [],
"volumes": [
"~/.fuzzforge/hub/workspace:/data"
],
"enabled": true
},
{
"name": "nuclei-mcp",
"description": "Vulnerability scanning using Nuclei templates",
"type": "docker",
"image": "nuclei-mcp:latest",
"category": "web-security",
"capabilities": [
"NET_RAW"
],
"volumes": [
"~/.fuzzforge/hub/workspace:/data"
],
"enabled": true
},
{
"name": "trivy-mcp",
"description": "Container and filesystem vulnerability scanning using Trivy",
"type": "docker",
"image": "trivy-mcp:latest",
"category": "cloud-security",
"capabilities": [],
"volumes": [
"~/.fuzzforge/hub/workspace:/data"
],
"enabled": true
},
{
"name": "gitleaks-mcp",
"description": "Secret and credential detection in code and firmware using Gitleaks",
"type": "docker",
"image": "gitleaks-mcp:latest",
"category": "secrets",
"capabilities": [],
"volumes": [
"~/.fuzzforge/hub/workspace:/data"
],
"enabled": true
},
{
"name": "bloodhound-mcp",
"description": "bloodhound-mcp \u2014 active-directory",
@@ -129,7 +8,46 @@
"category": "active-directory",
"capabilities": [],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
},
{
"name": "binwalk-mcp",
"description": "binwalk-mcp \u2014 binary-analysis",
"type": "docker",
"image": "binwalk-mcp:latest",
"category": "binary-analysis",
"capabilities": [],
"volumes": [
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
},
{
"name": "capa-mcp",
"description": "capa-mcp \u2014 binary-analysis",
"type": "docker",
"image": "capa-mcp:latest",
"category": "binary-analysis",
"capabilities": [],
"volumes": [
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
},
{
"name": "ghidra-mcp",
"description": "ghidra-mcp \u2014 binary-analysis",
"type": "docker",
"image": "ghidra-mcp:latest",
"category": "binary-analysis",
"capabilities": [],
"volumes": [
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -142,7 +60,33 @@
"category": "binary-analysis",
"capabilities": [],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
},
{
"name": "radare2-mcp",
"description": "radare2-mcp \u2014 binary-analysis",
"type": "docker",
"image": "radare2-mcp:latest",
"category": "binary-analysis",
"capabilities": [],
"volumes": [
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
},
{
"name": "yara-mcp",
"description": "yara-mcp \u2014 binary-analysis",
"type": "docker",
"image": "yara-mcp:latest",
"category": "binary-analysis",
"capabilities": [],
"volumes": [
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -155,7 +99,7 @@
"category": "blockchain",
"capabilities": [],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -168,7 +112,7 @@
"category": "blockchain",
"capabilities": [],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -181,7 +125,7 @@
"category": "blockchain",
"capabilities": [],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -194,7 +138,7 @@
"category": "cloud-security",
"capabilities": [],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -207,7 +151,20 @@
"category": "cloud-security",
"capabilities": [],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
},
{
"name": "trivy-mcp",
"description": "trivy-mcp \u2014 cloud-security",
"type": "docker",
"image": "trivy-mcp:latest",
"category": "cloud-security",
"capabilities": [],
"volumes": [
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -220,7 +177,20 @@
"category": "code-security",
"capabilities": [],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
},
{
"name": "searchsploit-mcp",
"description": "searchsploit-mcp \u2014 exploitation",
"type": "docker",
"image": "searchsploit-mcp:latest",
"category": "exploitation",
"capabilities": [],
"volumes": [
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -233,7 +203,7 @@
"category": "fuzzing",
"capabilities": [],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -246,7 +216,7 @@
"category": "fuzzing",
"capabilities": [],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -259,7 +229,7 @@
"category": "osint",
"capabilities": [],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -272,7 +242,7 @@
"category": "osint",
"capabilities": [],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -285,7 +255,7 @@
"category": "password-cracking",
"capabilities": [],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -300,7 +270,7 @@
"NET_RAW"
],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -315,7 +285,7 @@
"NET_RAW"
],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -330,7 +300,22 @@
"NET_RAW"
],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
},
{
"name": "nmap-mcp",
"description": "nmap-mcp \u2014 reconnaissance",
"type": "docker",
"image": "nmap-mcp:latest",
"category": "reconnaissance",
"capabilities": [
"NET_RAW"
],
"volumes": [
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -345,7 +330,7 @@
"NET_RAW"
],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -360,7 +345,7 @@
"NET_RAW"
],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -375,7 +360,7 @@
"NET_RAW"
],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -390,7 +375,20 @@
"NET_RAW"
],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
},
{
"name": "gitleaks-mcp",
"description": "gitleaks-mcp \u2014 secrets",
"type": "docker",
"image": "gitleaks-mcp:latest",
"category": "secrets",
"capabilities": [],
"volumes": [
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -403,7 +401,7 @@
"category": "threat-intel",
"capabilities": [],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -416,7 +414,7 @@
"category": "threat-intel",
"capabilities": [],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -431,7 +429,7 @@
"NET_RAW"
],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -446,7 +444,7 @@
"NET_RAW"
],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -461,7 +459,22 @@
"NET_RAW"
],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
},
{
"name": "nuclei-mcp",
"description": "nuclei-mcp \u2014 web-security",
"type": "docker",
"image": "nuclei-mcp:latest",
"category": "web-security",
"capabilities": [
"NET_RAW"
],
"volumes": [
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -476,7 +489,7 @@
"NET_RAW"
],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
@@ -491,12 +504,63 @@
"NET_RAW"
],
"volumes": [
"/home/afredefon/FuzzingLabs/FuzzForge/fuzzforge-oss/.fuzzforge/hub/workspace:/data"
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
},
{
"name": "go-analyzer-mcp",
"description": "Go static analysis: fuzzable entry points, existing Fuzz* targets, unsafe/cgo usage, CVE scanning via govulncheck",
"type": "docker",
"image": "go-analyzer-mcp:latest",
"category": "code-security",
"capabilities": [],
"volumes": [
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
},
{
"name": "go-harness-tester-mcp",
"description": "Test Go fuzz harness quality: compilation, seed execution, fuzzing trial, quality scoring 0-100",
"type": "docker",
"image": "go-harness-tester-mcp:latest",
"category": "code-security",
"capabilities": [],
"volumes": [
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
},
{
"name": "go-fuzzer-mcp",
"description": "Run Go native fuzzing (go test -fuzz) with blocking and continuous modes, crash collection, session management",
"type": "docker",
"image": "go-fuzzer-mcp:latest",
"category": "code-security",
"capabilities": [],
"volumes": [
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
},
{
"name": "go-crash-analyzer-mcp",
"description": "Analyze Go fuzzing crashes: reproduce, classify (nil-deref, OOR, panic, race, etc.), deduplicate by stack signature",
"type": "docker",
"image": "go-crash-analyzer-mcp:latest",
"category": "code-security",
"capabilities": [],
"volumes": [
"/home/afredefon/.secpipe/hub/workspace:/data"
],
"enabled": true,
"source_hub": "mcp-security-hub"
}
],
"default_timeout": 300,
"cache_tools": true
"workflow_hints_file": "mcp-security-hub/workflow-hints.json"
}

33
pyproject.toml
View File

@@ -1,33 +1,38 @@
[project]
name = "fuzzforge-oss"
version = "1.0.0"
description = "FuzzForge AI - AI-driven security research platform for local execution"
name = "secpipe-oss"
version = "0.8.0"
description = "SecPipe AI - AI-driven security research platform for local execution"
readme = "README.md"
requires-python = ">=3.14"
authors = [
{ name = "FuzzingLabs", email = "contact@fuzzinglabs.com" }
]
dependencies = [
"secpipe-cli",
"secpipe-mcp",
"secpipe-common",
]
[project.optional-dependencies]
dev = [
"pytest==9.0.2",
"pytest-asyncio==1.3.0",
"pytest-httpx==0.36.0",
"fuzzforge-tests",
"fuzzforge-common",
"fuzzforge-mcp",
"secpipe-tests",
"secpipe-common",
"secpipe-mcp",
]
[tool.uv.workspace]
members = [
"fuzzforge-common",
"fuzzforge-mcp",
"fuzzforge-cli",
"fuzzforge-tests",
"secpipe-common",
"secpipe-mcp",
"secpipe-cli",
"secpipe-tests",
]
[tool.uv.sources]
fuzzforge-common = { workspace = true }
fuzzforge-mcp = { workspace = true }
fuzzforge-cli = { workspace = true }
fuzzforge-tests = { workspace = true }
secpipe-common = { workspace = true }
secpipe-mcp = { workspace = true }
secpipe-cli = { workspace = true }
secpipe-tests = { workspace = true }

0
fuzzforge-cli/Makefile → secpipe-cli/Makefile
View File

3
secpipe-cli/README.md Normal file
View File

@@ -0,0 +1,3 @@
# SecPipe CLI
...

0
fuzzforge-cli/mypy.ini → secpipe-cli/mypy.ini
View File

10
fuzzforge-cli/pyproject.toml → secpipe-cli/pyproject.toml
View File

@@ -1,12 +1,12 @@
[project]
name = "fuzzforge-cli"
name = "secpipe-cli"
version = "0.0.1"
description = "FuzzForge CLI - Command-line interface for FuzzForge AI."
description = "SecPipe CLI - Command-line interface for SecPipe AI."
authors = []
readme = "README.md"
requires-python = ">=3.14"
dependencies = [
"fuzzforge-mcp==0.0.1",
"secpipe-mcp==0.0.1",
"rich>=14.0.0",
"textual>=1.0.0",
"typer==0.20.1",
@@ -23,7 +23,7 @@ tests = [
]
[project.scripts]
fuzzforge = "fuzzforge_cli.__main__:main"
secpipe = "secpipe_cli.__main__:main"
[tool.uv.sources]
fuzzforge-mcp = { workspace = true }
secpipe-mcp = { workspace = true }

0
fuzzforge-cli/pytest.ini → secpipe-cli/pytest.ini
View File

61
secpipe-cli/ruff.toml Normal file
View File

@@ -0,0 +1,61 @@
line-length = 120
[lint]
select = [ "ALL" ]
ignore = [
"COM812", # conflicts with the formatter
"D203", # conflicts with 'D211'
"D213", # conflicts with 'D212'
]
[lint.per-file-ignores]
"tests/*" = [
"PLR2004", # allowing comparisons using unamed numerical constants in tests
"S101", # allowing 'assert' statements in tests
]
"src/secpipe_cli/tui/**" = [
"ARG002", # unused method argument: callback signature
"BLE001", # blind exception: broad error handling in UI
"C901", # complexity: UI logic
"D107", # missing docstring in __init__: simple dataclasses
"FBT001", # boolean positional arg
"FBT002", # boolean default arg
"PLC0415", # import outside top-level: lazy loading
"PLR0911", # too many return statements
"PLR0912", # too many branches
"PLR2004", # magic value comparison
"RUF012", # mutable class default: Textual pattern
"S603", # subprocess: validated inputs
"S607", # subprocess: PATH lookup
"SIM108", # ternary: readability preference
"TC001", # TYPE_CHECKING: runtime type needs
"TC002", # TYPE_CHECKING: runtime type needs
"TC003", # TYPE_CHECKING: runtime type needs
"TRY300", # try-else: existing pattern
]
"tui/*.py" = [
"D107", # missing docstring in __init__: simple dataclasses
"TC001", # TYPE_CHECKING: runtime type needs
"TC002", # TYPE_CHECKING: runtime type needs
"TC003", # TYPE_CHECKING: runtime type needs
]
"src/secpipe_cli/commands/mcp.py" = [
"ARG001", # unused argument: callback signature
"B904", # raise from: existing pattern
"F841", # unused variable: legacy code
"FBT002", # boolean default arg
"PLR0912", # too many branches
"PLR0915", # too many statements
"SIM108", # ternary: readability preference
]
"src/secpipe_cli/application.py" = [
"B008", # function call in default: Path.cwd()
"PLC0415", # import outside top-level: lazy loading
]
"src/secpipe_cli/commands/projects.py" = [
"TC003", # TYPE_CHECKING: runtime type needs
]
"src/secpipe_cli/context.py" = [
"TC002", # TYPE_CHECKING: runtime type needs
"TC003", # TYPE_CHECKING: runtime type needs
]

0
fuzzforge-cli/src/fuzzforge_cli/__init__.py → secpipe-cli/src/secpipe_cli/__init__.py
View File

2
fuzzforge-cli/src/fuzzforge_cli/__main__.py → secpipe-cli/src/secpipe_cli/__main__.py
View File

@@ -1,6 +1,6 @@
"""TODO."""
from fuzzforge_cli.application import application
from secpipe_cli.application import application
def main() -> None:

30
fuzzforge-cli/src/fuzzforge_cli/application.py → secpipe-cli/src/secpipe_cli/application.py
View File

@@ -1,18 +1,18 @@
"""FuzzForge CLI application."""
"""SecPipe CLI application."""
from pathlib import Path
from typing import Annotated
from secpipe_mcp.storage import LocalStorage # type: ignore[import-untyped]
from typer import Context as TyperContext
from typer import Option, Typer
from fuzzforge_cli.commands import mcp, projects
from fuzzforge_cli.context import Context
from fuzzforge_mcp.storage import LocalStorage
from secpipe_cli.commands import mcp, projects
from secpipe_cli.context import Context
application: Typer = Typer(
name="fuzzforge",
help="FuzzForge AI - Security research orchestration platform.",
name="secpipe",
help="SecPipe AI - Security research orchestration platform.",
)
@@ -23,21 +23,21 @@ def main(
Option(
"--project",
"-p",
envvar="FUZZFORGE_PROJECT__DEFAULT_PATH",
help="Path to the FuzzForge project directory.",
envvar="SECPIPE_PROJECT__DEFAULT_PATH",
help="Path to the SecPipe project directory.",
),
] = Path.cwd(),
storage_path: Annotated[
Path,
Option(
"--storage",
envvar="FUZZFORGE_STORAGE__PATH",
envvar="SECPIPE_STORAGE__PATH",
help="Path to the storage directory.",
),
] = Path.cwd() / ".fuzzforge" / "storage",
] = Path.cwd() / ".secpipe" / "storage",
context: TyperContext = None, # type: ignore[assignment]
) -> None:
"""FuzzForge AI - Security research orchestration platform.
"""SecPipe AI - Security research orchestration platform.
Discover and execute MCP hub tools for security research.
@@ -56,15 +56,15 @@ application.add_typer(projects.application)
@application.command(
name="ui",
help="Launch the FuzzForge terminal interface.",
help="Launch the SecPipe terminal interface.",
)
def launch_ui() -> None:
"""Launch the interactive FuzzForge TUI dashboard.
"""Launch the interactive SecPipe TUI dashboard.
Provides a visual dashboard showing AI agent connection status
and hub server availability, with wizards for setup and configuration.
"""
from fuzzforge_cli.tui.app import FuzzForgeApp
from secpipe_cli.tui.app import SecPipeApp
FuzzForgeApp().run()
SecPipeApp().run()

0
fuzzforge-cli/src/fuzzforge_cli/commands/__init__.py → secpipe-cli/src/secpipe_cli/commands/__init__.py
View File

150
fuzzforge-cli/src/fuzzforge_cli/commands/mcp.py → secpipe-cli/src/secpipe_cli/commands/mcp.py
View File

@@ -1,4 +1,4 @@
"""MCP server configuration commands for FuzzForge CLI.
"""MCP server configuration commands for SecPipe CLI.
This module provides commands for setting up MCP server connections
with various AI agents (VS Code Copilot, Claude Code, etc.).
@@ -12,7 +12,7 @@ import os
import sys
from enum import StrEnum
from pathlib import Path
from typing import Annotated
from typing import Annotated, Any
from rich.console import Console
from rich.panel import Panel
@@ -44,10 +44,10 @@ def _get_copilot_mcp_path() -> Path:
"""
if sys.platform == "darwin":
return Path.home() / "Library" / "Application Support" / "Code" / "User" / "mcp.json"
elif sys.platform == "win32":
if sys.platform == "win32":
return Path(os.environ.get("APPDATA", "")) / "Code" / "User" / "mcp.json"
else: # Linux
return Path.home() / ".config" / "Code" / "User" / "mcp.json"
# Linux
return Path.home() / ".config" / "Code" / "User" / "mcp.json"
def _get_claude_desktop_mcp_path() -> Path:
@@ -58,10 +58,10 @@ def _get_claude_desktop_mcp_path() -> Path:
"""
if sys.platform == "darwin":
return Path.home() / "Library" / "Application Support" / "Claude" / "claude_desktop_config.json"
elif sys.platform == "win32":
if sys.platform == "win32":
return Path(os.environ.get("APPDATA", "")) / "Claude" / "claude_desktop_config.json"
else: # Linux
return Path.home() / ".config" / "Claude" / "claude_desktop_config.json"
# Linux
return Path.home() / ".config" / "Claude" / "claude_desktop_config.json"
def _get_claude_code_mcp_path(project_path: Path | None = None) -> Path:
@@ -114,76 +114,86 @@ def _detect_docker_socket() -> str:
:returns: Path to the Docker socket.
"""
socket_paths = [
"/var/run/docker.sock",
socket_paths: list[Path] = [
Path("/var/run/docker.sock"),
Path.home() / ".docker" / "run" / "docker.sock",
]
for path in socket_paths:
if Path(path).exists():
if path.exists():
return str(path)
return "/var/run/docker.sock"
def _find_fuzzforge_root() -> Path:
"""Find the FuzzForge installation root.
def _find_secpipe_root() -> Path:
"""Find the SecPipe installation root.
:returns: Path to fuzzforge-oss directory.
:returns: Path to secpipe-oss directory.
"""
# Try to find from current file location
current = Path(__file__).resolve()
# Check environment variable override first
env_root = os.environ.get("SECPIPE_ROOT")
if env_root:
return Path(env_root).resolve()
# Walk up to find fuzzforge-oss root
for parent in current.parents:
if (parent / "fuzzforge-mcp").is_dir():
# Walk up from cwd to find a secpipe root (hub-config.json is the marker)
for parent in [Path.cwd(), *Path.cwd().parents]:
if (parent / "hub-config.json").is_file():
return parent
# Fall back to __file__-based search (dev install inside secpipe-oss)
current = Path(__file__).resolve()
for parent in current.parents:
if (parent / "secpipe-mcp").is_dir():
return parent
# Fall back to cwd
return Path.cwd()
def _generate_mcp_config(
fuzzforge_root: Path,
secpipe_root: Path,
engine_type: str,
engine_socket: str,
) -> dict:
) -> dict[str, Any]:
"""Generate MCP server configuration.
:param fuzzforge_root: Path to fuzzforge-oss installation.
:param secpipe_root: Path to secpipe-oss installation.
:param engine_type: Container engine type (podman or docker).
:param engine_socket: Container engine socket path.
:returns: MCP configuration dictionary.
"""
venv_python = fuzzforge_root / ".venv" / "bin" / "python"
venv_python = secpipe_root / ".venv" / "bin" / "python"
# Use uv run if no venv, otherwise use venv python directly
if venv_python.exists():
command = str(venv_python)
args = ["-m", "fuzzforge_mcp"]
args = ["-m", "secpipe_mcp"]
else:
command = "uv"
args = ["--directory", str(fuzzforge_root), "run", "fuzzforge-mcp"]
args = ["--directory", str(secpipe_root), "run", "secpipe-mcp"]
# Self-contained storage paths for FuzzForge containers
# This isolates FuzzForge from system Podman and avoids snap issues
fuzzforge_home = Path.cwd() / ".fuzzforge"
graphroot = fuzzforge_home / "containers" / "storage"
runroot = fuzzforge_home / "containers" / "run"
# User-global storage paths for SecPipe containers.
# Kept under ~/.secpipe so images are built once and shared across
# all workspaces — regardless of where `secpipe mcp install` is run.
# Override with SECPIPE_USER_DIR for isolated testing.
user_dir_env = os.environ.get("SECPIPE_USER_DIR")
secpipe_home = Path(user_dir_env).resolve() if user_dir_env else Path.home() / ".secpipe"
graphroot = secpipe_home / "containers" / "storage"
runroot = secpipe_home / "containers" / "run"
return {
"type": "stdio",
"command": command,
"args": args,
"cwd": str(fuzzforge_root),
"cwd": str(secpipe_root),
"env": {
"FUZZFORGE_ENGINE__TYPE": engine_type,
"FUZZFORGE_ENGINE__GRAPHROOT": str(graphroot),
"FUZZFORGE_ENGINE__RUNROOT": str(runroot),
"FUZZFORGE_HUB__ENABLED": "true",
"FUZZFORGE_HUB__CONFIG_PATH": str(fuzzforge_root / "hub-config.json"),
"SECPIPE_ENGINE__TYPE": engine_type,
"SECPIPE_ENGINE__GRAPHROOT": str(graphroot),
"SECPIPE_ENGINE__RUNROOT": str(runroot),
"SECPIPE_HUB__ENABLED": "true",
"SECPIPE_HUB__CONFIG_PATH": str(secpipe_root / "hub-config.json"),
},
}
@@ -204,9 +214,9 @@ def status(context: Context) -> None:
table.add_column("Agent", style="cyan")
table.add_column("Config Path")
table.add_column("Status")
table.add_column("FuzzForge Configured")
table.add_column("SecPipe Configured")
fuzzforge_root = _find_fuzzforge_root()
secpipe_root = _find_secpipe_root()
agents = [
("GitHub Copilot", _get_copilot_mcp_path(), "servers"),
@@ -219,12 +229,12 @@ def status(context: Context) -> None:
try:
config = json.loads(config_path.read_text())
servers = config.get(servers_key, {})
has_fuzzforge = "fuzzforge" in servers
has_secpipe = "secpipe" in servers
table.add_row(
name,
str(config_path),
"[green]✓ Exists[/green]",
"[green]✓ Yes[/green]" if has_fuzzforge else "[yellow]✗ No[/yellow]",
"[green]✓ Yes[/green]" if has_secpipe else "[yellow]✗ No[/yellow]",
)
except json.JSONDecodeError:
table.add_row(
@@ -246,7 +256,7 @@ def status(context: Context) -> None:
# Show detected environment
console.print()
console.print("[bold]Detected Environment:[/bold]")
console.print(f" FuzzForge Root: {_find_fuzzforge_root()}")
console.print(f" SecPipe Root: {_find_secpipe_root()}")
console.print(f" Podman Socket: {_detect_podman_socket()}")
console.print(f" Docker Socket: {_detect_docker_socket()}")
@@ -280,7 +290,7 @@ def generate(
"""
console = Console()
fuzzforge_root = _find_fuzzforge_root()
secpipe_root = _find_secpipe_root()
# Detect socket
if engine == "podman":
@@ -290,16 +300,16 @@ def generate(
# Generate config
server_config = _generate_mcp_config(
fuzzforge_root=fuzzforge_root,
secpipe_root=secpipe_root,
engine_type=engine,
engine_socket=socket,
)
# Format based on agent
if agent == AIAgent.COPILOT:
full_config = {"servers": {"fuzzforge": server_config}}
full_config = {"servers": {"secpipe": server_config}}
else: # Claude Desktop or Claude Code
full_config = {"mcpServers": {"fuzzforge": server_config}}
full_config = {"mcpServers": {"secpipe": server_config}}
config_json = json.dumps(full_config, indent=4)
@@ -312,14 +322,14 @@ def generate(
if agent == AIAgent.COPILOT:
config_path = _get_copilot_mcp_path()
elif agent == AIAgent.CLAUDE_CODE:
config_path = _get_claude_code_mcp_path(fuzzforge_root)
config_path = _get_claude_code_mcp_path(secpipe_root)
else: # Claude Desktop
config_path = _get_claude_desktop_mcp_path()
console.print()
console.print(f"[bold]Save to:[/bold] {config_path}")
console.print()
console.print("[dim]Or run 'fuzzforge mcp install' to install automatically.[/dim]")
console.print("[dim]Or run 'secpipe mcp install' to install automatically.[/dim]")
@application.command(
@@ -347,14 +357,14 @@ def install(
Option(
"--force",
"-f",
help="Overwrite existing fuzzforge configuration.",
help="Overwrite existing secpipe configuration.",
),
] = False,
) -> None:
"""Install MCP configuration for the specified AI agent.
This will create or update the MCP configuration file, adding the
fuzzforge server configuration.
secpipe server configuration.
:param context: Typer context.
:param agent: Target AI agent.
@@ -363,7 +373,7 @@ def install(
"""
console = Console()
fuzzforge_root = _find_fuzzforge_root()
secpipe_root = _find_secpipe_root()
# Determine config path
if agent == AIAgent.COPILOT:
@@ -384,7 +394,7 @@ def install(
# Generate server config
server_config = _generate_mcp_config(
fuzzforge_root=fuzzforge_root,
secpipe_root=secpipe_root,
engine_type=engine,
engine_socket=socket,
)
@@ -398,47 +408,47 @@ def install(
console.print("[dim]Please fix the file manually or delete it.[/dim]")
raise SystemExit(1)
# Check if fuzzforge already exists
# Check if secpipe already exists
servers = existing_config.get(servers_key, {})
if "fuzzforge" in servers and not force:
console.print("[yellow]FuzzForge is already configured.[/yellow]")
if "secpipe" in servers and not force:
console.print("[yellow]SecPipe is already configured.[/yellow]")
console.print("[dim]Use --force to overwrite existing configuration.[/dim]")
raise SystemExit(1)
# Add/update fuzzforge
# Add/update secpipe
if servers_key not in existing_config:
existing_config[servers_key] = {}
existing_config[servers_key]["fuzzforge"] = server_config
existing_config[servers_key]["secpipe"] = server_config
full_config = existing_config
else:
# Create new config
config_path.parent.mkdir(parents=True, exist_ok=True)
full_config = {servers_key: {"fuzzforge": server_config}}
full_config = {servers_key: {"secpipe": server_config}}
# Write config
config_path.write_text(json.dumps(full_config, indent=4))
console.print(f"[green]✓ Installed FuzzForge MCP configuration for {agent.value}[/green]")
console.print(f"[green]✓ Installed SecPipe MCP configuration for {agent.value}[/green]")
console.print()
console.print(f"[bold]Configuration file:[/bold] {config_path}")
console.print()
console.print("[bold]Settings:[/bold]")
console.print(f" Engine: {engine}")
console.print(f" Socket: {socket}")
console.print(f" Hub Config: {fuzzforge_root / 'hub-config.json'}")
console.print(f" Hub Config: {secpipe_root / 'hub-config.json'}")
console.print()
console.print("[bold]Next steps:[/bold]")
if agent == AIAgent.COPILOT:
console.print(" 1. Restart VS Code")
console.print(" 2. Open Copilot Chat and look for FuzzForge tools")
console.print(" 2. Open Copilot Chat and look for SecPipe tools")
elif agent == AIAgent.CLAUDE_CODE:
console.print(" 1. Run 'claude' from any directory")
console.print(" 2. FuzzForge tools will be available")
console.print(" 2. SecPipe tools will be available")
else: # Claude Desktop
console.print(" 1. Restart Claude Desktop")
console.print(" 2. The fuzzforge MCP server will be available")
console.print(" 2. The secpipe MCP server will be available")
@application.command(
@@ -454,14 +464,14 @@ def uninstall(
),
],
) -> None:
"""Remove FuzzForge MCP configuration from the specified AI agent.
"""Remove SecPipe MCP configuration from the specified AI agent.
:param context: Typer context.
:param agent: Target AI agent.
"""
console = Console()
fuzzforge_root = _find_fuzzforge_root()
secpipe_root = _find_secpipe_root()
# Determine config path
if agent == AIAgent.COPILOT:
@@ -485,16 +495,16 @@ def uninstall(
raise SystemExit(1)
servers = config.get(servers_key, {})
if "fuzzforge" not in servers:
console.print("[yellow]FuzzForge is not configured.[/yellow]")
if "secpipe" not in servers:
console.print("[yellow]SecPipe is not configured.[/yellow]")
return
# Remove fuzzforge
del servers["fuzzforge"]
# Remove secpipe
del servers["secpipe"]
# Write back
config_path.write_text(json.dumps(config, indent=4))
console.print(f"[green]✓ Removed FuzzForge MCP configuration from {agent.value}[/green]")
console.print(f"[green]✓ Removed SecPipe MCP configuration from {agent.value}[/green]")
console.print()
console.print("[dim]Restart your AI agent for changes to take effect.[/dim]")

8
fuzzforge-cli/src/fuzzforge_cli/commands/projects.py → secpipe-cli/src/secpipe_cli/commands/projects.py
View File

@@ -1,4 +1,4 @@
"""Project management commands for FuzzForge CLI."""
"""Project management commands for SecPipe CLI."""
from pathlib import Path
from typing import Annotated
@@ -7,7 +7,7 @@ from rich.console import Console
from rich.table import Table
from typer import Argument, Context, Option, Typer
from fuzzforge_cli.context import get_project_path, get_storage
from secpipe_cli.context import get_project_path, get_storage
application: Typer = Typer(
name="project",
@@ -16,7 +16,7 @@ application: Typer = Typer(
@application.command(
help="Initialize a new FuzzForge project.",
help="Initialize a new SecPipe project.",
name="init",
)
def init_project(
@@ -28,7 +28,7 @@ def init_project(
),
] = None,
) -> None:
"""Initialize a new FuzzForge project.
"""Initialize a new SecPipe project.
Creates the necessary storage directories for the project.

6
fuzzforge-cli/src/fuzzforge_cli/context.py → secpipe-cli/src/secpipe_cli/context.py
View File

@@ -1,11 +1,11 @@
"""FuzzForge CLI context management."""
"""SecPipe CLI context management."""
from __future__ import annotations
from pathlib import Path
from typing import TYPE_CHECKING, cast
from fuzzforge_mcp.storage import LocalStorage
from secpipe_mcp.storage import LocalStorage # type: ignore[import-untyped]
if TYPE_CHECKING:
from typer import Context as TyperContext
@@ -20,7 +20,7 @@ class Context:
def __init__(self, storage: LocalStorage, project_path: Path) -> None:
"""Initialize an instance of the class.
:param storage: FuzzForge local storage instance.
:param storage: SecPipe local storage instance.
:param project_path: Path to the current project.
"""

1
secpipe-cli/src/secpipe_cli/tui/__init__.py Normal file
View File

@@ -0,0 +1 @@
"""SecPipe terminal user interface."""

256
fuzzforge-cli/src/fuzzforge_cli/tui/app.py → secpipe-cli/src/secpipe_cli/tui/app.py
View File

@@ -1,6 +1,6 @@
"""FuzzForge TUI application.
"""SecPipe TUI application.
Main terminal user interface for FuzzForge, providing a dashboard
Main terminal user interface for SecPipe, providing a dashboard
with AI agent connection status, hub server availability, and
hub management capabilities.
@@ -9,29 +9,71 @@ hub management capabilities.
from __future__ import annotations
from collections import defaultdict
from pathlib import Path
from typing import TYPE_CHECKING, Any
from rich.text import Text
from textual import events, work
from textual.app import App, ComposeResult
from textual.binding import Binding
from textual.containers import Horizontal, Vertical, VerticalScroll
from textual.widgets import Button, DataTable, Footer, Header, Label
from textual.message import Message
from textual.widgets import Button, DataTable, Footer, Header
from fuzzforge_cli.tui.helpers import (
from secpipe_cli.tui.helpers import (
check_agent_status,
check_hub_image,
find_fuzzforge_root,
find_secpipe_root,
get_agent_configs,
load_hub_config,
)
if TYPE_CHECKING:
from secpipe_cli.commands.mcp import AIAgent
# Agent config entries stored alongside their linked status for row mapping
_AgentRow = tuple[str, "AIAgent", "Path", str, bool] # noqa: F821
_AgentRow = tuple[str, "AIAgent", Path, str, bool]
class FuzzForgeApp(App):
"""FuzzForge AI terminal user interface."""
class SingleClickDataTable(DataTable[Any]):
"""DataTable subclass that also fires ``RowClicked`` on a single mouse click.
TITLE = "FuzzForge AI"
Textual's built-in ``RowSelected`` only fires on Enter or on a second click
of an already-highlighted row. ``RowClicked`` fires on every first click,
enabling single-click-to-act UX without requiring Enter.
"""
class RowClicked(Message):
"""Fired on every single mouse click on a data row."""
def __init__(self, data_table: SingleClickDataTable, cursor_row: int) -> None:
self.data_table = data_table
self.cursor_row = cursor_row
super().__init__()
@property
def control(self) -> SingleClickDataTable:
"""Return the data table that fired this event."""
return self.data_table
async def _on_click(self, event: events.Click) -> None:
"""Forward to parent, then post RowClicked on every mouse click.
The hub table is handled exclusively via RowClicked. RowSelected is
intentionally NOT used for the hub table to avoid double-dispatch.
"""
await super()._on_click(event)
meta = event.style.meta
if meta and "row" in meta and self.cursor_type == "row":
row_index: int = int(meta["row"])
if row_index >= 0:
self.post_message(SingleClickDataTable.RowClicked(self, row_index))
class SecPipeApp(App[None]):
"""SecPipe AI terminal user interface."""
TITLE = "SecPipe AI"
SUB_TITLE = "Security Research Orchestration"
CSS = """
@@ -91,7 +133,8 @@ class FuzzForgeApp(App):
/* Modal screens */
AgentSetupScreen, AgentUnlinkScreen,
HubManagerScreen, LinkHubScreen, CloneHubScreen {
HubManagerScreen, LinkHubScreen, CloneHubScreen,
BuildImageScreen, BuildLogScreen {
align: center middle;
}
@@ -125,6 +168,35 @@ class FuzzForgeApp(App):
overflow-y: auto;
}
#build-dialog {
width: 72;
height: auto;
max-height: 80%;
border: thick #4699fc;
background: $surface;
padding: 2 3;
}
#confirm-text {
margin: 1 0 2 0;
}
#build-log {
height: 30;
border: round $panel;
margin: 1 0;
}
#build-subtitle {
color: $text-muted;
margin-bottom: 1;
}
#build-status {
height: 1;
margin-top: 1;
}
.dialog-title {
text-style: bold;
text-align: center;
@@ -163,6 +235,7 @@ class FuzzForgeApp(App):
Binding("q", "quit", "Quit"),
Binding("h", "manage_hubs", "Hub Manager"),
Binding("r", "refresh", "Refresh"),
Binding("enter", "select_row", "Select", show=False),
]
def compose(self) -> ComposeResult:
@@ -170,7 +243,7 @@ class FuzzForgeApp(App):
yield Header()
with VerticalScroll(id="main"):
with Vertical(id="hub-panel", classes="panel"):
yield DataTable(id="hub-table")
yield SingleClickDataTable(id="hub-table")
with Horizontal(id="hub-title-bar"):
yield Button(
"Hub Manager (h)",
@@ -189,7 +262,12 @@ class FuzzForgeApp(App):
def on_mount(self) -> None:
"""Populate tables on startup."""
self._agent_rows: list[_AgentRow] = []
self.query_one("#hub-panel").border_title = "Hub Servers"
self._hub_rows: list[tuple[str, str, str, bool] | None] = []
# Background build tracking
self._active_builds: dict[str, object] = {} # image -> Popen
self._build_logs: dict[str, list[str]] = {} # image -> log lines
self._build_results: dict[str, bool] = {} # image -> success
self.query_one("#hub-panel").border_title = "Hub Servers [dim](click ✗ Not built to build)[/dim]"
self.query_one("#agents-panel").border_title = "AI Agents"
self._refresh_agents()
self._refresh_hub()
@@ -215,13 +293,15 @@ class FuzzForgeApp(App):
def _refresh_hub(self) -> None:
"""Refresh the hub servers table, grouped by source hub."""
table = self.query_one("#hub-table", DataTable)
self._hub_rows = []
table = self.query_one("#hub-table", SingleClickDataTable)
table.clear(columns=True)
table.add_columns("Server", "Image", "Hub", "Status")
table.cursor_type = "row"
try:
fuzzforge_root = find_fuzzforge_root()
hub_config = load_hub_config(fuzzforge_root)
secpipe_root = find_secpipe_root()
hub_config = load_hub_config(secpipe_root)
except Exception:
table.add_row(
Text("Error loading config", style="red"), "", "", ""
@@ -236,7 +316,7 @@ class FuzzForgeApp(App):
return
# Group servers by source hub
groups: dict[str, list[dict]] = defaultdict(list)
groups: dict[str, list[dict[str, Any]]] = defaultdict(list)
for server in servers:
source = server.get("source_hub", "manual")
groups[source].append(server)
@@ -245,7 +325,7 @@ class FuzzForgeApp(App):
ready_count = 0
total = len(hub_servers)
statuses: list[tuple[dict, bool, str]] = []
statuses: list[tuple[dict[str, Any], bool, str]] = []
for server in hub_servers:
enabled = server.get("enabled", True)
if not enabled:
@@ -270,6 +350,7 @@ class FuzzForgeApp(App):
style="bold",
)
table.add_row(header, "", "", "")
self._hub_rows.append(None) # group header — not selectable
# Tool rows
for server, is_ready, status_text in statuses:
@@ -277,12 +358,14 @@ class FuzzForgeApp(App):
image = server.get("image", "unknown")
enabled = server.get("enabled", True)
if not enabled:
if image in getattr(self, "_active_builds", {}):
status_cell = Text("⏳ Building…", style="yellow")
elif not enabled:
status_cell = Text("Disabled", style="dim")
elif is_ready:
status_cell = Text("✓ Ready", style="green")
else:
status_cell = Text(f"{status_text}", style="red")
status_cell = Text(f"{status_text}", style="red dim")
table.add_row(
f" {name}",
@@ -290,33 +373,152 @@ class FuzzForgeApp(App):
hub_name,
status_cell,
)
self._hub_rows.append((name, image, hub_name, is_ready))
def on_data_table_row_selected(self, event: DataTable.RowSelected) -> None:
"""Handle row selection on the agents table."""
if event.data_table.id != "agents-table":
return
"""Handle Enter-key row selection (agents table only).
idx = event.cursor_row
Hub table uses RowClicked exclusively wiring it to RowSelected too
would cause a double push on every click since Textual 8 fires
RowSelected on ALL clicks, not just second-click-on-same-row.
"""
if event.data_table.id == "agents-table":
self._handle_agent_row(event.cursor_row)
def on_single_click_data_table_row_clicked(
self, event: SingleClickDataTable.RowClicked
) -> None:
"""Handle single mouse-click on a hub table row."""
if event.data_table.id == "hub-table":
self._handle_hub_row(event.cursor_row)
def _handle_agent_row(self, idx: int) -> None:
"""Open agent setup/unlink for the selected agent row."""
if idx < 0 or idx >= len(self._agent_rows):
return
display_name, agent, _config_path, _servers_key, is_linked = self._agent_rows[idx]
if is_linked:
from fuzzforge_cli.tui.screens.agent_setup import AgentUnlinkScreen
from secpipe_cli.tui.screens.agent_setup import AgentUnlinkScreen
self.push_screen(
AgentUnlinkScreen(agent, display_name),
callback=self._on_agent_changed,
)
else:
from fuzzforge_cli.tui.screens.agent_setup import AgentSetupScreen
from secpipe_cli.tui.screens.agent_setup import AgentSetupScreen
self.push_screen(
AgentSetupScreen(agent, display_name),
callback=self._on_agent_changed,
)
def _handle_hub_row(self, idx: int) -> None:
"""Handle a click on a hub table row."""
# Guard: never push two build dialogs at once (double-click protection)
if getattr(self, "_build_dialog_open", False):
return
if idx < 0 or idx >= len(self._hub_rows):
return
row_data = self._hub_rows[idx]
if row_data is None:
return # group header row — ignore
server_name, image, hub_name, is_ready = row_data
# If a build is already running, open the live log viewer
if image in self._active_builds:
from secpipe_cli.tui.screens.build_log import BuildLogScreen
self._build_dialog_open = True
self.push_screen(
BuildLogScreen(image),
callback=lambda _: setattr(self, "_build_dialog_open", False),
)
return
if is_ready:
self.notify(f"{image} is already built ✓", severity="information")
return
if hub_name == "manual":
self.notify("Manual servers must be built outside SecPipe")
return
from secpipe_cli.tui.screens.build_image import BuildImageScreen
self._build_dialog_open = True
def _on_build_dialog_done(result: bool | None) -> None:
self._build_dialog_open = False
if result is not None:
self._on_build_confirmed(result, server_name, image, hub_name)
self.push_screen(
BuildImageScreen(server_name, image, hub_name),
callback=_on_build_dialog_done,
)
def _on_build_confirmed(self, confirmed: bool, server_name: str, image: str, hub_name: str) -> None:
"""Start a background build if the user confirmed."""
if not confirmed:
return
self._build_logs[image] = []
self._build_results.pop(image, None)
self._active_builds[image] = True # mark as pending so ⏳ shows immediately
self._refresh_hub() # show ⏳ Building… immediately
self._run_build(server_name, image, hub_name)
@work(thread=True)
def _run_build(self, server_name: str, image: str, hub_name: str) -> None:
"""Build a Docker/Podman image in a background thread."""
from secpipe_cli.tui.helpers import build_image, find_dockerfile_for_server
logs = self._build_logs.setdefault(image, [])
dockerfile = find_dockerfile_for_server(server_name, hub_name)
if dockerfile is None:
logs.append(f"ERROR: Dockerfile not found for '{server_name}' in hub '{hub_name}'")
self._build_results[image] = False
self._active_builds.pop(image, None)
self.call_from_thread(self._on_build_done, image, success=False)
return
logs.append(f"Building {image} from {dockerfile.parent}")
logs.append("")
try:
proc = build_image(image, dockerfile)
except FileNotFoundError as exc:
logs.append(f"ERROR: {exc}")
self._build_results[image] = False
self._active_builds.pop(image, None)
self.call_from_thread(self._on_build_done, image, success=False)
return
self._active_builds[image] = proc # replace pending marker with actual process
self.call_from_thread(self._refresh_hub) # show ⏳ in table
if proc.stdout is None:
return
for line in proc.stdout:
logs.append(line.rstrip())
proc.wait()
self._active_builds.pop(image, None)
success = proc.returncode == 0
self._build_results[image] = success
self.call_from_thread(self._on_build_done, image, success=success)
def _on_build_done(self, image: str, *, success: bool) -> None:
"""Handle completion of a background build on the main thread."""
self._refresh_hub()
if success:
self.notify(f"{image} built successfully", severity="information")
else:
self.notify(f"{image} build failed — click row for log", severity="error")
def on_button_pressed(self, event: Button.Pressed) -> None:
"""Handle button presses."""
if event.button.id == "btn-hub-manager":
@@ -326,7 +528,7 @@ class FuzzForgeApp(App):
def action_add_fuzzinglabs_hub(self) -> None:
"""Open the clone dialog pre-filled with the FuzzingLabs hub URL."""
from fuzzforge_cli.tui.screens.hub_manager import CloneHubScreen
from secpipe_cli.tui.screens.hub_manager import CloneHubScreen
self.push_screen(
CloneHubScreen(
@@ -339,7 +541,7 @@ class FuzzForgeApp(App):
def action_manage_hubs(self) -> None:
"""Open the hub manager."""
from fuzzforge_cli.tui.screens.hub_manager import HubManagerScreen
from secpipe_cli.tui.screens.hub_manager import HubManagerScreen
self.push_screen(HubManagerScreen(), callback=self._on_hub_changed)

268
fuzzforge-cli/src/fuzzforge_cli/tui/helpers.py → secpipe-cli/src/secpipe_cli/tui/helpers.py
View File

@@ -1,4 +1,4 @@
"""Shared helpers for FuzzForge TUI and CLI.
"""Shared helpers for SecPipe TUI and CLI.
Provides utility functions for checking AI agent configuration status,
hub server image availability, installing/removing MCP configurations,
@@ -8,16 +8,18 @@ and managing linked MCP hub repositories.
from __future__ import annotations
import contextlib
import json
import os
import subprocess
from pathlib import Path
from typing import Any
from fuzzforge_cli.commands.mcp import (
from secpipe_cli.commands.mcp import (
AIAgent,
_detect_docker_socket,
_detect_podman_socket,
_find_fuzzforge_root,
_find_secpipe_root,
_generate_mcp_config,
_get_claude_code_user_mcp_path,
_get_claude_desktop_mcp_path,
@@ -26,21 +28,41 @@ from fuzzforge_cli.commands.mcp import (
# --- Hub Management Constants ---
FUZZFORGE_DEFAULT_HUB_URL = "git@github.com:FuzzingLabs/mcp-security-hub.git"
FUZZFORGE_DEFAULT_HUB_NAME = "mcp-security-hub"
SECPIPE_DEFAULT_HUB_URL = "git@github.com:FuzzingLabs/mcp-security-hub.git"
SECPIPE_DEFAULT_HUB_NAME = "mcp-security-hub"
def get_fuzzforge_dir() -> Path:
"""Return the project-local ``.fuzzforge/`` directory.
def get_secpipe_user_dir() -> Path:
"""Return the user-global ``~/.secpipe/`` directory.
Uses the current working directory so that each project gets its
own isolated FuzzForge configuration, hubs, and storage similar
to how ``.git/`` or ``.venv/`` work.
Stores data that is shared across all workspaces: cloned hub
repositories, the hub registry, container storage (graphroot/runroot),
and the hub workspace volume.
:return: ``Path.cwd() / ".fuzzforge"``
Override with the ``SECPIPE_USER_DIR`` environment variable to
redirect all user-global data to a custom path useful for testing
a fresh install without touching the real ``~/.secpipe/``.
:return: ``Path.home() / ".secpipe"`` or ``$SECPIPE_USER_DIR``
"""
return Path.cwd() / ".fuzzforge"
env_dir = os.environ.get("SECPIPE_USER_DIR")
if env_dir:
return Path(env_dir).resolve()
return Path.home() / ".secpipe"
def get_secpipe_dir() -> Path:
"""Return the project-local ``.secpipe/`` directory.
Stores data that is specific to the current workspace: fuzzing
results and project artifacts. Similar to how ``.git/`` scopes
version-control data to a single project.
:return: ``Path.cwd() / ".secpipe"``
"""
return Path.cwd() / ".secpipe"
# Categories that typically need NET_RAW capability for network access
_NET_RAW_CATEGORIES = {"reconnaissance", "web-security"}
@@ -79,7 +101,7 @@ def get_agent_configs() -> list[tuple[str, AIAgent, Path, str]]:
def check_agent_status(config_path: Path, servers_key: str) -> tuple[bool, str]:
"""Check whether an AI agent has FuzzForge configured.
"""Check whether an AI agent has SecPipe configured.
:param config_path: Path to the agent's MCP config file.
:param servers_key: JSON key for the servers dict (e.g. "servers" or "mcpServers").
@@ -91,7 +113,7 @@ def check_agent_status(config_path: Path, servers_key: str) -> tuple[bool, str]:
try:
config = json.loads(config_path.read_text())
servers = config.get(servers_key, {})
if "fuzzforge" in servers:
if "secpipe" in servers:
return True, "Linked"
return False, "Config exists, not linked"
except json.JSONDecodeError:
@@ -99,16 +121,21 @@ def check_agent_status(config_path: Path, servers_key: str) -> tuple[bool, str]:
def check_hub_image(image: str) -> tuple[bool, str]:
"""Check whether a Docker image exists locally.
"""Check whether a container image exists locally.
:param image: Docker image name (e.g. "semgrep-mcp:latest").
Respects the ``SECPIPE_ENGINE__TYPE`` environment variable so that
Podman users see the correct build status instead of always "Not built".
:param image: Image name (e.g. "semgrep-mcp:latest").
:return: Tuple of (is_ready, status_description).
"""
engine = os.environ.get("SECPIPE_ENGINE__TYPE", "docker").lower()
cmd = "podman" if engine == "podman" else "docker"
try:
result = subprocess.run(
["docker", "image", "inspect", image],
capture_output=True,
[cmd, "image", "inspect", image],
check=False, capture_output=True,
text=True,
timeout=5,
)
@@ -118,36 +145,37 @@ def check_hub_image(image: str) -> tuple[bool, str]:
except subprocess.TimeoutExpired:
return False, "Timeout"
except FileNotFoundError:
return False, "Docker not found"
return False, f"{cmd} not found"
def load_hub_config(fuzzforge_root: Path) -> dict[str, Any]:
"""Load hub-config.json from the FuzzForge root.
def load_hub_config(secpipe_root: Path) -> dict[str, Any]:
"""Load hub-config.json from the SecPipe root.
:param fuzzforge_root: Path to fuzzforge-oss directory.
:param secpipe_root: Path to secpipe-oss directory.
:return: Parsed hub configuration dict, empty dict on error.
"""
config_path = fuzzforge_root / "hub-config.json"
config_path = secpipe_root / "hub-config.json"
if not config_path.exists():
return {}
try:
return json.loads(config_path.read_text())
data: dict[str, Any] = json.loads(config_path.read_text())
return data
except json.JSONDecodeError:
return {}
def find_fuzzforge_root() -> Path:
"""Find the FuzzForge installation root directory.
def find_secpipe_root() -> Path:
"""Find the SecPipe installation root directory.
:return: Path to the fuzzforge-oss directory.
:return: Path to the secpipe-oss directory.
"""
return _find_fuzzforge_root()
return _find_secpipe_root()
def install_agent_config(agent: AIAgent, engine: str, force: bool = False) -> str:
"""Install FuzzForge MCP configuration for an AI agent.
"""Install SecPipe MCP configuration for an AI agent.
:param agent: Target AI agent.
:param engine: Container engine type ("docker" or "podman").
@@ -155,7 +183,7 @@ def install_agent_config(agent: AIAgent, engine: str, force: bool = False) -> st
:return: Result message string.
"""
fuzzforge_root = _find_fuzzforge_root()
secpipe_root = _find_secpipe_root()
if agent == AIAgent.COPILOT:
config_path = _get_copilot_mcp_path()
@@ -170,7 +198,7 @@ def install_agent_config(agent: AIAgent, engine: str, force: bool = False) -> st
socket = _detect_docker_socket() if engine == "docker" else _detect_podman_socket()
server_config = _generate_mcp_config(
fuzzforge_root=fuzzforge_root,
secpipe_root=secpipe_root,
engine_type=engine,
engine_socket=socket,
)
@@ -182,23 +210,23 @@ def install_agent_config(agent: AIAgent, engine: str, force: bool = False) -> st
return f"Error: Invalid JSON in {config_path}"
servers = existing.get(servers_key, {})
if "fuzzforge" in servers and not force:
if "secpipe" in servers and not force:
return "Already configured (use force to overwrite)"
if servers_key not in existing:
existing[servers_key] = {}
existing[servers_key]["fuzzforge"] = server_config
existing[servers_key]["secpipe"] = server_config
full_config = existing
else:
config_path.parent.mkdir(parents=True, exist_ok=True)
full_config = {servers_key: {"fuzzforge": server_config}}
full_config = {servers_key: {"secpipe": server_config}}
config_path.write_text(json.dumps(full_config, indent=4))
return f"Installed FuzzForge for {agent.value}"
return f"Installed SecPipe for {agent.value}"
def uninstall_agent_config(agent: AIAgent) -> str:
"""Remove FuzzForge MCP configuration from an AI agent.
"""Remove SecPipe MCP configuration from an AI agent.
:param agent: Target AI agent.
:return: Result message string.
@@ -223,12 +251,12 @@ def uninstall_agent_config(agent: AIAgent) -> str:
return "Error: Invalid JSON in config file"
servers = config.get(servers_key, {})
if "fuzzforge" not in servers:
return "FuzzForge is not configured for this agent"
if "secpipe" not in servers:
return "SecPipe is not configured for this agent"
del servers["fuzzforge"]
del servers["secpipe"]
config_path.write_text(json.dumps(config, indent=4))
return f"Removed FuzzForge from {agent.value}"
return f"Removed SecPipe from {agent.value}"
# ---------------------------------------------------------------------------
@@ -237,37 +265,103 @@ def uninstall_agent_config(agent: AIAgent) -> str:
def get_hubs_registry_path() -> Path:
"""Return path to the hubs registry file (``.fuzzforge/hubs.json``).
"""Return path to the hubs registry file (``~/.secpipe/hubs.json``).
Stored in the user-global directory so the registry is shared across
all workspaces.
:return: Path to the registry JSON file.
"""
return get_fuzzforge_dir() / "hubs.json"
return get_secpipe_user_dir() / "hubs.json"
def get_default_hubs_dir() -> Path:
"""Return default directory for cloned hubs (``.fuzzforge/hubs/``).
"""Return default directory for cloned hubs (``~/.secpipe/hubs/``).
Stored in the user-global directory so hubs are cloned once and
reused in every workspace.
:return: Path to the default hubs directory.
"""
return get_fuzzforge_dir() / "hubs"
return get_secpipe_user_dir() / "hubs"
def _discover_hub_dirs() -> list[Path]:
"""Scan known hub directories for cloned repos.
Checks both the current global location (``~/.secpipe/hubs/``) and the
legacy workspace-local location (``<cwd>/.secpipe/hubs/``) so that hubs
cloned before the global-dir migration are still found.
:return: List of hub directory paths (each is a direct child with a ``.git``
sub-directory).
"""
candidates: list[Path] = []
for base in (get_secpipe_user_dir() / "hubs", get_secpipe_dir() / "hubs"):
if base.is_dir():
candidates.extend(
entry for entry in base.iterdir()
if entry.is_dir() and (entry / ".git").is_dir()
)
return candidates
def load_hubs_registry() -> dict[str, Any]:
"""Load the hubs registry from disk.
If the registry file does not exist, auto-recovers it by scanning known hub
directories and rebuilding entries for any discovered hubs. This handles
the migration from the old workspace-local ``<cwd>/.secpipe/hubs.json``
path to the global ``~/.secpipe/hubs.json`` path, as well as any case
where the registry was lost.
:return: Registry dict with ``hubs`` key containing a list of hub entries.
"""
path = get_hubs_registry_path()
if not path.exists():
return {"hubs": []}
try:
return json.loads(path.read_text())
except (json.JSONDecodeError, OSError):
if path.exists():
try:
data: dict[str, Any] = json.loads(path.read_text())
return data
except (json.JSONDecodeError, OSError):
pass
# Registry missing — attempt to rebuild from discovered hub directories.
discovered = _discover_hub_dirs()
if not discovered:
return {"hubs": []}
hubs: list[dict[str, Any]] = []
for hub_dir in discovered:
name = hub_dir.name
# Try to read the git remote URL
git_url: str = ""
try:
import subprocess as _sp
r = _sp.run(
["git", "-C", str(hub_dir), "remote", "get-url", "origin"],
check=False, capture_output=True, text=True, timeout=5,
)
if r.returncode == 0:
git_url = r.stdout.strip()
except Exception: # noqa: S110 - git URL is optional, failure is acceptable
pass
hubs.append({
"name": name,
"path": str(hub_dir),
"git_url": git_url,
"is_default": name == SECPIPE_DEFAULT_HUB_NAME,
})
registry: dict[str, Any] = {"hubs": hubs}
# Persist so we don't re-scan on every load
with contextlib.suppress(OSError):
save_hubs_registry(registry)
return registry
def save_hubs_registry(registry: dict[str, Any]) -> None:
"""Save the hubs registry to disk.
@@ -320,7 +414,7 @@ def scan_hub_for_servers(hub_path: Path) -> list[dict[str, Any]]:
"image": f"{tool_name}:latest",
"category": category,
"capabilities": capabilities,
"volumes": [f"{get_fuzzforge_dir()}/hub/workspace:/data"],
"volumes": [f"{get_secpipe_user_dir()}/hub/workspace:/data"],
"enabled": True,
}
)
@@ -422,8 +516,7 @@ def clone_hub(
"""
if name is None:
name = git_url.rstrip("/").split("/")[-1]
if name.endswith(".git"):
name = name[:-4]
name = name.removesuffix(".git")
if dest is None:
dest = get_default_hubs_dir() / name
@@ -433,7 +526,7 @@ def clone_hub(
try:
result = subprocess.run(
["git", "-C", str(dest), "pull"],
capture_output=True,
check=False, capture_output=True,
text=True,
timeout=120,
)
@@ -451,7 +544,7 @@ def clone_hub(
try:
result = subprocess.run(
["git", "clone", git_url, str(dest)],
capture_output=True,
check=False, capture_output=True,
text=True,
timeout=300,
)
@@ -478,8 +571,8 @@ def _merge_servers_into_hub_config(
:return: Number of newly added servers.
"""
fuzzforge_root = find_fuzzforge_root()
config_path = fuzzforge_root / "hub-config.json"
secpipe_root = find_secpipe_root()
config_path = secpipe_root / "hub-config.json"
if config_path.exists():
try:
@@ -515,8 +608,8 @@ def _remove_hub_servers_from_config(hub_name: str) -> int:
:return: Number of servers removed.
"""
fuzzforge_root = find_fuzzforge_root()
config_path = fuzzforge_root / "hub-config.json"
secpipe_root = find_secpipe_root()
config_path = secpipe_root / "hub-config.json"
if not config_path.exists():
return 0
@@ -533,3 +626,62 @@ def _remove_hub_servers_from_config(hub_name: str) -> int:
config_path.write_text(json.dumps(config, indent=2))
return before - after
def find_dockerfile_for_server(server_name: str, hub_name: str) -> Path | None:
"""Find the Dockerfile for a hub server tool.
Looks up the hub path from the registry, then scans for
``category/<server_name>/Dockerfile``.
:param server_name: Tool name (e.g. ``"nmap-mcp"``).
:param hub_name: Hub name as stored in the registry.
:return: Absolute path to the Dockerfile, or ``None`` if not found.
"""
registry = load_hubs_registry()
hub_entry = next(
(h for h in registry.get("hubs", []) if h.get("name") == hub_name),
None,
)
if not hub_entry:
return None
hub_path = Path(hub_entry["path"])
for dockerfile in hub_path.rglob("Dockerfile"):
rel = dockerfile.relative_to(hub_path)
parts = rel.parts
if len(parts) == 3 and parts[1] == server_name:
return dockerfile
return None
def build_image(
image: str,
dockerfile: Path,
*,
engine: str | None = None,
) -> subprocess.Popen[str]:
"""Start a non-blocking ``docker/podman build`` subprocess.
Returns the running :class:`subprocess.Popen` object so the caller
can stream ``stdout`` / ``stderr`` lines incrementally.
:param image: Image tag (e.g. ``"nmap-mcp:latest"``).
:param dockerfile: Path to the ``Dockerfile``.
:param engine: ``"docker"`` or ``"podman"`` (auto-detected if ``None``).
:return: Running subprocess with merged stdout+stderr.
"""
if engine is None:
engine = os.environ.get("SECPIPE_ENGINE__TYPE", "docker").lower()
engine = "podman" if engine == "podman" else "docker"
context_dir = str(dockerfile.parent)
return subprocess.Popen(
[engine, "build", "-t", image, context_dir],
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
text=True,
)

1
secpipe-cli/src/secpipe_cli/tui/screens/__init__.py Normal file
View File

@@ -0,0 +1 @@
"""TUI screens for SecPipe."""

8
fuzzforge-cli/src/fuzzforge_cli/tui/screens/agent_setup.py → secpipe-cli/src/secpipe_cli/tui/screens/agent_setup.py
View File

@@ -1,4 +1,4 @@
"""Agent setup and unlink modal screens for FuzzForge TUI.
"""Agent setup and unlink modal screens for SecPipe TUI.
Provides context-aware modals that receive the target agent directly
from the dashboard row selection no redundant agent picker needed.
@@ -12,8 +12,8 @@ from textual.containers import Horizontal, Vertical
from textual.screen import ModalScreen
from textual.widgets import Button, Label, RadioButton, RadioSet
from fuzzforge_cli.commands.mcp import AIAgent
from fuzzforge_cli.tui.helpers import install_agent_config, uninstall_agent_config
from secpipe_cli.commands.mcp import AIAgent
from secpipe_cli.tui.helpers import install_agent_config, uninstall_agent_config
class AgentSetupScreen(ModalScreen[str | None]):
@@ -76,7 +76,7 @@ class AgentUnlinkScreen(ModalScreen[str | None]):
with Vertical(id="unlink-dialog"):
yield Label(f"Unlink {self._display_name}?", classes="dialog-title")
yield Label(
f"This will remove the FuzzForge MCP configuration from {self._display_name}.",
f"This will remove the SecPipe MCP configuration from {self._display_name}.",
)
with Horizontal(classes="dialog-buttons"):

58
secpipe-cli/src/secpipe_cli/tui/screens/build_image.py Normal file
View File

@@ -0,0 +1,58 @@
"""Build-image confirm dialog for SecPipe TUI.
Simple modal that asks the user to confirm before starting a background
build. The actual build is managed by the app so the user is never
locked on this screen.
"""
from __future__ import annotations
from textual.app import ComposeResult
from textual.containers import Horizontal, Vertical
from textual.screen import ModalScreen
from textual.widgets import Button, Label
class _NoFocusButton(Button):
can_focus = False
class BuildImageScreen(ModalScreen[bool]):
"""Quick confirmation before starting a background Docker/Podman build."""
BINDINGS = [("escape", "cancel", "Cancel")]
def __init__(self, server_name: str, image: str, hub_name: str) -> None:
super().__init__()
self._server_name = server_name
self._image = image
self._hub_name = hub_name
def compose(self) -> ComposeResult:
"""Build the confirmation dialog UI."""
with Vertical(id="build-dialog"):
yield Label(f"Build {self._image}", classes="dialog-title")
yield Label(
f"Hub: {self._hub_name} • Tool: {self._server_name}",
id="build-subtitle",
)
yield Label(
"The image will be built in the background.\n"
"You'll receive a notification when it's done.",
id="confirm-text",
)
with Horizontal(classes="dialog-buttons"):
yield _NoFocusButton("Build", variant="primary", id="btn-build")
yield _NoFocusButton("Cancel", variant="default", id="btn-cancel")
def on_button_pressed(self, event: Button.Pressed) -> None:
"""Handle Build or Cancel button clicks."""
if event.button.id == "btn-build":
self.dismiss(result=True)
elif event.button.id == "btn-cancel":
self.dismiss(result=False)
def action_cancel(self) -> None:
"""Dismiss the dialog when Escape is pressed."""
self.dismiss(result=False)

80
secpipe-cli/src/secpipe_cli/tui/screens/build_log.py Normal file
View File

@@ -0,0 +1,80 @@
"""Build-log viewer screen for SecPipe TUI.
Shows live output of a background build started by the app. Polls the
app's ``_build_logs`` buffer every 500 ms so the user can pop this screen
open at any time while the build is running and see up-to-date output.
"""
from __future__ import annotations
from typing import Any
from textual.app import ComposeResult
from textual.containers import Horizontal, Vertical
from textual.screen import ModalScreen
from textual.widgets import Button, Label, Log
class _NoFocusButton(Button):
can_focus = False
class BuildLogScreen(ModalScreen[None]):
"""Live log viewer for a background build job managed by the app."""
BINDINGS = [("escape", "close", "Close")]
def __init__(self, image: str) -> None:
super().__init__()
self._image = image
self._last_line: int = 0
def compose(self) -> ComposeResult:
"""Build the log viewer UI."""
with Vertical(id="build-dialog"):
yield Label(f"Build log — {self._image}", classes="dialog-title")
yield Label("", id="build-status")
yield Log(id="build-log", auto_scroll=True)
with Horizontal(classes="dialog-buttons"):
yield _NoFocusButton("Close", variant="default", id="btn-close")
def on_mount(self) -> None:
"""Initialize log polling when the screen is mounted."""
self._flush_log()
self.set_interval(0.5, self._poll_log)
def _flush_log(self) -> None:
"""Write any new lines since the last flush."""
logs: list[str] = getattr(self.app, "_build_logs", {}).get(self._image, [])
log_widget = self.query_one("#build-log", Log)
new_lines = logs[self._last_line :]
for line in new_lines:
log_widget.write_line(line)
self._last_line += len(new_lines)
active: dict[str, Any] = getattr(self.app, "_active_builds", {})
status = self.query_one("#build-status", Label)
if self._image in active:
status.update("[yellow]⏳ Building…[/yellow]")
else:
# Build is done — check if we have a result stored
results: dict[str, Any] = getattr(self.app, "_build_results", {})
if self._image in results:
if results[self._image]:
status.update(f"[green]✓ {self._image} built successfully[/green]")
else:
status.update(f"[red]✗ {self._image} build failed[/red]")
def _poll_log(self) -> None:
"""Poll for new log lines periodically."""
self._flush_log()
def on_button_pressed(self, event: Button.Pressed) -> None:
"""Handle Close button click."""
if event.button.id == "btn-close":
self.dismiss(None)
def action_close(self) -> None:
"""Dismiss the dialog when Escape is pressed."""
self.dismiss(None)

16
fuzzforge-cli/src/fuzzforge_cli/tui/screens/hub_manager.py → secpipe-cli/src/secpipe_cli/tui/screens/hub_manager.py
View File

@@ -1,4 +1,4 @@
"""Hub management screens for FuzzForge TUI.
"""Hub management screens for SecPipe TUI.
Provides modal dialogs for managing linked MCP hub repositories:
- HubManagerScreen: list, add, remove linked hubs
@@ -18,9 +18,9 @@ from textual.containers import Horizontal, Vertical
from textual.screen import ModalScreen
from textual.widgets import Button, DataTable, Input, Label, Static
from fuzzforge_cli.tui.helpers import (
FUZZFORGE_DEFAULT_HUB_NAME,
FUZZFORGE_DEFAULT_HUB_URL,
from secpipe_cli.tui.helpers import (
SECPIPE_DEFAULT_HUB_NAME,
SECPIPE_DEFAULT_HUB_URL,
clone_hub,
link_hub,
load_hubs_registry,
@@ -81,6 +81,7 @@ class HubManagerScreen(ModalScreen[str | None]):
is_default = hub.get("is_default", False)
hub_path = Path(path)
count: str | Text
if hub_path.is_dir():
servers = scan_hub_for_servers(hub_path)
count = str(len(servers))
@@ -88,10 +89,11 @@ class HubManagerScreen(ModalScreen[str | None]):
count = Text("dir missing", style="yellow")
source = git_url or "local"
name_cell: str | Text
if is_default:
name_cell = Text(f"{name}", style="bold")
else:
name_cell = Text(name)
name_cell = name
table.add_row(name_cell, path, count, source)
@@ -102,8 +104,8 @@ class HubManagerScreen(ModalScreen[str | None]):
elif event.button.id == "btn-clone-default":
self.app.push_screen(
CloneHubScreen(
FUZZFORGE_DEFAULT_HUB_URL,
FUZZFORGE_DEFAULT_HUB_NAME,
SECPIPE_DEFAULT_HUB_URL,
SECPIPE_DEFAULT_HUB_NAME,
is_default=True,
),
callback=self._on_hub_action,

0
fuzzforge-cli/src/fuzzforge_cli/utilities.py → secpipe-cli/src/secpipe_cli/utilities.py
View File

0
fuzzforge-cli/tests/__init__.py → secpipe-cli/tests/__init__.py
View File

0
fuzzforge-cli/tests/conftest.py → secpipe-cli/tests/conftest.py
View File

0
fuzzforge-common/Makefile → secpipe-common/Makefile
View File

3
secpipe-common/README.md Normal file
View File

@@ -0,0 +1,3 @@
# SecPipe Common
...

0
fuzzforge-common/mypy.ini → secpipe-common/mypy.ini
View File

4
fuzzforge-common/pyproject.toml → secpipe-common/pyproject.toml
View File

@@ -1,7 +1,7 @@
[project]
name = "fuzzforge-common"
name = "secpipe-common"
version = "0.0.1"
description = "FuzzForge's common types and utilities."
description = "SecPipe's common types and utilities."
authors = []
readme = "README.md"
requires-python = ">=3.14"

0
fuzzforge-common/pytest.ini → secpipe-common/pytest.ini
View File

49
secpipe-common/ruff.toml Normal file
View File

@@ -0,0 +1,49 @@
line-length = 120
[lint]
select = [ "ALL" ]
ignore = [
"COM812", # conflicts with the formatter
"D100", # ignoring missing docstrings in public modules
"D104", # ignoring missing docstrings in public packages
"D203", # conflicts with 'D211'
"D213", # conflicts with 'D212'
"TD002", # ignoring missing author in 'TODO' statements
"TD003", # ignoring missing issue link in 'TODO' statements
]
[lint.per-file-ignores]
"tests/*" = [
"ANN401", # allowing 'typing.Any' to be used to type function parameters in tests
"PLR2004", # allowing comparisons using unamed numerical constants in tests
"S101", # allowing 'assert' statements in tests
]
"src/**" = [
"ANN201", # missing return type: legacy code
"ARG002", # unused argument: callback pattern
"ASYNC109", # async with timeout param: intentional pattern
"BLE001", # blind exception: broad error handling needed
"C901", # complexity: legacy code
"EM102", # f-string in exception: existing pattern
"F401", # unused import: re-export pattern
"FBT001", # boolean positional arg
"FBT002", # boolean default arg
"FIX002", # TODO comments: documented tech debt
"N806", # variable naming: intentional constants
"PERF401", # list comprehension: readability over perf
"PLW0603", # global statement: intentional for shared state
"PTH111", # os.path usage: legacy code
"RUF005", # collection literal: legacy style
"S110", # try-except-pass: intentional suppression
"S603", # subprocess: validated inputs
"SIM108", # ternary: readability preference
"TC001", # TYPE_CHECKING: causes circular imports
"TC003", # TYPE_CHECKING: causes circular imports
"TRY003", # message in exception: existing pattern
"TRY300", # try-else: existing pattern
"TRY400", # logging.error vs exception: existing pattern
"UP017", # datetime.UTC: Python 3.11+ only
"UP041", # TimeoutError alias: compatibility
"UP043", # unnecessary type args: compatibility
"W293", # blank line whitespace: formatting
]

38
secpipe-common/src/secpipe_common/__init__.py Normal file
View File

@@ -0,0 +1,38 @@
"""SecPipe Common - Shared abstractions and implementations for SecPipe.
This package provides:
- Sandbox engine abstractions (Podman, Docker)
- Common exceptions
Example usage:
from secpipe_common import (
AbstractSecPipeSandboxEngine,
ImageInfo,
Podman,
PodmanConfiguration,
)
"""
from secpipe_common.exceptions import SecPipeError
from secpipe_common.sandboxes import (
AbstractSecPipeEngineConfiguration,
AbstractSecPipeSandboxEngine,
Docker,
DockerConfiguration,
SecPipeSandboxEngines,
ImageInfo,
Podman,
PodmanConfiguration,
)
__all__ = [
"AbstractSecPipeEngineConfiguration",
"AbstractSecPipeSandboxEngine",
"Docker",
"DockerConfiguration",
"SecPipeError",
"SecPipeSandboxEngines",
"ImageInfo",
"Podman",
"PodmanConfiguration",
]

6
fuzzforge-common/src/fuzzforge_common/exceptions.py → secpipe-common/src/secpipe_common/exceptions.py
View File

@@ -4,8 +4,8 @@ if TYPE_CHECKING:
from typing import Any
class FuzzForgeError(Exception):
"""Base exception for all FuzzForge custom exceptions.
class SecPipeError(Exception):
"""Base exception for all SecPipe custom exceptions.
All domain exceptions should inherit from this base to enable
consistent exception handling and hierarchy navigation.
@@ -13,7 +13,7 @@ class FuzzForgeError(Exception):
"""
def __init__(self, message: str, details: dict[str, Any] | None = None) -> None:
"""Initialize FuzzForge error.
"""Initialize SecPipe error.
:param message: Error message.
:param details: Optional error details dictionary.

14
fuzzforge-common/src/fuzzforge_common/hub/__init__.py → secpipe-common/src/secpipe_common/hub/__init__.py
View File

@@ -1,8 +1,8 @@
"""FuzzForge Hub - Generic MCP server bridge.
"""SecPipe Hub - Generic MCP server bridge.
This module provides a generic bridge to connect FuzzForge with any MCP server.
This module provides a generic bridge to connect SecPipe with any MCP server.
It allows AI agents to discover and execute tools from external MCP servers
(like mcp-security-hub) through the same interface as native FuzzForge modules.
(like mcp-security-hub) through the same interface as native SecPipe modules.
The hub is server-agnostic: it doesn't hardcode any specific tools or servers.
Instead, it dynamically discovers tools by connecting to configured MCP servers
@@ -15,9 +15,9 @@ Supported transport types:
"""
from fuzzforge_common.hub.client import HubClient, HubClientError, PersistentSession
from fuzzforge_common.hub.executor import HubExecutionResult, HubExecutor
from fuzzforge_common.hub.models import (
from secpipe_common.hub.client import HubClient, HubClientError, PersistentSession
from secpipe_common.hub.executor import HubExecutionResult, HubExecutor
from secpipe_common.hub.models import (
HubConfig,
HubServer,
HubServerConfig,
@@ -25,7 +25,7 @@ from fuzzforge_common.hub.models import (
HubTool,
HubToolParameter,
)
from fuzzforge_common.hub.registry import HubRegistry
from secpipe_common.hub.registry import HubRegistry
__all__ = [
"HubClient",

27
fuzzforge-common/src/fuzzforge_common/hub/client.py → secpipe-common/src/secpipe_common/hub/client.py
View File

@@ -21,7 +21,7 @@ from dataclasses import dataclass, field
from datetime import datetime, timezone
from typing import TYPE_CHECKING, Any, cast
from fuzzforge_common.hub.models import (
from secpipe_common.hub.models import (
HubServer,
HubServerConfig,
HubServerType,
@@ -176,6 +176,7 @@ class HubClient:
arguments: dict[str, Any],
*,
timeout: int | None = None,
extra_volumes: list[str] | None = None,
) -> dict[str, Any]:
"""Execute a tool on a hub server.
@@ -183,6 +184,7 @@ class HubClient:
:param tool_name: Name of the tool to execute.
:param arguments: Tool arguments.
:param timeout: Execution timeout (uses default if None).
:param extra_volumes: Additional Docker volume mounts to inject.
:returns: Tool execution result.
:raises HubClientError: If execution fails.
@@ -199,7 +201,7 @@ class HubClient:
)
try:
async with self._connect(config) as (reader, writer):
async with self._connect(config, extra_volumes=extra_volumes) as (reader, writer):
# Initialise MCP session (skip for persistent — already done)
if not self._persistent_sessions.get(config.name):
await self._initialize_session(reader, writer, config.name)
@@ -248,6 +250,7 @@ class HubClient:
async def _connect(
self,
config: HubServerConfig,
extra_volumes: list[str] | None = None,
) -> AsyncGenerator[tuple[asyncio.StreamReader, asyncio.StreamWriter], None]:
"""Connect to an MCP server.
@@ -256,6 +259,7 @@ class HubClient:
ephemeral per-call connection logic.
:param config: Server configuration.
:param extra_volumes: Additional Docker volume mounts to inject.
:yields: Tuple of (reader, writer) for communication.
"""
@@ -268,7 +272,7 @@ class HubClient:
# Ephemeral connection (original behaviour)
if config.type == HubServerType.DOCKER:
async with self._connect_docker(config) as streams:
async with self._connect_docker(config, extra_volumes=extra_volumes) as streams:
yield streams
elif config.type == HubServerType.COMMAND:
async with self._connect_command(config) as streams:
@@ -284,10 +288,12 @@ class HubClient:
async def _connect_docker(
self,
config: HubServerConfig,
extra_volumes: list[str] | None = None,
) -> AsyncGenerator[tuple[asyncio.StreamReader, asyncio.StreamWriter], None]:
"""Connect to a Docker-based MCP server.
:param config: Server configuration with image name.
:param extra_volumes: Additional volume mounts to inject (e.g. project assets).
:yields: Tuple of (reader, writer) for stdio communication.
"""
@@ -302,10 +308,14 @@ class HubClient:
for cap in config.capabilities:
cmd.extend(["--cap-add", cap])
# Add volumes
# Add volumes from server config
for volume in config.volumes:
cmd.extend(["-v", os.path.expanduser(volume)])
# Add extra volumes (e.g. project assets injected at runtime)
for volume in (extra_volumes or []):
cmd.extend(["-v", os.path.expanduser(volume)])
# Add environment variables
for key, value in config.environment.items():
cmd.extend(["-e", f"{key}={value}"])
@@ -427,7 +437,7 @@ class HubClient:
"protocolVersion": "2024-11-05",
"capabilities": {},
"clientInfo": {
"name": "fuzzforge-hub",
"name": "secpipe-hub",
"version": "0.1.0",
},
},
@@ -529,6 +539,7 @@ class HubClient:
async def start_persistent_session(
self,
config: HubServerConfig,
extra_volumes: list[str] | None = None,
) -> PersistentSession:
"""Start a persistent Docker container and initialise MCP session.
@@ -536,6 +547,7 @@ class HubClient:
called, allowing multiple tool calls on the same session.
:param config: Server configuration (must be Docker type).
:param extra_volumes: Additional host:container volume mounts to inject.
:returns: The created persistent session.
:raises HubClientError: If the container cannot be started.
@@ -558,7 +570,7 @@ class HubClient:
msg = f"Docker image not specified for server '{config.name}'"
raise HubClientError(msg)
container_name = f"fuzzforge-{config.name}"
container_name = f"secpipe-{config.name}"
# Remove stale container with same name if it exists
try:
@@ -580,6 +592,9 @@ class HubClient:
for volume in config.volumes:
cmd.extend(["-v", os.path.expanduser(volume)])
for extra_vol in (extra_volumes or []):
cmd.extend(["-v", extra_vol])
for key, value in config.environment.items():
cmd.extend(["-e", f"{key}={value}"])

15
fuzzforge-common/src/fuzzforge_common/hub/executor.py → secpipe-common/src/secpipe_common/hub/executor.py
View File

@@ -12,9 +12,9 @@ from __future__ import annotations
from pathlib import Path
from typing import TYPE_CHECKING, Any, cast
from fuzzforge_common.hub.client import HubClient, HubClientError, PersistentSession
from fuzzforge_common.hub.models import HubServer, HubServerConfig, HubTool
from fuzzforge_common.hub.registry import HubRegistry
from secpipe_common.hub.client import HubClient, HubClientError, PersistentSession
from secpipe_common.hub.models import HubServer, HubServerConfig, HubTool
from secpipe_common.hub.registry import HubRegistry
if TYPE_CHECKING:
from structlog.stdlib import BoundLogger
@@ -180,12 +180,14 @@ class HubExecutor:
arguments: dict[str, Any] | None = None,
*,
timeout: int | None = None,
extra_volumes: list[str] | None = None,
) -> HubExecutionResult:
"""Execute a hub tool.
:param identifier: Tool identifier (hub:server:tool or server:tool).
:param arguments: Tool arguments.
:param timeout: Execution timeout.
:param extra_volumes: Additional Docker volume mounts to inject.
:returns: Execution result.
"""
@@ -232,6 +234,7 @@ class HubExecutor:
tool_name_to_use or tool_name,
arguments,
timeout=timeout,
extra_volumes=extra_volumes,
)
return HubExecutionResult(
success=True,
@@ -268,6 +271,7 @@ class HubExecutor:
tool.name,
arguments,
timeout=timeout,
extra_volumes=extra_volumes,
)
return HubExecutionResult(
success=True,
@@ -341,13 +345,14 @@ class HubExecutor:
# Persistent session management
# ------------------------------------------------------------------
async def start_persistent_server(self, server_name: str) -> dict[str, Any]:
async def start_persistent_server(self, server_name: str, extra_volumes: list[str] | None = None) -> dict[str, Any]:
"""Start a persistent container session for a server.
The container stays running between tool calls, allowing stateful
interactions (e.g., radare2 sessions, long-running fuzzing).
:param server_name: Name of the hub server to start.
:param extra_volumes: Additional host:container volume mounts to inject.
:returns: Session status dictionary.
:raises ValueError: If server not found.
@@ -358,7 +363,7 @@ class HubExecutor:
msg = f"Server '{server_name}' not found"
raise ValueError(msg)
session = await self._client.start_persistent_session(server.config)
session = await self._client.start_persistent_session(server.config, extra_volumes=extra_volumes)
# Auto-discover tools on the new session
try:

16
fuzzforge-common/src/fuzzforge_common/hub/models.py → secpipe-common/src/secpipe_common/hub/models.py
View File

@@ -1,4 +1,4 @@
"""Data models for FuzzForge Hub.
"""Data models for SecPipe Hub.
This module defines the Pydantic models used to represent MCP servers
and their tools in the hub registry.
@@ -294,3 +294,17 @@ class HubConfig(BaseModel):
default=True,
description="Cache discovered tools",
)
#: Workflow hints indexed by "after:<tool_name>" keys.
#: Loaded inline or merged from workflow_hints_file.
workflow_hints: dict[str, Any] = Field(
default_factory=dict,
description="Workflow hints indexed by 'after:<tool_name>'",
)
#: Optional path to an external workflow-hints.json file.
#: Relative paths are resolved relative to the hub-config.json location.
workflow_hints_file: str | None = Field(
default=None,
description="Path to an external workflow-hints.json to load and merge",
)

33
fuzzforge-common/src/fuzzforge_common/hub/registry.py → secpipe-common/src/secpipe_common/hub/registry.py
View File

@@ -12,7 +12,7 @@ import json
from pathlib import Path
from typing import TYPE_CHECKING, cast
from fuzzforge_common.hub.models import (
from secpipe_common.hub.models import (
HubConfig,
HubServer,
HubServerConfig,
@@ -87,6 +87,28 @@ class HubRegistry:
config=server_config,
)
# Load and merge external workflow hints file if specified.
if self._config.workflow_hints_file:
hints_path = Path(self._config.workflow_hints_file)
if not hints_path.is_absolute():
hints_path = config_path.parent / hints_path
if hints_path.exists():
try:
with hints_path.open() as hf:
hints_data = json.load(hf)
self._config.workflow_hints.update(hints_data.get("hints", {}))
logger.info(
"Loaded workflow hints",
path=str(hints_path),
hints=len(self._config.workflow_hints),
)
except Exception as hints_err:
logger.warning(
"Failed to load workflow hints file",
path=str(hints_path),
error=str(hints_err),
)
logger.info(
"Loaded hub configuration",
path=str(config_path),
@@ -218,6 +240,15 @@ class HubRegistry:
server.discovery_error = None
server.tools = tools
def get_workflow_hint(self, tool_name: str) -> dict | None:
"""Get the workflow hint for a tool by name.
:param tool_name: Tool name (e.g. ``binwalk_extract``).
:returns: Hint dict for the ``after:<tool_name>`` key, or None.
"""
return self._config.workflow_hints.get(f"after:{tool_name}") or None
def get_all_tools(self) -> list:
"""Get all discovered tools from all servers.

0
fuzzforge-common/src/fuzzforge_common/py.typed → secpipe-common/src/secpipe_common/py.typed
View File

23
secpipe-common/src/secpipe_common/sandboxes/__init__.py Normal file
View File

@@ -0,0 +1,23 @@
"""SecPipe sandbox abstractions and implementations."""
from secpipe_common.sandboxes.engines import (
AbstractSecPipeEngineConfiguration,
AbstractSecPipeSandboxEngine,
Docker,
DockerConfiguration,
SecPipeSandboxEngines,
ImageInfo,
Podman,
PodmanConfiguration,
)
__all__ = [
"AbstractSecPipeEngineConfiguration",
"AbstractSecPipeSandboxEngine",
"Docker",
"DockerConfiguration",
"SecPipeSandboxEngines",
"ImageInfo",
"Podman",
"PodmanConfiguration",
]

21
secpipe-common/src/secpipe_common/sandboxes/engines/__init__.py Normal file
View File

@@ -0,0 +1,21 @@
"""Container engine implementations for SecPipe sandboxes."""
from secpipe_common.sandboxes.engines.base import (
AbstractSecPipeEngineConfiguration,
AbstractSecPipeSandboxEngine,
ImageInfo,
)
from secpipe_common.sandboxes.engines.docker import Docker, DockerConfiguration
from secpipe_common.sandboxes.engines.enumeration import SecPipeSandboxEngines
from secpipe_common.sandboxes.engines.podman import Podman, PodmanConfiguration
__all__ = [
"AbstractSecPipeEngineConfiguration",
"AbstractSecPipeSandboxEngine",
"Docker",
"DockerConfiguration",
"SecPipeSandboxEngines",
"ImageInfo",
"Podman",
"PodmanConfiguration",
]

15
secpipe-common/src/secpipe_common/sandboxes/engines/base/__init__.py Normal file
View File

@@ -0,0 +1,15 @@
"""Base engine abstractions."""
from secpipe_common.sandboxes.engines.base.configuration import (
AbstractSecPipeEngineConfiguration,
)
from secpipe_common.sandboxes.engines.base.engine import (
AbstractSecPipeSandboxEngine,
ImageInfo,
)
__all__ = [
"AbstractSecPipeEngineConfiguration",
"AbstractSecPipeSandboxEngine",
"ImageInfo",
]

24
secpipe-common/src/secpipe_common/sandboxes/engines/base/configuration.py Normal file
View File

@@ -0,0 +1,24 @@
from abc import ABC, abstractmethod
from typing import TYPE_CHECKING
from pydantic import BaseModel
from secpipe_common.sandboxes.engines.enumeration import (
SecPipeSandboxEngines,
)
if TYPE_CHECKING:
from secpipe_common.sandboxes.engines.base.engine import AbstractSecPipeSandboxEngine
class AbstractSecPipeEngineConfiguration(ABC, BaseModel):
"""TODO."""
#: TODO.
kind: SecPipeSandboxEngines
@abstractmethod
def into_engine(self) -> AbstractSecPipeSandboxEngine:
"""TODO."""
message: str = f"method 'into_engine' is not implemented for class '{self.__class__.__name__}'"
raise NotImplementedError(message)

12
fuzzforge-common/src/fuzzforge_common/sandboxes/engines/base/engine.py → secpipe-common/src/secpipe_common/sandboxes/engines/base/engine.py
View File

@@ -10,10 +10,10 @@ if TYPE_CHECKING:
class ImageInfo:
"""Information about a container image."""
#: Full image reference (e.g., "localhost/fuzzforge-module-echidna:latest").
#: Full image reference (e.g., "localhost/secpipe-module-echidna:latest").
reference: str
#: Repository name (e.g., "localhost/fuzzforge-module-echidna").
#: Repository name (e.g., "localhost/secpipe-module-echidna").
repository: str
#: Image tag (e.g., "latest").
@@ -29,8 +29,8 @@ class ImageInfo:
labels: dict[str, str] | None = None
class AbstractFuzzForgeSandboxEngine(ABC):
"""Abstract class used as a base for all FuzzForge sandbox engine classes."""
class AbstractSecPipeSandboxEngine(ABC):
"""Abstract class used as a base for all SecPipe sandbox engine classes."""
@abstractmethod
def list_images(self, filter_prefix: str | None = None) -> list[ImageInfo]:
@@ -140,7 +140,7 @@ class AbstractFuzzForgeSandboxEngine(ABC):
:param image: Full image reference to pull.
:param timeout: Timeout in seconds for the pull operation.
:raises FuzzForgeError: If pull fails.
:raises SecPipeError: If pull fails.
"""
message: str = f"method 'pull_image' is not implemented for class '{self.__class__.__name__}'"
@@ -306,7 +306,7 @@ class AbstractFuzzForgeSandboxEngine(ABC):
Creates a temporary container, copies the file, and removes the container.
:param image: Image reference (e.g., "fuzzforge-rust-analyzer:latest").
:param image: Image reference (e.g., "secpipe-rust-analyzer:latest").
:param path: Path to file inside image.
:returns: File contents as string.

13
secpipe-common/src/secpipe_common/sandboxes/engines/docker/__init__.py Normal file
View File

@@ -0,0 +1,13 @@
"""Docker container engine implementation."""
from secpipe_common.sandboxes.engines.docker.cli import DockerCLI
from secpipe_common.sandboxes.engines.docker.configuration import (
DockerConfiguration,
)
from secpipe_common.sandboxes.engines.docker.engine import Docker
__all__ = [
"Docker",
"DockerCLI",
"DockerConfiguration",
]

12
fuzzforge-common/src/fuzzforge_common/sandboxes/engines/docker/cli.py → secpipe-common/src/secpipe_common/sandboxes/engines/docker/cli.py
View File

@@ -13,8 +13,8 @@ from pathlib import Path, PurePath
from tempfile import NamedTemporaryFile
from typing import TYPE_CHECKING, cast
from fuzzforge_common.exceptions import FuzzForgeError
from fuzzforge_common.sandboxes.engines.base.engine import AbstractFuzzForgeSandboxEngine, ImageInfo
from secpipe_common.exceptions import SecPipeError
from secpipe_common.sandboxes.engines.base.engine import AbstractSecPipeSandboxEngine, ImageInfo
if TYPE_CHECKING:
from structlog.stdlib import BoundLogger
@@ -27,7 +27,7 @@ def get_logger() -> BoundLogger:
return cast("BoundLogger", get_logger())
class DockerCLI(AbstractFuzzForgeSandboxEngine):
class DockerCLI(AbstractSecPipeSandboxEngine):
"""Docker engine using CLI commands.
This implementation uses subprocess calls to the Docker CLI,
@@ -37,7 +37,7 @@ class DockerCLI(AbstractFuzzForgeSandboxEngine):
def __init__(self) -> None:
"""Initialize the DockerCLI engine."""
AbstractFuzzForgeSandboxEngine.__init__(self)
AbstractSecPipeSandboxEngine.__init__(self)
def _base_cmd(self) -> list[str]:
"""Get base Docker command.
@@ -147,7 +147,7 @@ class DockerCLI(AbstractFuzzForgeSandboxEngine):
get_logger().info("image pulled successfully", image=image)
except subprocess.CalledProcessError as exc:
message = f"Failed to pull image '{image}': {exc.stderr}"
raise FuzzForgeError(message) from exc
raise SecPipeError(message) from exc
def tag_image(self, source: str, target: str) -> None:
"""Tag an image with a new name.
@@ -440,7 +440,7 @@ class DockerCLI(AbstractFuzzForgeSandboxEngine):
Uses docker run with --entrypoint override to read the file via cat.
:param image: Image reference (e.g., "fuzzforge-rust-analyzer:latest").
:param image: Image reference (e.g., "secpipe-rust-analyzer:latest").
:param path: Path to file inside image.
:returns: File contents as string.

22
secpipe-common/src/secpipe_common/sandboxes/engines/docker/configuration.py Normal file
View File

@@ -0,0 +1,22 @@
from typing import TYPE_CHECKING, Literal
from secpipe_common.sandboxes.engines.base.configuration import AbstractSecPipeEngineConfiguration
from secpipe_common.sandboxes.engines.docker.engine import Docker
from secpipe_common.sandboxes.engines.enumeration import SecPipeSandboxEngines
if TYPE_CHECKING:
from secpipe_common.sandboxes.engines.base.engine import AbstractSecPipeSandboxEngine
class DockerConfiguration(AbstractSecPipeEngineConfiguration):
"""TODO."""
#: TODO.
kind: Literal[SecPipeSandboxEngines.DOCKER] = SecPipeSandboxEngines.DOCKER
#: TODO.
socket: str
def into_engine(self) -> AbstractSecPipeSandboxEngine:
"""TODO."""
return Docker(socket=self.socket)

4
fuzzforge-common/src/fuzzforge_common/sandboxes/engines/docker/engine.py → secpipe-common/src/secpipe_common/sandboxes/engines/docker/engine.py
View File

@@ -2,13 +2,13 @@ from __future__ import annotations
from typing import TYPE_CHECKING
from fuzzforge_common.sandboxes.engines.base.engine import AbstractFuzzForgeSandboxEngine, ImageInfo
from secpipe_common.sandboxes.engines.base.engine import AbstractSecPipeSandboxEngine, ImageInfo
if TYPE_CHECKING:
from pathlib import Path, PurePath
class Docker(AbstractFuzzForgeSandboxEngine):
class Docker(AbstractSecPipeSandboxEngine):
"""TODO."""
#: TODO.

2
fuzzforge-common/src/fuzzforge_common/sandboxes/engines/enumeration.py → secpipe-common/src/secpipe_common/sandboxes/engines/enumeration.py
View File

@@ -1,7 +1,7 @@
from enum import StrEnum
class FuzzForgeSandboxEngines(StrEnum):
class SecPipeSandboxEngines(StrEnum):
"""TODO."""
#: TODO.

13
secpipe-common/src/secpipe_common/sandboxes/engines/podman/__init__.py Normal file
View File

@@ -0,0 +1,13 @@
"""Podman container engine implementation."""
from secpipe_common.sandboxes.engines.podman.cli import PodmanCLI
from secpipe_common.sandboxes.engines.podman.configuration import (
PodmanConfiguration,
)
from secpipe_common.sandboxes.engines.podman.engine import Podman
__all__ = [
"Podman",
"PodmanCLI",
"PodmanConfiguration",
]

16
fuzzforge-common/src/fuzzforge_common/sandboxes/engines/podman/cli.py → secpipe-common/src/secpipe_common/sandboxes/engines/podman/cli.py
View File

@@ -15,8 +15,8 @@ from pathlib import Path, PurePath
from tempfile import NamedTemporaryFile
from typing import TYPE_CHECKING, cast
from fuzzforge_common.exceptions import FuzzForgeError
from fuzzforge_common.sandboxes.engines.base.engine import AbstractFuzzForgeSandboxEngine, ImageInfo
from secpipe_common.exceptions import SecPipeError
from secpipe_common.sandboxes.engines.base.engine import AbstractSecPipeSandboxEngine, ImageInfo
if TYPE_CHECKING:
from structlog.stdlib import BoundLogger
@@ -43,7 +43,7 @@ def _is_running_under_snap() -> bool:
return os.getenv("SNAP") is not None
class PodmanCLI(AbstractFuzzForgeSandboxEngine):
class PodmanCLI(AbstractSecPipeSandboxEngine):
"""Podman engine using CLI with custom storage paths.
This implementation uses subprocess calls to the Podman CLI with --root
@@ -71,7 +71,7 @@ class PodmanCLI(AbstractFuzzForgeSandboxEngine):
Custom storage is used when running under Snap AND paths are provided.
:raises FuzzForgeError: If running on macOS (Podman not supported).
:raises SecPipeError: If running on macOS (Podman not supported).
"""
import sys # noqa: PLC0415
@@ -81,9 +81,9 @@ class PodmanCLI(AbstractFuzzForgeSandboxEngine):
" brew install --cask docker\n"
" # Or download from https://docker.com/products/docker-desktop"
)
raise FuzzForgeError(msg)
raise SecPipeError(msg)
AbstractFuzzForgeSandboxEngine.__init__(self)
AbstractSecPipeSandboxEngine.__init__(self)
# Use custom storage only under Snap (to fix XDG_DATA_HOME issues)
self.__use_custom_storage = _is_running_under_snap() and graphroot is not None and runroot is not None
@@ -206,7 +206,7 @@ class PodmanCLI(AbstractFuzzForgeSandboxEngine):
get_logger().info("image pulled successfully", image=image)
except subprocess.CalledProcessError as exc:
message = f"Failed to pull image '{image}': {exc.stderr}"
raise FuzzForgeError(message) from exc
raise SecPipeError(message) from exc
def tag_image(self, source: str, target: str) -> None:
"""Tag an image with a new name.
@@ -501,7 +501,7 @@ class PodmanCLI(AbstractFuzzForgeSandboxEngine):
Uses podman run with --entrypoint override to read the file via cat.
:param image: Image reference (e.g., "fuzzforge-rust-analyzer:latest").
:param image: Image reference (e.g., "secpipe-rust-analyzer:latest").
:param path: Path to file inside image.
:returns: File contents as string.

22
secpipe-common/src/secpipe_common/sandboxes/engines/podman/configuration.py Normal file
View File

@@ -0,0 +1,22 @@
from typing import TYPE_CHECKING, Literal
from secpipe_common.sandboxes.engines.base.configuration import AbstractSecPipeEngineConfiguration
from secpipe_common.sandboxes.engines.enumeration import SecPipeSandboxEngines
from secpipe_common.sandboxes.engines.podman.engine import Podman
if TYPE_CHECKING:
from secpipe_common.sandboxes.engines.base.engine import AbstractSecPipeSandboxEngine
class PodmanConfiguration(AbstractSecPipeEngineConfiguration):
"""TODO."""
#: TODO.
kind: Literal[SecPipeSandboxEngines.PODMAN] = SecPipeSandboxEngines.PODMAN
#: TODO.
socket: str
def into_engine(self) -> AbstractSecPipeSandboxEngine:
"""TODO."""
return Podman(socket=self.socket)

16
fuzzforge-common/src/fuzzforge_common/sandboxes/engines/podman/engine.py → secpipe-common/src/secpipe_common/sandboxes/engines/podman/engine.py
View File

@@ -8,8 +8,8 @@ from typing import TYPE_CHECKING, cast
from podman.errors import ImageNotFound
from fuzzforge_common.exceptions import FuzzForgeError
from fuzzforge_common.sandboxes.engines.base.engine import AbstractFuzzForgeSandboxEngine, ImageInfo
from secpipe_common.exceptions import SecPipeError
from secpipe_common.sandboxes.engines.base.engine import AbstractSecPipeSandboxEngine, ImageInfo
if TYPE_CHECKING:
from podman import PodmanClient
@@ -24,7 +24,7 @@ def get_logger() -> BoundLogger:
return cast("BoundLogger", get_logger())
class Podman(AbstractFuzzForgeSandboxEngine):
class Podman(AbstractSecPipeSandboxEngine):
"""TODO."""
#: TODO.
@@ -36,7 +36,7 @@ class Podman(AbstractFuzzForgeSandboxEngine):
:param socket: TODO.
"""
AbstractFuzzForgeSandboxEngine.__init__(self)
AbstractSecPipeSandboxEngine.__init__(self)
self.__socket = socket
def get_client(self) -> PodmanClient:
@@ -99,7 +99,7 @@ class Podman(AbstractFuzzForgeSandboxEngine):
images = list(client.images.load(file_path=archive))
if len(images) != 1:
message: str = "expected only one image"
raise FuzzForgeError(message)
raise SecPipeError(message)
image = images[0]
image.tag(repository=repository, tag="latest")
@@ -254,7 +254,7 @@ class Podman(AbstractFuzzForgeSandboxEngine):
:param image: Full image reference to pull.
:param timeout: Timeout in seconds for the pull operation.
:raises FuzzForgeError: If pull fails.
:raises SecPipeError: If pull fails.
"""
client: PodmanClient = self.get_client()
@@ -265,7 +265,7 @@ class Podman(AbstractFuzzForgeSandboxEngine):
get_logger().info("image pulled successfully", image=image)
except Exception as exc:
message = f"Failed to pull image '{image}': {exc}"
raise FuzzForgeError(message) from exc
raise SecPipeError(message) from exc
def tag_image(self, source: str, target: str) -> None:
"""Tag an image with a new name.
@@ -524,7 +524,7 @@ class Podman(AbstractFuzzForgeSandboxEngine):
Creates a temporary container, reads the file, and removes the container.
:param image: Image reference (e.g., "fuzzforge-rust-analyzer:latest").
:param image: Image reference (e.g., "secpipe-rust-analyzer:latest").
:param path: Path to file inside image.
:returns: File contents as string.

0
fuzzforge-common/tests/.gitkeep → secpipe-common/tests/.gitkeep
View File

0
fuzzforge-common/tests/__init__.py → secpipe-common/tests/__init__.py
View File

1
secpipe-common/tests/conftest.py Normal file
View File

@@ -0,0 +1 @@
pytest_plugins = ["secpipe_tests.fixtures"]

0
fuzzforge-common/tests/unit/__init__.py → secpipe-common/tests/unit/__init__.py
View File

0
fuzzforge-common/tests/unit/engines/__init__.py → secpipe-common/tests/unit/engines/__init__.py
View File

0
fuzzforge-common/tests/unit/engines/conftest.py → secpipe-common/tests/unit/engines/conftest.py
View File

2
fuzzforge-common/tests/unit/engines/test_docker.py → secpipe-common/tests/unit/engines/test_docker.py
View File

@@ -4,7 +4,7 @@ from unittest import mock
import pytest
from fuzzforge_common.sandboxes.engines.docker.cli import DockerCLI
from secpipe_common.sandboxes.engines.docker.cli import DockerCLI
def test_docker_cli_base_cmd() -> None:

6
fuzzforge-common/tests/unit/engines/test_podman.py → secpipe-common/tests/unit/engines/test_podman.py
View File

@@ -9,8 +9,8 @@ from unittest import mock
import pytest
from fuzzforge_common.exceptions import FuzzForgeError
from fuzzforge_common.sandboxes.engines.podman.cli import PodmanCLI, _is_running_under_snap
from secpipe_common.exceptions import SecPipeError
from secpipe_common.sandboxes.engines.podman.cli import PodmanCLI, _is_running_under_snap
# Helper to mock Linux platform for testing (since Podman is Linux-only)
@@ -60,7 +60,7 @@ def test_snap_detection_when_snap_not_set() -> None:
def test_podman_cli_blocks_macos() -> None:
"""Test that PodmanCLI raises error on macOS."""
with mock.patch.object(sys, "platform", "darwin"):
with pytest.raises(FuzzForgeError) as exc_info:
with pytest.raises(SecPipeError) as exc_info:
PodmanCLI()
assert "Podman is not supported on macOS" in str(exc_info.value)
assert "Docker" in str(exc_info.value)

2
fuzzforge-mcp/Dockerfile → secpipe-mcp/Dockerfile
View File

@@ -8,4 +8,4 @@ WORKDIR /app
RUN /bin/uv venv && /bin/uv pip install --find-links /wheels $PACKAGE
CMD [ "/bin/uv", "run", "uvicorn", "fuzzforge_mcp.application:app"]
CMD [ "/bin/uv", "run", "uvicorn", "secpipe_mcp.application:app"]

0
fuzzforge-mcp/Makefile → secpipe-mcp/Makefile
View File

76
fuzzforge-mcp/README.md → secpipe-mcp/README.md
View File

@@ -1,10 +1,10 @@
# FuzzForge MCP
# SecPipe MCP
Model Context Protocol (MCP) server that enables AI agents to orchestrate FuzzForge security research modules.
Model Context Protocol (MCP) server that enables AI agents to orchestrate SecPipe security research modules.
## Overview
FuzzForge MCP provides a standardized interface for AI agents (Claude Code, GitHub Copilot, Claude Desktop) to:
SecPipe MCP provides a standardized interface for AI agents (Claude Code, GitHub Copilot, Claude Desktop) to:
- List and discover available security modules
- Execute modules in isolated containers
@@ -17,20 +17,20 @@ The server communicates with AI agents using the [Model Context Protocol](https:
### Automatic Installation (Recommended)
Use the FuzzForge CLI to automatically configure MCP for your AI agent:
Use the SecPipe CLI to automatically configure MCP for your AI agent:
```bash
# For GitHub Copilot
uv run fuzzforge mcp install copilot
uv run secpipe mcp install copilot
# For Claude Code (VS Code extension)
uv run fuzzforge mcp install claude-code
uv run secpipe mcp install claude-code
# For Claude Desktop (standalone app)
uv run fuzzforge mcp install claude-desktop
uv run secpipe mcp install claude-desktop
# Verify installation
uv run fuzzforge mcp status
uv run secpipe mcp status
```
After installation, restart your AI agent to activate the connection.
@@ -44,13 +44,13 @@ For custom setups, you can manually configure the MCP server.
```json
{
"mcpServers": {
"fuzzforge": {
"command": "/path/to/fuzzforge_ai/.venv/bin/python",
"args": ["-m", "fuzzforge_mcp"],
"cwd": "/path/to/fuzzforge_ai",
"secpipe": {
"command": "/path/to/secpipe_ai/.venv/bin/python",
"args": ["-m", "secpipe_mcp"],
"cwd": "/path/to/secpipe_ai",
"env": {
"FUZZFORGE_MODULES_PATH": "/path/to/fuzzforge_ai/fuzzforge-modules",
"FUZZFORGE_ENGINE__TYPE": "docker"
"SECPIPE_MODULES_PATH": "/path/to/secpipe_ai/secpipe-modules",
"SECPIPE_ENGINE__TYPE": "docker"
}
}
}
@@ -62,14 +62,14 @@ For custom setups, you can manually configure the MCP server.
```json
{
"servers": {
"fuzzforge": {
"secpipe": {
"type": "stdio",
"command": "/path/to/fuzzforge_ai/.venv/bin/python",
"args": ["-m", "fuzzforge_mcp"],
"cwd": "/path/to/fuzzforge_ai",
"command": "/path/to/secpipe_ai/.venv/bin/python",
"args": ["-m", "secpipe_mcp"],
"cwd": "/path/to/secpipe_ai",
"env": {
"FUZZFORGE_MODULES_PATH": "/path/to/fuzzforge_ai/fuzzforge-modules",
"FUZZFORGE_ENGINE__TYPE": "docker"
"SECPIPE_MODULES_PATH": "/path/to/secpipe_ai/secpipe-modules",
"SECPIPE_ENGINE__TYPE": "docker"
}
}
}
@@ -81,14 +81,14 @@ For custom setups, you can manually configure the MCP server.
```json
{
"mcpServers": {
"fuzzforge": {
"secpipe": {
"type": "stdio",
"command": "/path/to/fuzzforge_ai/.venv/bin/python",
"args": ["-m", "fuzzforge_mcp"],
"cwd": "/path/to/fuzzforge_ai",
"command": "/path/to/secpipe_ai/.venv/bin/python",
"args": ["-m", "secpipe_mcp"],
"cwd": "/path/to/secpipe_ai",
"env": {
"FUZZFORGE_MODULES_PATH": "/path/to/fuzzforge_ai/fuzzforge-modules",
"FUZZFORGE_ENGINE__TYPE": "docker"
"SECPIPE_MODULES_PATH": "/path/to/secpipe_ai/secpipe-modules",
"SECPIPE_ENGINE__TYPE": "docker"
}
}
}
@@ -99,10 +99,10 @@ For custom setups, you can manually configure the MCP server.
| Variable | Required | Default | Description |
| -------- | -------- | ------- | ----------- |
| `FUZZFORGE_MODULES_PATH` | Yes | - | Path to the modules directory |
| `FUZZFORGE_ENGINE__TYPE` | No | `docker` | Container engine (`docker` or `podman`) |
| `FUZZFORGE_ENGINE__GRAPHROOT` | No | - | Container storage path (Podman under Snap only) |
| `FUZZFORGE_ENGINE__RUNROOT` | No | - | Container runtime state path (Podman under Snap only) |
| `SECPIPE_MODULES_PATH` | Yes | - | Path to the modules directory |
| `SECPIPE_ENGINE__TYPE` | No | `docker` | Container engine (`docker` or `podman`) |
| `SECPIPE_ENGINE__GRAPHROOT` | No | - | Container storage path (Podman under Snap only) |
| `SECPIPE_ENGINE__RUNROOT` | No | - | Container runtime state path (Podman under Snap only) |
## Available Tools
@@ -110,7 +110,7 @@ The MCP server exposes the following tools to AI agents:
### Project Management
- **`init_project`** - Initialize a new FuzzForge project
- **`init_project`** - Initialize a new SecPipe project
- **`set_project_assets`** - Set initial assets (source code, contracts, etc.) for the project
### Module Management
@@ -135,7 +135,7 @@ The server also provides resources for accessing:
### From AI Agent (e.g., Claude Code)
Once configured, AI agents can interact with FuzzForge naturally:
Once configured, AI agents can interact with SecPipe naturally:
```text
User: List the available security modules
@@ -161,10 +161,10 @@ For testing during development, you can run the MCP server directly:
```bash
# Run MCP server in stdio mode (for AI agents)
uv run python -m fuzzforge_mcp
uv run python -m secpipe_mcp
# Run HTTP server for testing (not for production)
uv run uvicorn fuzzforge_mcp.application:app --reload
uv run uvicorn secpipe_mcp.application:app --reload
```
## Architecture
@@ -178,14 +178,14 @@ uv run uvicorn fuzzforge_mcp.application:app --reload
│ stdio/JSON-RPC
┌─────────────────────────────────────────┐
FuzzForge MCP Server │
SecPipe MCP Server
│ Tools: init_project, list_modules, │
│ execute_module, execute_workflow│
└─────────────────────────────────────────┘
┌─────────────────────────────────────────┐
FuzzForge Runner │
SecPipe Runner
│ Podman/Docker Orchestration │
└─────────────────────────────────────────┘
@@ -212,6 +212,6 @@ uv run pytest
## See Also
- [FuzzForge Main README](../README.md) - Overall project documentation
- [Module SDK](../fuzzforge-modules/fuzzforge-modules-sdk/README.md) - Creating custom modules
- [SecPipe Main README](../README.md) - Overall project documentation
- [Module SDK](../secpipe-modules/secpipe-modules-sdk/README.md) - Creating custom modules
- [Model Context Protocol](https://modelcontextprotocol.io/) - MCP specification

Some files were not shown because too many files have changed in this diff Show More