mirror of https://github.com/gbrigandi/mcp-server-wazuh.git synced 2025-12-23 21:37:43 -06:00

Files

Gianluca Brigandi 4db8ebe635 Upgrade to rmcp 0.10 with Streamable HTTP transport support

- Upgrade rmcp from 0.1.5 to 0.10.0
  - Add Streamable HTTP transport with SSE for remote server deployment
  - Update to MCP protocol version 2025-06-18
  - Add CLI arguments: --transport, --host, --port
  - Fix server identity to show actual package name/version
  - Add comprehensive HTTP transport tests
  - Update documentation with transport modes and usage
  - Bump version to 0.3.0

2025-12-05 21:03:03 -08:00

mcp_http_test.rs

Upgrade to rmcp 0.10 with Streamable HTTP transport support

2025-12-05 21:03:03 -08:00

mcp_stdio_test.rs

Upgrade to rmcp 0.10 with Streamable HTTP transport support

2025-12-05 21:03:03 -08:00

mock_wazuh_server.rs

* Using latest 0.1.8 wazuh-client-rs craate which fixes issue with

2025-12-05 15:52:19 -08:00

README.md

* Ported code to RMCP

2025-05-22 20:02:41 -07:00

rmcp_integration_test.rs

* Using latest 0.1.8 wazuh-client-rs craate which fixes issue with

2025-12-05 15:52:19 -08:00

run_tests.sh

feat: Refactor tools and upgrade wazuh-client

2025-07-10 14:56:37 -07:00

README.md

Wazuh MCP Server Tests

This directory contains tests for the Wazuh MCP Server using the rmcp framework, including unit tests, integration tests with mock Wazuh API, and end-to-end MCP protocol tests.

Test Files

rmcp_integration_test.rs: Integration tests for the rmcp-based MCP server using a mock Wazuh API.
mock_wazuh_server.rs: Mock Wazuh API server implementation, used by the integration tests.
mcp_stdio_test.rs: Tests for MCP protocol communication via stdio, focusing on initialization, compliance, concurrent requests, and error handling for invalid/unsupported messages.
run_tests.sh: A shell script that automates running the various test suites.

Testing Strategy

1. Mock Wazuh Server Tests

Tests the MCP server with a mock Wazuh API to verify:

Tool registration and schema generation
Alert retrieval and formatting
Error handling for API failures
Parameter validation

2. MCP Protocol Tests

Tests the MCP protocol implementation (primarily in mcp_stdio_test.rs):

Initialize handshake.
Tools listing (basic, without requiring a live Wazuh connection).
Handling of invalid JSON-RPC requests and unsupported methods.
Behavior with concurrent requests.
JSON-RPC 2.0 compliance. (Note: Full tool execution, like tools/call, is primarily tested in rmcp_integration_test.rs using the mock Wazuh server.)

3. Unit Tests

Tests individual components and modules, typically run via cargo test --lib. These may include:

Wazuh client logic (e.g., authentication, request formation, response parsing).
Alert data transformation and formatting.
Internal error handling mechanisms and utility functions.

Running the Tests

Run All Tests

cargo test

Run Specific Test Categories

# Integration tests with mock Wazuh
cargo test --test rmcp_integration_test

# MCP protocol tests
cargo test --test mcp_stdio_test

# Unit tests
cargo test --lib

Run Tests with Logging

RUST_LOG=debug cargo test -- --nocapture

Test Environment Variables

The tests support the following environment variables:

RUST_LOG: Log level for tests (default: info)
TEST_WAZUH_HOST: Real Wazuh host for integration tests (optional)
TEST_WAZUH_PORT: Real Wazuh port for integration tests (optional)
TEST_WAZUH_USER: Real Wazuh username for integration tests (optional)
TEST_WAZUH_PASS: Real Wazuh password for integration tests (optional)

Mock Wazuh API Server

The mock server simulates a real Wazuh Indexer API with:

Authentication Endpoint

POST /security/user/authenticate
Returns mock JWT token

Alerts Endpoint

POST /wazuh-alerts-*/_search (Note: The Wazuh API typically uses POST for search queries with a body)
Returns configurable mock alert data
Supports different scenarios (success, empty, error)

Configurable Responses

The mock server can be configured to return:

Successful responses with sample alerts
Empty responses (no alerts)
Error responses (500, 401, etc.)
Malformed responses for error testing

Testing Without Real Wazuh

All tests can run without a real Wazuh instance by using the mock server. This allows for:

CI/CD Integration: Tests run in any environment
Deterministic Results: Predictable test data
Error Scenario Testing: Simulate various failure modes
Fast Execution: No network dependencies

Testing With a Real Wazuh Instance (Manual End-to-End)

The automated test suites (cargo test) use mock servers or no Wazuh connection. To perform end-to-end testing with a real Wazuh instance, you need to run the server application itself and interact with it manually or via a separate client.

Set up your Wazuh environment: Ensure you have a running Wazuh instance (Indexer/API).

Configure Environment Variables: Set the standard runtime environment variables for the server to connect to your Wazuh instance:

export WAZUH_HOST="your-wazuh-indexer-host"  # e.g., localhost or an IP address
export WAZUH_PORT="9200"                     # Or your Wazuh Indexer port
export WAZUH_USER="your-wazuh-api-user"
export WAZUH_PASS="your-wazuh-api-password"
export VERIFY_SSL="false"                    # Set to "true" if your Wazuh API uses a valid CA-signed SSL certificate
# export RUST_LOG="debug"                    # For more detailed server logs

Manual Testing

Using stdio directly

The server communicates over stdin/stdout. You can send commands by piping them to the process:

# Example: Send an initialize request
echo '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"test","version":"1.0"}}}' | cargo run --bin mcp-server-wazuh

Using the test script

# Run the provided test script
./tests/run_tests.sh

This script will:

Start the MCP server with mock Wazuh configuration
Send a series of MCP commands
Verify responses
Clean up processes