diego 0.1.2

Pure Rust Active Directory security diagnostic agent. AS-REP Roasting, Kerberoasting, LDAP enumeration, OPSEC-friendly with Claude API analysis and MCP server mode.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

//! MCP server — JSON-RPC 2.0 over stdio.
//!
//! Protocol: https://spec.modelcontextprotocol.io/specification/
//! Transport: newline-delimited JSON on stdin/stdout.
//!
//! Handled methods:
//!   initialize        → return capabilities
//!   tools/list        → return tool schemas
//!   tools/call        → execute a tool and return result
//!   ping              → return empty response
//! All others → method-not-found error

use std::io::{self, BufRead, Write};

use serde::{Deserialize, Serialize};
use serde_json::Value;

use super::tools;

// ─── JSON-RPC types ───────────────────────────────────────────────────────────

#[derive(Deserialize)]
struct RpcRequest {
    jsonrpc: String,
    id: Option<Value>,
    method: String,
    params: Option<Value>,
}

#[derive(Serialize)]
struct RpcSuccess {
    jsonrpc: &'static str,
    id: Value,
    result: Value,
}

#[derive(Serialize)]
struct RpcError {
    jsonrpc: &'static str,
    id: Value,
    error: RpcErrorBody,
}

#[derive(Serialize)]
struct RpcErrorBody {
    code: i32,
    message: String,
}

fn success(id: Value, result: Value) -> String {
    serde_json::to_string(&RpcSuccess { jsonrpc: "2.0", id, result }).unwrap()
}

fn error(id: Value, code: i32, message: impl Into<String>) -> String {
    serde_json::to_string(&RpcError {
        jsonrpc: "2.0",
        id,
        error: RpcErrorBody { code, message: message.into() },
    })
    .unwrap()
}

// ─── Server main loop ─────────────────────────────────────────────────────────

/// Run the MCP server. Reads JSON-RPC requests from stdin and writes responses to stdout.
/// Blocking — run inside `#[tokio::main]`.
pub async fn run() {
    eprintln!("[mcp] diego MCP server started (stdio transport)");

    let stdin = io::stdin();
    let stdout = io::stdout();

    for line in stdin.lock().lines() {
        let line = match line {
            Ok(l) if l.trim().is_empty() => continue,
            Ok(l) => l,
            Err(_) => break,
        };

        let request: RpcRequest = match serde_json::from_str(&line) {
            Ok(r) => r,
            Err(e) => {
                let msg = error(Value::Null, -32700, format!("Parse error: {}", e));
                writeln!(stdout.lock(), "{}", msg).ok();
                continue;
            }
        };

        let id = request.id.clone().unwrap_or(Value::Null);
        let response = handle(request).await;

        let out = match response {
            Ok(result) => success(id, result),
            Err(e) => error(id, -32603, format!("{}", e)),
        };

        writeln!(stdout.lock(), "{}", out).ok();
        stdout.lock().flush().ok();
    }

    eprintln!("[mcp] diego MCP server stopped");
}

// ─── Request handler ──────────────────────────────────────────────────────────

async fn handle(req: RpcRequest) -> anyhow::Result<Value> {
    match req.method.as_str() {
        "initialize" => Ok(serde_json::json!({
            "protocolVersion": "2024-11-05",
            "capabilities": {
                "tools": {}
            },
            "serverInfo": {
                "name": "diego",
                "version": env!("CARGO_PKG_VERSION"),
                "description": "Non-privileged Active Directory security diagnostic agent"
            }
        })),

        "initialized" => Ok(Value::Object(Default::default())),

        "ping" => Ok(Value::Object(Default::default())),

        "tools/list" => Ok(serde_json::json!({
            "tools": tools::tool_list()
        })),

        "tools/call" => {
            let params = req.params.unwrap_or(Value::Object(Default::default()));
            let tool_name = params.get("name")
                .and_then(Value::as_str)
                .ok_or_else(|| anyhow::anyhow!("Missing 'name' in tools/call params"))?;
            let args = params.get("arguments").cloned().unwrap_or(Value::Object(Default::default()));

            let result = tools::dispatch(tool_name, &args).await
                .map_err(|e| anyhow::anyhow!("Tool '{}' failed: {}", tool_name, e))?;

            // MCP tool result format: content array
            Ok(serde_json::json!({
                "content": [{
                    "type": "text",
                    "text": serde_json::to_string_pretty(&result)?
                }],
                "isError": false
            }))
        }

        _ => anyhow::bail!("Method not found: {}", req.method),
    }
}