mirror of
https://github.com/gbrigandi/mcp-server-wazuh.git
synced 2025-07-13 07:04:49 -06:00
5f452bac9d
This commit introduces a major refactoring of the tool implementation by splitting the tools into separate modules based on their domain (agents, alerts, rules, stats, vulnerabilities). This improves modularity and maintainability. Key changes: - Upgraded wazuh-client to version 0.1.7 to leverage the new builder pattern for client instantiation. - Refactored the main WazuhToolsServer to delegate tool calls to the new domain-specific tool modules. - Created a tools module with submodules for each domain, each containing the relevant tool implementations and parameter structs. - Updated the default limit for most tools from 100 to 300, while the vulnerability summary limit is set to 10,000 to ensure comprehensive scans. - Removed a problematic manual test from the test script that was causing it to hang. |
||
|---|---|---|
| .. | ||
| mcp_stdio_test.rs | ||
| mock_wazuh_server.rs | ||
| README.md | ||
| rmcp_integration_test.rs | ||
| run_tests.sh | ||
Wazuh MCP Server Tests
This directory contains tests for the Wazuh MCP Server using the rmcp framework, including unit tests, integration tests with mock Wazuh API, and end-to-end MCP protocol tests.
Test Files
rmcp_integration_test.rs: Integration tests for the rmcp-based MCP server using a mock Wazuh API.mock_wazuh_server.rs: Mock Wazuh API server implementation, used by the integration tests.mcp_stdio_test.rs: Tests for MCP protocol communication via stdio, focusing on initialization, compliance, concurrent requests, and error handling for invalid/unsupported messages.run_tests.sh: A shell script that automates running the various test suites.
Testing Strategy
1. Mock Wazuh Server Tests
Tests the MCP server with a mock Wazuh API to verify:
- Tool registration and schema generation
- Alert retrieval and formatting
- Error handling for API failures
- Parameter validation
2. MCP Protocol Tests
Tests the MCP protocol implementation (primarily in mcp_stdio_test.rs):
- Initialize handshake.
- Tools listing (basic, without requiring a live Wazuh connection).
- Handling of invalid JSON-RPC requests and unsupported methods.
- Behavior with concurrent requests.
- JSON-RPC 2.0 compliance.
(Note: Full tool execution, like
tools/call, is primarily tested inrmcp_integration_test.rsusing the mock Wazuh server.)
3. Unit Tests
Tests individual components and modules, typically run via cargo test --lib. These may include:
- Wazuh client logic (e.g., authentication, request formation, response parsing).
- Alert data transformation and formatting.
- Internal error handling mechanisms and utility functions.
Running the Tests
Run All Tests
cargo test
Run Specific Test Categories
# Integration tests with mock Wazuh
cargo test --test rmcp_integration_test
# MCP protocol tests
cargo test --test mcp_stdio_test
# Unit tests
cargo test --lib
Run Tests with Logging
RUST_LOG=debug cargo test -- --nocapture
Test Environment Variables
The tests support the following environment variables:
RUST_LOG: Log level for tests (default: info)TEST_WAZUH_HOST: Real Wazuh host for integration tests (optional)TEST_WAZUH_PORT: Real Wazuh port for integration tests (optional)TEST_WAZUH_USER: Real Wazuh username for integration tests (optional)TEST_WAZUH_PASS: Real Wazuh password for integration tests (optional)
Mock Wazuh API Server
The mock server simulates a real Wazuh Indexer API with:
Authentication Endpoint
POST /security/user/authenticate- Returns mock JWT token
Alerts Endpoint
POST /wazuh-alerts-*/_search(Note: The Wazuh API typically uses POST for search queries with a body)- Returns configurable mock alert data
- Supports different scenarios (success, empty, error)
Configurable Responses
The mock server can be configured to return:
- Successful responses with sample alerts
- Empty responses (no alerts)
- Error responses (500, 401, etc.)
- Malformed responses for error testing
Testing Without Real Wazuh
All tests can run without a real Wazuh instance by using the mock server. This allows for:
- CI/CD Integration: Tests run in any environment
- Deterministic Results: Predictable test data
- Error Scenario Testing: Simulate various failure modes
- Fast Execution: No network dependencies
Testing With a Real Wazuh Instance (Manual End-to-End)
The automated test suites (cargo test) use mock servers or no Wazuh connection. To perform end-to-end testing with a real Wazuh instance, you need to run the server application itself and interact with it manually or via a separate client.
- Set up your Wazuh environment: Ensure you have a running Wazuh instance (Indexer/API).
- Configure Environment Variables: Set the standard runtime environment variables for the server to connect to your Wazuh instance:
export WAZUH_HOST="your-wazuh-indexer-host" # e.g., localhost or an IP address export WAZUH_PORT="9200" # Or your Wazuh Indexer port export WAZUH_USER="your-wazuh-api-user" export WAZUH_PASS="your-wazuh-api-password" export VERIFY_SSL="false" # Set to "true" if your Wazuh API uses a valid CA-signed SSL certificate # export RUST_LOG="debug" # For more detailed server logs
Manual Testing
Using stdio directly
The server communicates over stdin/stdout. You can send commands by piping them to the process:
# Example: Send an initialize request
echo '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"test","version":"1.0"}}}' | cargo run --bin mcp-server-wazuh
Using the test script
# Run the provided test script
./tests/run_tests.sh
This script will:
- Start the MCP server with mock Wazuh configuration
- Send a series of MCP commands
- Verify responses
- Clean up processes