- Upgrade rmcp from 0.1.5 to 0.10.0
- Add Streamable HTTP transport with SSE for remote server deployment
- Update to MCP protocol version 2025-06-18
- Add CLI arguments: --transport, --host, --port
- Fix server identity to show actual package name/version
- Add comprehensive HTTP transport tests
- Update documentation with transport modes and usage
- Bump version to 0.3.0
Rollback conditional signing and add debugging to identify why
"0 valid identities found" error occurs. This will help diagnose:
- Whether APPLE_CERTIFICATE_BASE64 is properly set
- Whether the .p12 file is valid
- What certificates/identities are imported
GitHub Actions doesn't allow accessing secrets context directly in
step-level 'if' conditions. This fix uses job-level environment
variables to expose boolean flags from secrets, which can then be
checked in step conditions.
This commit introduces a major refactoring of the tool implementation by splitting the tools into separate modules based on their domain (agents, alerts, rules, stats, vulnerabilities). This improves modularity and
maintainability.
Key changes:
- Upgraded wazuh-client to version 0.1.7 to leverage the new builder pattern for client instantiation.
- Refactored the main WazuhToolsServer to delegate tool calls to the new domain-specific tool modules.
- Created a tools module with submodules for each domain, each containing the relevant tool implementations and parameter structs.
- Updated the default limit for most tools from 100 to 300, while the vulnerability summary limit is set to 10,000 to ensure comprehensive scans.
- Removed a problematic manual test from the test script that was causing it to hang.
Major enhancements:
- Added Docker image building and publishing to GitHub Container Registry with multi-platform support (linux/amd64, linux/arm64)
- Expanded from basic alert retrieval to comprehensive security operations with 14 MCP tools covering:
* Vulnerability management (agent vulnerability summaries, critical vulnerabilities)
* Agent monitoring (running agents, processes, network ports)
* System statistics (weekly stats, remoted stats, log collector stats)
* Log analysis (manager logs, error logs with search capabilities)
* Cluster management (health checks, node listing)
- Updated environment configuration to support both Wazuh Manager API and Wazuh Indexer with proper SSL handling
- Enhanced documentation with detailed use cases, Docker deployment options, and comprehensive tool descriptions
- Upgraded wazuh-client dependency to v0.1.1 for expanded API capabilities
- Added agent ID formatting and validation for consistent three-digit zero-padded identifiers
This transforms the server from a simple alert fetcher into a full-featured security operations platform for AI-assisted Wazuh management.
- Aligned initialize response with actual rmcp server output
- Updated tools/list response to match real JSON schema format
- Corrected tool name from 'wazuhAlerts' to 'get_wazuh_alert_summary'
- Added proper MCP content format with text type responses
- Included error response examples for connection failures
- Updated tool call examples with correct parameter structure
- Removed outdated outputSchema references (not used in rmcp)
- Added proper JSON schema format with draft-07 specification
- Replaced custom MCP implementation with rmcp framework
- Simplified architecture to use stdio transport only
- Implemented WazuhToolsServer with #[tool(tool_box)] attribute
- Added get_wazuh_alert_summary tool with proper parameter schema
- Removed HTTP transport and axum dependencies
- Updated README with new installation and usage instructions
- Maintained compatibility with existing Wazuh Indexer client
- Simplified error handling by removing axum-specific code
