Metadata-Version: 2.4
Name: mcp-suse-enterprise
Version: 0.2.2
Summary: Enterprise MCP for SUSE Linux administration with OBS, openQA, multi-SP support, and contribution pipeline
License-Expression: MIT
Requires-Python: >=3.11
Requires-Dist: asyncssh>=2.14.0
Requires-Dist: fastmcp==2.8.0
Requires-Dist: httpx>=0.27.0
Requires-Dist: mcp==1.9.3
Requires-Dist: pydantic==2.11.4
Requires-Dist: pyyaml>=6.0
Provides-Extra: dev
Requires-Dist: hypothesis>=6.100.0; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.25.0; extra == 'dev'
Requires-Dist: pytest>=8.0.0; extra == 'dev'
Description-Content-Type: text/markdown

# MCP SUSE Enterprise

Enterprise MCP server for SUSE Linux administration with OBS, openQA, multi-SP support, and contribution pipeline.

## Installation

```bash
# Install from PyPI
pip install mcp-suse-enterprise

# Or run directly with uvx
uvx mcp-suse-enterprise
```

## Configuration

### Environment Variables

```bash
# SSH Connection
export MCP_SUSE_HOST=sles-server.example.com
export MCP_SUSE_USER=admin
export MCP_SUSE_PORT=22
export MCP_SUSE_KEY_PATH=~/.ssh/id_ed25519

# OBS (Open Build Service)
export OBS_API_URL=https://api.opensuse.org
export OBS_USERNAME=myuser
export OBS_API_KEY=your-api-key

# openQA
export OPENQA_URL=https://openqa.opensuse.org
export OPENQA_API_KEY=your-key
export OPENQA_API_SECRET=your-secret

# Logging
export MCP_SUSE_LOG_LEVEL=INFO  # DEBUG, INFO, WARNING, ERROR
```

### YAML Configuration

Create `~/.config/mcp-suse-enterprise/config.yaml`:

```yaml
profiles:
  - name: production
    hostname: sles-prod.example.com
    port: 22
    user: admin
    auth_method: key
    key_path: ~/.ssh/id_ed25519
    security_mode: read-only
    is_default: true

  - name: staging
    hostname: sles-staging.example.com
    user: tester
    auth_method: password
    security_mode: execute

obs:
  api_url: https://api.opensuse.org
  username: myuser
  api_key: secret-key

openqa:
  url: https://openqa.opensuse.org
  api_key: qa-key
  api_secret: qa-secret

log_level: INFO
ssh_pool_size: 5
```

Environment variables take priority over YAML values.

## Tools by Namespace

### suse.util.* (Always available)
- `suse.util.sanitize-text` - Sanitize text for shell execution
- `suse.util.metrics` - Server metrics and invocation stats
- `suse.util.list-profiles` - List connection profiles
- `suse.util.detect-version` - Detect SUSE distribution
- `suse.util.test-connection` - Test SSH connectivity
- `suse.util.security-check` - Check tool risk level

### suse.admin.* (Requires SSH)
- `suse.admin.service-status` - Get systemd service status
- `suse.admin.service-restart` - Restart a service (sudo)
- `suse.admin.logs` - Get system logs (journalctl)
- `suse.admin.firewall-status` - Firewall status

### suse.zypper.* (Requires SSH)
- `suse.zypper.search` - Search packages
- `suse.zypper.info` - Package information
- `suse.zypper.list-repos` - List repositories
- `suse.zypper.list-patches` - List available patches
- `suse.zypper.list-patterns` - List patterns
- `suse.zypper.deps` - Query dependencies
- `suse.zypper.dup-dry-run` - Distribution upgrade dry-run

### suse.obs.* (Requires OBS credentials)
- `suse.obs.list-projects` - List OBS projects
- `suse.obs.list-packages` - List packages in project
- `suse.obs.build-status` - Get build status
- `suse.obs.build-log` - Get build log
- `suse.obs.branch` - Branch a package
- `suse.obs.submit-request` - Create submit request

### suse.openqa.* (Requires openQA credentials)
- `suse.openqa.list-jobs` - List test jobs
- `suse.openqa.get-job` - Get job details
- `suse.openqa.trigger-job` - Trigger test job
- `suse.openqa.job-modules` - Get test modules
- `suse.openqa.list-suites` - List test suites

### suse.sle.* (Requires OBS credentials)
- `suse.sle.list-branches` - List branch projects
- `suse.sle.release-status` - Consolidated release status

## Supported Distributions

- SLES 15 SP5, SP6
- openSUSE Leap 15.5, 15.6, 16.0
- openSUSE Tumbleweed

## Security

- Default mode: `read-only` (write operations require confirmation)
- Shell injection detection on all inputs
- API keys never exposed in error messages
- Structured JSON audit logging to stderr

## MCP Client Configuration

Add to your MCP client config (e.g., Claude Desktop):

```json
{
  "mcpServers": {
    "suse": {
      "command": "uvx",
      "args": ["mcp-suse-enterprise"],
      "env": {
        "MCP_SUSE_HOST": "your-suse-host.com",
        "MCP_SUSE_USER": "admin",
        "MCP_SUSE_KEY_PATH": "~/.ssh/id_ed25519"
      }
    }
  }
}
```

## Important Notes

- Do NOT run simultaneously with `mcp-suse` MVP against the same host
- Logs are emitted as JSON to stderr (stdout is reserved for MCP protocol)
- Connection pool reuses SSH connections for performance
