[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"similar-alex-ilgayev--MCPSpy":3,"tool-alex-ilgayev--MCPSpy":61},[4,18,26,36,44,53],{"id":5,"name":6,"github_repo":7,"description_zh":8,"stars":9,"difficulty_score":10,"last_commit_at":11,"category_tags":12,"status":17},4358,"openclaw","openclaw\u002Fopenclaw","OpenClaw 是一款专为个人打造的本地化 AI 助手,旨在让你在自己的设备上拥有完全可控的智能伙伴。它打破了传统 AI 助手局限于特定网页或应用的束缚,能够直接接入你日常使用的各类通讯渠道,包括微信、WhatsApp、Telegram、Discord、iMessage 等数十种平台。无论你在哪个聊天软件中发送消息,OpenClaw 都能即时响应,甚至支持在 macOS、iOS 和 Android 设备上进行语音交互,并提供实时的画布渲染功能供你操控。\n\n这款工具主要解决了用户对数据隐私、响应速度以及“始终在线”体验的需求。通过将 AI 部署在本地,用户无需依赖云端服务即可享受快速、私密的智能辅助,真正实现了“你的数据,你做主”。其独特的技术亮点在于强大的网关架构,将控制平面与核心助手分离,确保跨平台通信的流畅性与扩展性。\n\nOpenClaw 非常适合希望构建个性化工作流的技术爱好者、开发者,以及注重隐私保护且不愿被单一生态绑定的普通用户。只要具备基础的终端操作能力(支持 macOS、Linux 及 Windows WSL2),即可通过简单的命令行引导完成部署。如果你渴望拥有一个懂你",349277,3,"2026-04-06T06:32:30",[13,14,15,16],"Agent","开发框架","图像","数据工具","ready",{"id":19,"name":20,"github_repo":21,"description_zh":22,"stars":23,"difficulty_score":10,"last_commit_at":24,"category_tags":25,"status":17},3808,"stable-diffusion-webui","AUTOMATIC1111\u002Fstable-diffusion-webui","stable-diffusion-webui 是一个基于 Gradio 构建的网页版操作界面,旨在让用户能够轻松地在本地运行和使用强大的 Stable Diffusion 图像生成模型。它解决了原始模型依赖命令行、操作门槛高且功能分散的痛点,将复杂的 AI 绘图流程整合进一个直观易用的图形化平台。\n\n无论是希望快速上手的普通创作者、需要精细控制画面细节的设计师,还是想要深入探索模型潜力的开发者与研究人员,都能从中获益。其核心亮点在于极高的功能丰富度:不仅支持文生图、图生图、局部重绘(Inpainting)和外绘(Outpainting)等基础模式,还独创了注意力机制调整、提示词矩阵、负向提示词以及“高清修复”等高级功能。此外,它内置了 GFPGAN 和 CodeFormer 等人脸修复工具,支持多种神经网络放大算法,并允许用户通过插件系统无限扩展能力。即使是显存有限的设备,stable-diffusion-webui 也提供了相应的优化选项,让高质量的 AI 艺术创作变得触手可及。",162132,"2026-04-05T11:01:52",[14,15,13],{"id":27,"name":28,"github_repo":29,"description_zh":30,"stars":31,"difficulty_score":32,"last_commit_at":33,"category_tags":34,"status":17},1381,"everything-claude-code","affaan-m\u002Feverything-claude-code","everything-claude-code 是一套专为 AI 编程助手(如 Claude Code、Codex、Cursor 等)打造的高性能优化系统。它不仅仅是一组配置文件,而是一个经过长期实战打磨的完整框架,旨在解决 AI 代理在实际开发中面临的效率低下、记忆丢失、安全隐患及缺乏持续学习能力等核心痛点。\n\n通过引入技能模块化、直觉增强、记忆持久化机制以及内置的安全扫描功能,everything-claude-code 能显著提升 AI 在复杂任务中的表现,帮助开发者构建更稳定、更智能的生产级 AI 代理。其独特的“研究优先”开发理念和针对 Token 消耗的优化策略,使得模型响应更快、成本更低,同时有效防御潜在的攻击向量。\n\n这套工具特别适合软件开发者、AI 研究人员以及希望深度定制 AI 工作流的技术团队使用。无论您是在构建大型代码库,还是需要 AI 协助进行安全审计与自动化测试,everything-claude-code 都能提供强大的底层支持。作为一个曾荣获 Anthropic 黑客大奖的开源项目,它融合了多语言支持与丰富的实战钩子(hooks),让 AI 真正成长为懂上",140436,2,"2026-04-05T23:32:43",[14,13,35],"语言模型",{"id":37,"name":38,"github_repo":39,"description_zh":40,"stars":41,"difficulty_score":32,"last_commit_at":42,"category_tags":43,"status":17},2271,"ComfyUI","Comfy-Org\u002FComfyUI","ComfyUI 是一款功能强大且高度模块化的视觉 AI 引擎,专为设计和执行复杂的 Stable Diffusion 图像生成流程而打造。它摒弃了传统的代码编写模式,采用直观的节点式流程图界面,让用户通过连接不同的功能模块即可构建个性化的生成管线。\n\n这一设计巧妙解决了高级 AI 绘图工作流配置复杂、灵活性不足的痛点。用户无需具备编程背景,也能自由组合模型、调整参数并实时预览效果,轻松实现从基础文生图到多步骤高清修复等各类复杂任务。ComfyUI 拥有极佳的兼容性,不仅支持 Windows、macOS 和 Linux 全平台,还广泛适配 NVIDIA、AMD、Intel 及苹果 Silicon 等多种硬件架构,并率先支持 SDXL、Flux、SD3 等前沿模型。\n\n无论是希望深入探索算法潜力的研究人员和开发者,还是追求极致创作自由度的设计师与资深 AI 绘画爱好者,ComfyUI 都能提供强大的支持。其独特的模块化架构允许社区不断扩展新功能,使其成为当前最灵活、生态最丰富的开源扩散模型工具之一,帮助用户将创意高效转化为现实。",107662,"2026-04-03T11:11:01",[14,15,13],{"id":45,"name":46,"github_repo":47,"description_zh":48,"stars":49,"difficulty_score":10,"last_commit_at":50,"category_tags":51,"status":17},4292,"Deep-Live-Cam","hacksider\u002FDeep-Live-Cam","Deep-Live-Cam 是一款专注于实时换脸与视频生成的开源工具,用户仅需一张静态照片,即可通过“一键操作”实现摄像头画面的即时变脸或制作深度伪造视频。它有效解决了传统换脸技术流程繁琐、对硬件配置要求极高以及难以实时预览的痛点,让高质量的数字内容创作变得触手可及。\n\n这款工具不仅适合开发者和技术研究人员探索算法边界,更因其极简的操作逻辑(仅需三步:选脸、选摄像头、启动),广泛适用于普通用户、内容创作者、设计师及直播主播。无论是为了动画角色定制、服装展示模特替换,还是制作趣味短视频和直播互动,Deep-Live-Cam 都能提供流畅的支持。\n\n其核心技术亮点在于强大的实时处理能力,支持口型遮罩(Mouth Mask)以保留使用者原始的嘴部动作,确保表情自然精准;同时具备“人脸映射”功能,可同时对画面中的多个主体应用不同面孔。此外,项目内置了严格的内容安全过滤机制,自动拦截涉及裸露、暴力等不当素材,并倡导用户在获得授权及明确标注的前提下合规使用,体现了技术发展与伦理责任的平衡。",88924,"2026-04-06T03:28:53",[14,15,13,52],"视频",{"id":54,"name":55,"github_repo":56,"description_zh":57,"stars":58,"difficulty_score":32,"last_commit_at":59,"category_tags":60,"status":17},3704,"NextChat","ChatGPTNextWeb\u002FNextChat","NextChat 是一款轻量且极速的 AI 助手,旨在为用户提供流畅、跨平台的大模型交互体验。它完美解决了用户在多设备间切换时难以保持对话连续性,以及面对众多 AI 模型不知如何统一管理的痛点。无论是日常办公、学习辅助还是创意激发,NextChat 都能让用户随时随地通过网页、iOS、Android、Windows、MacOS 或 Linux 端无缝接入智能服务。\n\n这款工具非常适合普通用户、学生、职场人士以及需要私有化部署的企业团队使用。对于开发者而言,它也提供了便捷的自托管方案,支持一键部署到 Vercel 或 Zeabur 等平台。\n\nNextChat 的核心亮点在于其广泛的模型兼容性,原生支持 Claude、DeepSeek、GPT-4 及 Gemini Pro 等主流大模型,让用户在一个界面即可自由切换不同 AI 能力。此外,它还率先支持 MCP(Model Context Protocol)协议,增强了上下文处理能力。针对企业用户,NextChat 提供专业版解决方案,具备品牌定制、细粒度权限控制、内部知识库整合及安全审计等功能,满足公司对数据隐私和个性化管理的高标准要求。",87618,"2026-04-05T07:20:52",[14,35],{"id":62,"github_repo":63,"name":64,"description_en":65,"description_zh":66,"ai_summary_zh":67,"readme_en":68,"readme_zh":69,"quickstart_zh":70,"use_case_zh":71,"hero_image_url":72,"owner_login":73,"owner_name":74,"owner_avatar_url":75,"owner_bio":76,"owner_company":77,"owner_location":78,"owner_email":79,"owner_twitter":80,"owner_website":81,"owner_url":82,"languages":83,"stars":108,"forks":109,"last_commit_at":110,"license":111,"difficulty_score":112,"env_os":113,"env_gpu":114,"env_ram":114,"env_deps":115,"category_tags":126,"github_topics":127,"view_count":32,"oss_zip_url":79,"oss_zip_packed_at":79,"status":17,"created_at":134,"updated_at":135,"faqs":136,"releases":137},4363,"alex-ilgayev\u002FMCPSpy","MCPSpy","MCP Monitoring with eBPF","MCPSpy 是一款专为监控模型上下文协议(MCP)通信而设计的开源命令行工具。随着 MCP 逐渐成为 AI 工具集成的标准,开发者往往难以直观洞察其底层交互细节。MCPSpy 通过利用 eBPF(扩展伯克利数据包过滤器)技术深入操作系统内核,能够实时捕获并可视化 MCP 客户端与服务器之间交换的 JSON-RPC 消息,无论是基于标准输入输出(Stdio)还是 HTTP\u002FHTTPS 传输协议,都能提供全面的覆盖。\n\n这款工具主要解决了 AI 集成过程中的“黑盒”难题。它不仅能帮助开发者快速调试集成故障、追踪消息流向和性能瓶颈,还具备强大的安全分析能力,可检测敏感数据泄露、审计工具执行情况,甚至利用机器学习模型实时识别提示词注入等攻击尝试。对于需要确保合规性或深入研究 MCP 工作原理的技术人员而言,MCPSpy 提供了不可或缺的透明度。\n\nMCPSpy 特别适合 AI 应用开发者、安全研究人员以及系统架构师使用。其独特的技术亮点在于无需修改现有代码或配置代理,仅凭内核级的无侵入式钩子即可实现高精度监控。只要您的环境是 Linux 5.15 及以上版本并拥有根权限,即可轻松部署,让复杂","MCPSpy 是一款专为监控模型上下文协议(MCP)通信而设计的开源命令行工具。随着 MCP 逐渐成为 AI 工具集成的标准,开发者往往难以直观洞察其底层交互细节。MCPSpy 通过利用 eBPF(扩展伯克利数据包过滤器)技术深入操作系统内核,能够实时捕获并可视化 MCP 客户端与服务器之间交换的 JSON-RPC 消息,无论是基于标准输入输出(Stdio)还是 HTTP\u002FHTTPS 传输协议,都能提供全面的覆盖。\n\n这款工具主要解决了 AI 集成过程中的“黑盒”难题。它不仅能帮助开发者快速调试集成故障、追踪消息流向和性能瓶颈,还具备强大的安全分析能力,可检测敏感数据泄露、审计工具执行情况,甚至利用机器学习模型实时识别提示词注入等攻击尝试。对于需要确保合规性或深入研究 MCP 工作原理的技术人员而言,MCPSpy 提供了不可或缺的透明度。\n\nMCPSpy 特别适合 AI 应用开发者、安全研究人员以及系统架构师使用。其独特的技术亮点在于无需修改现有代码或配置代理,仅凭内核级的无侵入式钩子即可实现高精度监控。只要您的环境是 Linux 5.15 及以上版本并拥有根权限,即可轻松部署,让复杂的 AI 通信过程变得清晰可见。","# MCPSpy - MCP Monitoring with eBPF 🕵️✨\n\n[![CI](https:\u002F\u002Fgithub.com\u002Falex-ilgayev\u002Fmcpspy\u002Factions\u002Fworkflows\u002Fci.yml\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002Falex-ilgayev\u002Fmcpspy\u002Factions\u002Fworkflows\u002Fci.yml)\n[![Go Version](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fgo-1.24+-blue.svg)](https:\u002F\u002Fgolang.org)\n[![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-Apache%202.0-blue.svg)](LICENSE)\n\n\u003Cdiv align=\"center\">\n\u003Cpre>\n███╗ ███╗ ██████╗██████╗ ███████╗██████╗ ██╗ ██╗\n████╗ ████║██╔════╝██╔══██╗██╔════╝██╔══██╗╚██╗ ██╔╝\n██╔████╔██║██║ ██████╔╝███████╗██████╔╝ ╚████╔╝ \n██║╚██╔╝██║██║ ██╔═══╝ ╚════██║██╔═══╝ ╚██╔╝ \n██║ ╚═╝ ██║╚██████╗██║ ███████║██║ ██║ \n╚═╝ ╚═╝ ╚═════╝╚═╝ ╚══════╝╚═╝ ╚═╝ \n\u003C\u002Fpre>\n\u003Cb>MCPSpy - Real-time monitoring for Model Context Protocol communication using eBPF\u003C\u002Fb>\n\u003C\u002Fdiv>\n\n## Overview\n\nMCPSpy is a powerful command-line tool that leverages [eBPF (Extended Berkeley Packet Filter)](https:\u002F\u002Febpf.io\u002F) technology to monitor [Model Context Protocol (MCP)](https:\u002F\u002Fmodelcontextprotocol.io\u002F) communication at the kernel level. It provides real-time visibility into JSON-RPC 2.0 messages exchanged between MCP clients and servers by hooking into low-level system calls.\n\nThe Model Context Protocol supports three transport protocols for communication:\n\n- **Stdio**: Communication over standard input\u002Foutput streams\n- **Streamable HTTP**: Direct HTTP request\u002Fresponse communication with server-sent events\n- **SSE (Server-Sent Events)**: HTTP-based streaming communication (_Deprecated_)\n\n**MCPSpy supports monitoring of both Stdio and HTTP\u002FHTTPS transports** (including Server-Sent Events), providing comprehensive coverage of MCP communication channels.\n\n![demo](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Falex-ilgayev_MCPSpy_readme_acaa2c29bfbf.gif)\n\n## Why MCPSpy?\n\nThe Model Context Protocol is becoming the standard for AI tool integration, but understanding what's happening under the hood can be challenging. MCPSpy addresses this by providing:\n\n- **🔒 Security Analysis**: Monitor what data is being transmitted, detect PII leakage, and audit tool executions\n- **🛡️ Prompt Injection Detection**: Real-time detection of prompt injection and jailbreak attempts using ML models\n- **🐛 Debugging**: Troubleshoot MCP integrations by seeing the actual message flow\n- **📊 Performance Monitoring**: Track message patterns and identify bottlenecks\n- **🔍 Compliance**: Ensure MCP communications meet regulatory requirements\n- **🎓 Learning**: Understand how MCP works by observing real communications\n\n## Installation\n\n### Prerequisites\n\n- Linux kernel version 5.15 or later\n- Root privileges (required for eBPF)\n\n### Download Pre-built Binary (Auto-detect OS + Arch)\n\nDownload the latest release from the [release page](https:\u002F\u002Fgithub.com\u002Falex-ilgayev\u002Fmcpspy\u002Freleases):\n\n```bash\n# Set platform-aware binary name\nBIN=\"mcpspy-$(uname -s | tr '[:upper:]' '[:lower:]')-$(uname -m | sed -e 's\u002Fx86_64\u002Famd64\u002F' -e 's\u002Faarch64\u002Farm64\u002F')\"\n\n# Download the correct binary\nwget \"https:\u002F\u002Fgithub.com\u002Falex-ilgayev\u002Fmcpspy\u002Freleases\u002Flatest\u002Fdownload\u002F${BIN}\"\n\n# Make it executable and move to a directory in your PATH\nchmod +x \"${BIN}\"\nsudo mv \"${BIN}\" \u002Fusr\u002Flocal\u002Fbin\u002Fmcpspy\n```\n\n> ✅ Note: Currently supported platforms: linux-amd64, linux-arm64\n\n### Build from Source\n\n#### Install Dependencies\n\nFirst, install the required system dependencies:\n\n```bash\nsudo apt-get update\n# Install build essentials, eBPF dependencies\nsudo apt-get install -y clang clang-format llvm make libbpf-dev build-essential\n# Install Python 3 and pip (for e2e tests)\nsudo apt-get install -y python3 python3-pip python3-venv\n# Install docker and buildx (if not already installed)\nsudo apt-get install -y docker.io docker-buildx\n```\n\n#### Install Go\n\nMCPSpy requires Go 1.24 or later. Install Go using one of these methods:\n\nOption 1: Install from the official Go website (Recommended)\n\n```bash\n# Download and install Go 1.24.1 (adjust version as needed)\nwget https:\u002F\u002Fgo.dev\u002Fdl\u002Fgo1.24.1.linux-amd64.tar.gz\nsudo rm -rf \u002Fusr\u002Flocal\u002Fgo\nsudo tar -C \u002Fusr\u002Flocal -xzf go1.24.1.linux-amd64.tar.gz\n\n# Add Go to PATH (add this to your ~\u002F.bashrc or ~\u002F.profile for persistence)\nexport PATH=$PATH:\u002Fusr\u002Flocal\u002Fgo\u002Fbin\n```\n\nOption 2: Install via snap\n\n```bash\nsudo snap install go --classic\n```\n\n#### Build MCPSpy\n\nClone the repository and build MCPSpy:\n\n```bash\n# Clone the repository\ngit clone https:\u002F\u002Fgithub.com\u002Falex-ilgayev\u002Fmcpspy.git\ncd mcpspy\n\n# Build the project\nmake all\n```\n\n### Docker\n\n```bash\n# Build Docker image\nmake image\n# Or pull the latest image\ndocker pull ghcr.io\u002Falex-ilgayev\u002Fmcpspy:latest\n# Or pull a specific image release\ndocker pull ghcr.io\u002Falex-ilgayev\u002Fmcpspy:v0.1.0\n\n# Run the container\ndocker run --rm -it --privileged ghcr.io\u002Falex-ilgayev\u002Fmcpspy:latest\n```\n\n### Kubernetes\n\nMCPSpy can be deployed in Kubernetes clusters to monitor MCP traffic from AI\u002FLLM services like LangFlow, LangGraph, and other applications that use the Model Context Protocol.\n\n```bash\n# Deploy MCPSpy as a DaemonSet\nkubectl apply -f https:\u002F\u002Fraw.githubusercontent.com\u002Falex-ilgayev\u002Fmcpspy\u002Fmain\u002Fdeploy\u002Fkubernetes\u002Fmcpspy.yaml\n```\n\n#### Real-World Use Cases in Kubernetes\n\n1. **Monitoring LangFlow\u002FLangGraph Deployments**\n\n - Observe MCP traffic between LangFlow\u002FLangGraph and AI services\n - Debug integration issues in complex AI workflows\n - Audit AI interactions for security and compliance\n\n2. **AI Service Monitoring**\n\n - Track interactions with both remote and local MCP servers\n - Identify performance bottlenecks in AI service calls\n - Detect potential data leakage in AI communications\n\n3. **Development and Testing**\n - Test MCP implementations in containerized environments\n - Validate AI service integrations before production deployment\n - Ensure consistent behavior across different environments\n\nFor detailed instructions and real-world examples of monitoring AI services in Kubernetes, see the [Kubernetes Usage Guide](docs\u002Fkubernetes-usage.md).\n\n## Usage\n\n### Basic Usage\n\n```bash\n# Start monitoring MCP communication (TUI mode is default)\nsudo mcpspy\n\n# Start monitoring with static console output (disable TUI)\nsudo mcpspy --tui=false\n\n# Start monitoring and save output to JSONL file\nsudo mcpspy -o output.jsonl\n\n# Stop monitoring with Ctrl+C (or 'q' in TUI mode)\n```\n\n### Prompt Injection Detection\n\nMCPSpy includes optional real-time prompt injection detection using HuggingFace's Inference API. When enabled, it analyzes MCP tool calls for potential injection attacks and jailbreak attempts.\n\n**Detection coverage:**\n\n1. **Request-based injection**: Detects malicious prompts in tool call arguments\n2. **Response-based injection**: Detects malicious content in tool responses that could manipulate the agent\n\n```bash\n# Enable security scanning with HuggingFace token\nsudo mcpspy --security --hf-token=hf_xxxxx\n\n# Use a custom detection model\nsudo mcpspy --security --hf-token=hf_xxxxx --security-model=protectai\u002Fdeberta-v3-base-prompt-injection-v2\n\n# Adjust detection threshold (default: 0.5)\nsudo mcpspy --security --hf-token=hf_xxxxx --security-threshold=0.7\n\n# Run analysis synchronously (blocks until analysis completes)\nsudo mcpspy --security --hf-token=hf_xxxxx --security-async=false\n```\n\n**Security CLI Flags:**\n\n| Flag | Description | Default |\n| ---------------------- | --------------------------------------------------------- | ------------------------------------- |\n| `--security` | Enable prompt injection detection | `false` |\n| `--hf-token` | HuggingFace API token (required when security is enabled) | - |\n| `--security-model` | HuggingFace model for detection | `protectai\u002Fdeberta-v3-base-prompt-injection-v2` |\n| `--security-threshold` | Detection threshold (0.0-1.0) | `0.5` |\n| `--security-async` | Run analysis asynchronously | `true` |\n\n**Supported Models:**\n\n- `protectai\u002Fdeberta-v3-base-prompt-injection-v2` (default, publicly accessible)\n- `meta-llama\u002FLlama-Prompt-Guard-2-86M` (deprecated on HF Inference API)\n\nWhen a potential injection is detected, MCPSpy displays a security alert with risk level (low\u002Fmedium\u002Fhigh\u002Fcritical), category, and the analyzed content.\n\n### Output Format\n\n#### TUI Mode (Default)\n\nMCPSpy runs in interactive Terminal UI mode by default. The TUI provides:\n\n- Interactive table view with scrolling\n- Detailed message inspection (press Enter)\n- Filtering by transport, type, and actor\n- Multiple density modes for different screen sizes\n- Real-time statistics\n\n#### Static Console Output\n\nWhen running with `--tui=false`:\n\n```\n\n12:34:56.789 python[12345] → python[12346] REQ tools\u002Fcall (get_weather) Execute a tool\n12:34:56.890 python[12346] → python[12345] RESP OK\n\n```\n\n#### JSONL Output\n\n**Stdio Transport - Request:**\n\n```json\n{\n \"timestamp\": \"2024-01-15T12:34:56.789Z\",\n \"transport_type\": \"stdio\",\n \"stdio_transport\": {\n \"from_pid\": 12345,\n \"from_comm\": \"python\",\n \"to_pid\": 12346,\n \"to_comm\": \"python\"\n },\n \"type\": \"request\",\n \"id\": 7,\n \"method\": \"tools\u002Fcall\",\n \"params\": {\n \"name\": \"get_weather\",\n \"arguments\": { \"city\": \"New York\" }\n },\n \"error\": {},\n \"raw\": \"{...}\"\n}\n```\n\n**Stdio Transport - Response:**\n\n```json\n{\n \"timestamp\": \"2024-01-15T12:34:56.890Z\",\n \"transport_type\": \"stdio\",\n \"stdio_transport\": {\n \"from_pid\": 12346,\n \"from_comm\": \"python\",\n \"to_pid\": 12345,\n \"to_comm\": \"python\"\n },\n \"type\": \"response\",\n \"id\": 7,\n \"result\": {\n \"content\": [\n {\n \"type\": \"text\",\n \"text\": \"Weather in New York: 20°C\"\n }\n ],\n \"isError\": false\n },\n \"error\": {},\n \"request\": {\n \"type\": \"request\",\n \"id\": 7,\n \"method\": \"tools\u002Fcall\",\n \"params\": {\n \"name\": \"get_weather\",\n \"arguments\": { \"city\": \"New York\" }\n },\n \"error\": {}\n },\n \"raw\": \"{...}\"\n}\n```\n\n**HTTP\u002FHTTPS Transport - Request:**\n\n```json\n{\n \"timestamp\": \"2024-01-15T12:34:56.789Z\",\n \"transport_type\": \"http\",\n \"http_transport\": {\n \"pid\": 47837,\n \"comm\": \"python\",\n \"host\": \"127.0.0.1:12345\",\n \"is_request\": true\n },\n \"type\": \"request\",\n \"id\": 7,\n \"method\": \"tools\u002Fcall\",\n \"params\": {\n \"name\": \"get_weather\",\n \"arguments\": { \"city\": \"New York\" }\n },\n \"error\": {},\n \"raw\": \"{...}\"\n}\n```\n\n**HTTP\u002FHTTPS Transport - Response:**\n\n```json\n{\n \"timestamp\": \"2024-01-15T12:34:56.890Z\",\n \"transport_type\": \"http\",\n \"http_transport\": {\n \"pid\": 47837,\n \"comm\": \"python\",\n \"host\": \"127.0.0.1:12345\"\n },\n \"type\": \"response\",\n \"id\": 7,\n \"result\": {\n \"content\": [\n {\n \"type\": \"text\",\n \"text\": \"Weather in New York: 20°C\"\n }\n ],\n \"isError\": false\n },\n \"error\": {},\n \"request\": {\n \"type\": \"request\",\n \"id\": 7,\n \"method\": \"tools\u002Fcall\",\n \"params\": {\n \"name\": \"get_weather\",\n \"arguments\": { \"city\": \"New York\" }\n },\n \"error\": {}\n },\n \"raw\": \"{...}\"\n}\n```\n\n## Architecture\n\nMCPSpy uses an event-driven architecture with a publish-subscribe pattern to decouple components and enable extensibility. The system consists of several components that communicate through a central event bus:\n\n### 1. Event Bus (`pkg\u002Fbus\u002F`)\n\n- Central communication hub using publish-subscribe pattern\n- Enables asynchronous event processing\n- Using `github.com\u002Fasaskevich\u002FEventBus` library\n\n### 2. eBPF Program (`bpf\u002F`)\n\n- Hooks into `vfs_read` and `vfs_write` kernel functions for stdio transport\n- Hooks into TLS library functions (`SSL_read`, `SSL_write`) for HTTP\u002FHTTPS transport\n- Filters potential MCP traffic by detecting JSON patterns\n- Sends events to userspace via ring buffer\n- Minimal performance impact with early filtering\n\n### 3. eBPF Loader (`pkg\u002Febpf\u002F`)\n\n- Manages the lifecycle of eBPF programs and resources\n- Loads pre-compiled eBPF objects into the kernel using cilium\u002Febpf library\n- Converts raw binary events from kernel space into structured Go data types\n- Publishes events to the event bus for downstream processing\n\n### 4. HTTP Session Manager (`pkg\u002Fhttp\u002F`)\n\n- Subscribes to TLS-related events from the event bus\n- Manages HTTP\u002FHTTPS sessions and correlates request\u002Fresponse pairs\n- Handles TLS payload interception and parsing\n- Supports chunked transfer encoding and Server-Sent Events (SSE)\n- Reconstructs complete HTTP messages from fragmented TLS data\n- Publishes reconstructed HTTP bodies to the event bus for MCP parsing\n\n### 5. MCP Protocol Parser (`pkg\u002Fmcp\u002F`)\n\n- Subscribes to data events from the event bus (stdio and HTTP TLS payloads)\n- Validates JSON-RPC 2.0 message format\n- Parses MCP-specific methods and parameters\n- Correlates read operations and write operations into a single MCP message (relevant for stdio transport)\n- Supports both stdio and HTTP\u002FHTTPS transports (including SSE)\n- Publishes parsed MCP messages to the event bus\n\n### 6. Output Handlers (`pkg\u002Foutput\u002F`)\n\n- Subscribe to MCP message events from the event bus\n- Console display with colored, formatted output\n- JSONL output for programmatic analysis\n- Real-time statistics tracking\n\n### 7. Event Logger (`pkg\u002Feventlogger\u002F`)\n\n- Subscribes to all events on the event bus for debugging\n- Provides detailed logging of event flow through the system\n- Configurable log levels for different event types\n\n### 8. Security Analyzer (`pkg\u002Fsecurity\u002F`)\n\n- Optional component for real-time prompt injection detection\n- Subscribes to MCP message events from the event bus\n- Analyzes high-risk methods (`tools\u002Fcall`, `resources\u002Fread`, `prompts\u002Fget`)\n- Uses HuggingFace Inference API with configurable ML models\n- Publishes security alerts when injections are detected\n- Supports async and sync analysis modes\n\n## Development\n\n### Building\n\n```bash\n# Generate eBPF bindings and build\nmake all\n\n# Build Docker image\nmake image\n```\n\n### Testing\n\nMCPSpy includes comprehensive end-to-end tests that simulate real MCP communication across different transports:\n\n```bash\n# (Optional) Set up test environment\nmake test-e2e-setup\n\n# Run all tests (requires root privileges)\nmake test-e2e\n\n# Run individual transport tests\nmake test-e2e-stdio # Test stdio transport\nmake test-e2e-https # Test HTTP\u002FHTTPS transport\n```\n\nThe test suite includes:\n\n- MCP server and client simulators for both stdio and HTTP transports\n- Message validation against expected outputs\n- Multiple message type coverage\n- SSL\u002FTLS encrypted HTTP communication testing\n\n## Limitations\n\n- **FS Events Buffer Size**: Limited to 16KB per message. This means MCP messages with **buffer size** greater than 16KB will be missed \u002F ignored.\n- **FS Events Constructed of Multiple Messages**: MCPSpy currently does not support reconstructing MCP messages that are split across multiple `read` or `write` syscalls. This means that if an MCP message is larger than the buffer size used in a single syscall, it may be missed or ignored.\n- **Inode Collision for Stdio Transport**: Inode numbers are only unique within a filesystem. If monitoring processes across multiple filesystems or mount namespaces, inode collisions are theoretically possible but rare in practice for pipe-based stdio communication.\n- **Platform**: Linux only (kernel 5.15+).\n\n## Agentic Workflows Setup\n\nMCPSpy supports development with AI coding assistants like Claude Code. Since mcpspy requires root privileges for eBPF operations, you need to configure passwordless sudo to enable autonomous test execution.\n\n### Configuring Sudoers for Passwordless Execution\n\nCreate a sudoers rule that allows your user to run mcpspy without a password. The E2E tests use the binary at `build\u002Fmcpspy-linux-amd64` (or `build\u002Fmcpspy-linux-arm64` on ARM):\n\n```bash\n# Option 1: Using visudo (opens editor)\nsudo visudo -f \u002Fetc\u002Fsudoers.d\u002Fmcpspy\n# Add this line (replace YOUR_USERNAME and adjust path as needed):\n# YOUR_USERNAME ALL=(ALL) NOPASSWD: \u002Fhome\u002FYOUR_USERNAME\u002Fmcpspy\u002Fbuild\u002Fmcpspy-linux-amd64, \u002Fhome\u002FYOUR_USERNAME\u002Fmcpspy\u002F.worktrees\u002F*\u002Fbuild\u002Fmcpspy-linux-amd64\n\n# Option 2: One-liner (replace YOUR_USERNAME and path)\necho 'YOUR_USERNAME ALL=(ALL) NOPASSWD: \u002Fhome\u002FYOUR_USERNAME\u002Fmcpspy\u002Fbuild\u002Fmcpspy-linux-amd64, \u002Fhome\u002FYOUR_USERNAME\u002Fmcpspy\u002F.worktrees\u002F*\u002Fbuild\u002Fmcpspy-linux-amd64' | sudo tee \u002Fetc\u002Fsudoers.d\u002Fmcpspy && sudo chmod 440 \u002Fetc\u002Fsudoers.d\u002Fmcpspy\n```\n\nThe `.worktrees\u002F*` pattern enables passwordless execution from git worktrees. Note that sudoers `*` doesn't match `\u002F`, so both patterns are needed.\n\nAfter configuration, verify it works:\n\n```bash\nsudo \u002Fpath\u002Fto\u002Fbuild\u002Fmcpspy-linux-amd64 --help # Should not prompt for password\n```\n\nThis enables AI assistants to run E2E tests (`make test-e2e`) which require sudo for eBPF operations.\n\n## Contributing\n\nWe welcome contributions! Feel free to open an issue or a pull request.\n\n## License\n\n- **User-mode code** (Mainly Go): Apache 2.0 (see [LICENSE](LICENSE))\n- **eBPF C programs** (`bpf\u002F*`): GPL-2.0-only (see [LICENSE-BPF](LICENSE-BPF))\n\n---\n\n\u003Cdiv align=\"center\">\nMade with ❤️ by Alex Ilgayev\n\u003C\u002Fdiv>\n","# MCPSpy - 使用 eBPF 监控 MCP 🕵️✨\n\n[![CI](https:\u002F\u002Fgithub.com\u002Falex-ilgayev\u002Fmcpspy\u002Factions\u002Fworkflows\u002Fci.yml\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002Falex-ilgayev\u002Fmcpspy\u002Factions\u002Fworkflows\u002Fci.yml)\n[![Go 版本](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fgo-1.24+-blue.svg)](https:\u002F\u002Fgolang.org)\n[![许可证](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-Apache%202.0-blue.svg)](LICENSE)\n\n\u003Cdiv align=\"center\">\n\u003Cpre>\n███╗ ███╗ ██████╗██████╗ ███████╗██████╗ ██╗ ██╗\n████╗ ████║██╔════╝██╔══██╗██╔════╝██╔══██╗╚██╗ ██╔╝\n██╔████╔██║██║ ██████╔╝███████╗██████╔╝ ╚████╔╝ \n██║╚██╔╝██║██║ ██╔═══╝ ╚════██║██╔═══╝ ╚██╔╝ \n██║ ╚═╝ ██║╚██████╗██║ ███████║██║ ██║ \n╚═╝ ╚═╝ ╚═════╝╚═╝ ╚══════╝╚═╝ ╚═╝ \n\u003C\u002Fpre>\n\u003Cb>MCPSpy - 使用 eBPF 对模型上下文协议通信进行实时监控\u003C\u002Fb>\n\u003C\u002Fdiv>\n\n## 概述\n\nMCPSpy 是一款功能强大的命令行工具,它利用 [eBPF(扩展的伯克利数据包过滤器)](https:\u002F\u002Febpf.io\u002F) 技术,在内核级别监控 [模型上下文协议(MCP)](https:\u002F\u002Fmodelcontextprotocol.io\u002F) 通信。通过挂钩到底层系统调用,它可以实时查看 MCP 客户端和服务器之间交换的 JSON-RPC 2.0 消息。\n\n模型上下文协议支持三种传输协议进行通信:\n\n- **Stdio**:通过标准输入\u002F输出流进行通信\n- **可流式 HTTP**:直接的 HTTP 请求\u002F响应通信,带有服务器发送事件\n- **SSE(服务器发送事件)**:基于 HTTP 的流式通信(已弃用)\n\n**MCPSpy 支持对 Stdio 和 HTTP\u002FHTTPS 传输的监控**(包括服务器发送事件),从而全面覆盖 MCP 通信通道。\n\n![demo](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Falex-ilgayev_MCPSpy_readme_acaa2c29bfbf.gif)\n\n## 为什么选择 MCPSpy?\n\n模型上下文协议正逐渐成为 AI 工具集成的标准,但要理解其内部运作机制却颇具挑战性。MCPSpy 通过以下方式解决了这一问题:\n\n- **🔒 安全分析**:监控传输的数据,检测 PII 泄露,并审计工具执行情况\n- **🛡️ 提示注入检测**:使用机器学习模型实时检测提示注入和越狱尝试\n- **🐛 调试**:通过查看实际的消息流来排查 MCP 集成中的问题\n- **📊 性能监控**:跟踪消息模式并识别瓶颈\n- **🔍 合规性**:确保 MCP 通信符合监管要求\n- **🎓 学习**:通过观察真实的通信过程来理解 MCP 的工作原理\n\n## 安装\n\n### 先决条件\n\n- Linux 内核版本 5.15 或更高\n- root 权限(eBPF 所需)\n\n### 下载预编译二进制文件(自动检测操作系统 + 架构)\n\n从 [发布页面](https:\u002F\u002Fgithub.com\u002Falex-ilgayev\u002Fmcpspy\u002Freleases) 下载最新版本:\n\n```bash\n# 设置平台感知的二进制文件名\nBIN=\"mcpspy-$(uname -s | tr '[:upper:]' '[:lower:]')-$(uname -m | sed -e 's\u002Fx86_64\u002Famd64\u002F' -e 's\u002Faarch64\u002Farm64\u002F')\"\n\n# 下载正确的二进制文件\nwget \"https:\u002F\u002Fgithub.com\u002Falex-ilgayev\u002Fmcpspy\u002Freleases\u002Flatest\u002Fdownload\u002F${BIN}\"\n\n# 使其可执行并移动到 PATH 中的目录\nchmod +x \"${BIN}\"\nsudo mv \"${BIN}\" \u002Fusr\u002Flocal\u002Fbin\u002Fmcpspy\n```\n\n> ✅ 注意:目前支持的平台:linux-amd64、linux-arm64\n\n### 从源代码构建\n\n#### 安装依赖项\n\n首先,安装所需的系统依赖项:\n\n```bash\nsudo apt-get update\n# 安装构建工具和 eBPF 依赖项\nsudo apt-get install -y clang clang-format llvm make libbpf-dev build-essential\n# 安装 Python 3 和 pip(用于端到端测试)\nsudo apt-get install -y python3 python3-pip python3-venv\n# 安装 docker 和 buildx(如果尚未安装)\nsudo apt-get install -y docker.io docker-buildx\n```\n\n#### 安装 Go\n\nMCPSpy 需要 Go 1.24 或更高版本。可以使用以下方法之一安装 Go:\n\n选项 1:从官方 Go 网站安装(推荐)\n\n```bash\n# 下载并安装 Go 1.24.1(可根据需要调整版本)\nwget https:\u002F\u002Fgo.dev\u002Fdl\u002Fgo1.24.1.linux-amd64.tar.gz\nsudo rm -rf \u002Fusr\u002Flocal\u002Fgo\nsudo tar -C \u002Fusr\u002Flocal -xzf go1.24.1.linux-amd64.tar.gz\n\n# 将 Go 添加到 PATH 中(将其添加到 ~\u002F.bashrc 或 ~\u002F.profile 以保持永久生效)\nexport PATH=$PATH:\u002Fusr\u002Flocal\u002Fgo\u002Fbin\n```\n\n选项 2:通过 snap 安装\n\n```bash\nsudo snap install go --classic\n```\n\n#### 构建 MCPSpy\n\n克隆仓库并构建 MCPSpy:\n\n```bash\n# 克隆仓库\ngit clone https:\u002F\u002Fgithub.com\u002Falex-ilgayev\u002Fmcpspy.git\ncd mcpspy\n\n# 构建项目\nmake all\n```\n\n### Docker\n\n```bash\n# 构建 Docker 镜像\nmake image\n# 或者拉取最新镜像\ndocker pull ghcr.io\u002Falex-ilgayev\u002Fmcpspy:latest\n# 或者拉取特定版本的镜像\ndocker pull ghcr.io\u002Falex-ilgayev\u002Fmcpspy:v0.1.0\n\n# 运行容器\ndocker run --rm -it --privileged ghcr.io\u002Falex-ilgayev\u002Fmcpspy:latest\n```\n\n### Kubernetes\n\nMCPSpy 可以部署在 Kubernetes 集群中,用于监控来自 LangFlow、LangGraph 等使用模型上下文协议的 AI\u002FLLM 服务的 MCP 流量。\n\n```bash\n# 将 MCPSpy 部署为 DaemonSet\nkubectl apply -f https:\u002F\u002Fraw.githubusercontent.com\u002Falex-ilgayev\u002Fmcpspy\u002Fmain\u002Fdeploy\u002Fkubernetes\u002Fmcpspy.yaml\n```\n\n#### Kubernetes 中的实际应用场景\n\n1. **监控 LangFlow\u002FLangGraph 部署**\n\n - 观察 LangFlow\u002FLangGraph 与 AI 服务之间的 MCP 流量\n - 调试复杂 AI 工作流中的集成问题\n - 审计 AI 交互以确保安全性和合规性\n\n2. **AI 服务监控**\n\n - 跟踪与远程和本地 MCP 服务器的交互\n - 识别 AI 服务调用中的性能瓶颈\n - 检测 AI 通信中潜在的 data 泄露\n\n3. **开发和测试**\n\n - 在容器化环境中测试 MCP 实现\n - 在生产部署前验证 AI 服务集成\n - 确保不同环境下的行为一致性\n\n有关在 Kubernetes 中监控 AI 服务的详细说明和实际示例,请参阅 [Kubernetes 使用指南](docs\u002Fkubernetes-usage.md)。\n\n## 使用方法\n\n### 基本用法\n\n```bash\n# 开始监控 MCP 通信(默认为 TUI 模式)\nsudo mcpspy\n\n# 以静态控制台输出开始监控(禁用 TUI)\nsudo mcpspy --tui=false\n\n# 开始监控并将输出保存到 JSONL 文件\nsudo mcpspy -o output.jsonl\n\n# 使用 Ctrl+C(或 TUI 模式下的 'q')停止监控\n```\n\n### 提示注入检测\n\nMCPSpy 包含可选的实时提示注入检测功能,使用 HuggingFace 的推理 API。启用后,它会分析 MCP 工具调用,以检测潜在的注入攻击和越狱尝试。\n\n**检测范围:**\n\n1. **基于请求的注入**:检测工具调用参数中的恶意提示\n2. **基于响应的注入**:检测工具响应中可能操纵代理的恶意内容\n\n```bash\n# 使用 HuggingFace token 启用安全扫描\nsudo mcpspy --security --hf-token=hf_xxxxx\n\n# 使用自定义检测模型\nsudo mcpspy --security --hf-token=hf_xxxxx --security-model=protectai\u002Fdeberta-v3-base-prompt-injection-v2\n\n# 调整检测阈值(默认:0.5)\nsudo mcpspy --security --hf-token=hf_xxxxx --security-threshold=0.7\n\n# 同步运行分析(阻塞直到分析完成)\nsudo mcpspy --security --hf-token=hf_xxxxx --security-async=false\n```\n\n**安全 CLI 标志:**\n\n| 标志 | 描述 | 默认 |\n| ---------------------- | --------------------------------------------------------- | ------------------------------------- |\n| `--security` | 启用提示注入检测 | `false` |\n| `--hf-token` | HuggingFace API 令牌(启用安全时必需) | - |\n| `--security-model` | 用于检测的 HuggingFace 模型 | `protectai\u002Fdeberta-v3-base-prompt-injection-v2` |\n| `--security-threshold` | 检测阈值(0.0-1.0) | `0.5` |\n| `--security-async` | 异步运行分析 | `true` |\n\n**支持的模型:**\n\n- `protectai\u002Fdeberta-v3-base-prompt-injection-v2`(默认,公开可访问)\n- `meta-llama\u002FLlama-Prompt-Guard-2-86M`(已在 HF 推理 API 上弃用)\n\n当检测到潜在的注入时,MCPSpy 会显示一个安全警报,包含风险等级(低\u002F中\u002F高\u002F严重)、类别以及被分析的内容。\n\n### 输出格式\n\n#### TUI 模式(默认)\n\nMCPSpy 默认以交互式终端 UI 模式运行。TUI 提供:\n\n- 可滚动的交互式表格视图\n- 详细的消息检查(按 Enter 键)\n- 按传输方式、类型和执行者进行过滤\n- 多种密度模式,适用于不同尺寸的屏幕\n- 实时统计信息\n\n#### 静态控制台输出\n\n当使用 `--tui=false` 运行时:\n\n```\n\n12:34:56.789 python[12345] → python[12346] REQ 工具\u002F调用(get_weather) 执行工具\n12:34:56.890 python[12346] → python[12345] RESP 成功\n\n```\n\n#### JSONL 输出\n\n**Stdio 传输 - 请求:**\n\n```json\n{\n \"timestamp\": \"2024-01-15T12:34:56.789Z\",\n \"transport_type\": \"stdio\",\n \"stdio_transport\": {\n \"from_pid\": 12345,\n \"from_comm\": \"python\",\n \"to_pid\": 12346,\n \"to_comm\": \"python\"\n },\n \"type\": \"request\",\n \"id\": 7,\n \"method\": \"tools\u002Fcall\",\n \"params\": {\n \"name\": \"get_weather\",\n \"arguments\": { \"city\": \"New York\" }\n },\n \"error\": {},\n \"raw\": \"{...}\"\n}\n```\n\n**Stdio 传输 - 响应:**\n\n```json\n{\n \"timestamp\": \"2024-01-15T12:34:56.890Z\",\n \"transport_type\": \"stdio\",\n \"stdio_transport\": {\n \"from_pid\": 12346,\n \"from_comm\": \"python\",\n \"to_pid\": 12345,\n \"to_comm\": \"python\"\n },\n \"type\": \"response\",\n \"id\": 7,\n \"result\": {\n \"content\": [\n {\n \"type\": \"text\",\n \"text\": \"纽约天气:20°C\"\n }\n ],\n \"isError\": false\n },\n \"error\": {},\n \"request\": {\n \"type\": \"request\",\n \"id\": 7,\n \"method\": \"tools\u002Fcall\",\n \"params\": {\n \"name\": \"get_weather\",\n \"arguments\": { \"city\": \"New York\" }\n },\n \"error\": {}\n },\n \"raw\": \"{...}\"\n}\n```\n\n**HTTP\u002FHTTPS 传输 - 请求:**\n\n```json\n{\n \"timestamp\": \"2024-01-15T12:34:56.789Z\",\n \"transport_type\": \"http\",\n \"http_transport\": {\n \"pid\": 47837,\n \"comm\": \"python\",\n \"host\": \"127.0.0.1:12345\",\n \"is_request\": true\n },\n \"type\": \"request\",\n \"id\": 7,\n \"method\": \"tools\u002Fcall\",\n \"params\": {\n \"name\": \"get_weather\",\n \"arguments\": { \"city\": \"New York\" }\n },\n \"error\": {},\n \"raw\": \"{...}\"\n}\n```\n\n**HTTP\u002FHTTPS 传输 - 响应:**\n\n```json\n{\n \"timestamp\": \"2024-01-15T12:34:56.890Z\",\n \"transport_type\": \"http\",\n \"http_transport\": {\n \"pid\": 47837,\n \"comm\": \"python\",\n \"host\": \"127.0.0.1:12345\"\n },\n \"type\": \"response\",\n \"id\": 7,\n \"result\": {\n \"content\": [\n {\n \"type\": \"text\",\n \"text\": \"纽约天气:20°C\"\n }\n ],\n \"isError\": false\n },\n \"error\": {},\n \"request\": {\n \"type\": \"request\",\n \"id\": 7,\n \"method\": \"tools\u002Fcall\",\n \"params\": {\n \"name\": \"get_weather\",\n \"arguments\": { \"city\": \"New York\" }\n },\n \"error\": {}\n },\n \"raw\": \"{...}\"\n}\n```\n\n## 架构\n\nMCPSpy 采用事件驱动架构,并使用发布-订阅模式来解耦组件,从而实现可扩展性。该系统由多个组件组成,这些组件通过中央事件总线进行通信:\n\n### 1. 事件总线 (`pkg\u002Fbus\u002F`)\n\n- 使用发布-订阅模式的中央通信枢纽\n- 支持异步事件处理\n- 使用 `github.com\u002Fasaskevich\u002FEventBus` 库\n\n### 2. eBPF 程序 (`bpf\u002F`)\n\n- 钩子到内核函数 `vfs_read` 和 `vfs_write` 中,用于 stdio 传输\n- 钩子到 TLS 库函数(`SSL_read`, `SSL_write`)中,用于 HTTP\u002FHTTPS 传输\n- 通过检测 JSON 模式来过滤潜在的 MCP 流量\n- 通过环形缓冲区将事件发送到用户空间\n- 通过早期过滤实现最小性能影响\n\n### 3. eBPF 加载器 (`pkg\u002Febpf\u002F`)\n\n- 管理 eBPF 程序及其资源的生命周期\n- 使用 cilium\u002Febpf 库将预编译的 eBPF 对象加载到内核中\n- 将来自内核空间的原始二进制事件转换为结构化的 Go 数据类型\n- 将事件发布到事件总线,以便下游处理\n\n### 4. HTTP 会话管理器 (`pkg\u002Fhttp\u002F`)\n\n- 订阅事件总线上的 TLS 相关事件\n- 管理 HTTP\u002FHTTPS 会话,并关联请求和响应对\n- 处理 TLS 负载的拦截和解析\n- 支持分块传输编码和服务器发送事件 (SSE)\n- 从碎片化的 TLS 数据中重建完整的 HTTP 消息\n- 将重建的 HTTP 正文发布到事件总线,以供 MCP 解析\n\n### 5. MCP 协议解析器 (`pkg\u002Fmcp\u002F`)\n\n- 订阅来自事件总线的数据事件(stdio 和 HTTP TLS 负载)\n- 验证 JSON-RPC 2.0 消息格式\n- 解析 MCP 特定的方法和参数\n- 将读操作和写操作关联成单个 MCP 消息(适用于 stdio 传输)\n- 同时支持 stdio 和 HTTP\u002FHTTPS 传输(包括 SSE)\n- 将解析后的 MCP 消息发布到事件总线\n\n### 6. 输出处理器 (`pkg\u002Foutput\u002F`)\n\n- 订阅来自事件总线的 MCP 消息事件\n- 控制台显示带颜色的格式化输出\n- JSONL 输出,便于程序化分析\n- 实时统计跟踪\n\n### 7. 事件记录器 (`pkg\u002Feventlogger\u002F`)\n\n- 订阅事件总线上的所有事件,用于调试\n- 提供系统中事件流的详细日志记录\n- 不同事件类型的可配置日志级别\n\n### 8. 安全分析器 (`pkg\u002Fsecurity\u002F`)\n\n- 可选组件,用于实时提示注入检测\n- 订阅来自事件总线的 MCP 消息事件\n- 分析高风险方法(`tools\u002Fcall`, `resources\u002Fread`, `prompts\u002Fget`)\n- 使用 HuggingFace 推理 API,并可配置机器学习模型\n- 在检测到注入时发布安全警报\n- 支持异步和同步分析模式\n\n## 开发\n\n### 构建\n\n```bash\n# 生成 eBPF 绑定并构建\nmake all\n\n# 构建 Docker 映像\nmake image\n```\n\n### 测试\n\nMCPSpy 包含全面的端到端测试,可模拟不同传输方式下的真实 MCP 通信:\n\n```bash\n# (可选)设置测试环境\nmake test-e2e-setup\n\n# 运行所有测试(需要 root 权限)\nmake test-e2e\n\n# 运行单个传输方式的测试\nmake test-e2e-stdio # 测试 stdio 传输\nmake test-e2e-https # 测试 HTTP\u002FHTTPS 传输\n```\n\n测试套件包括:\n\n- 用于 stdio 和 HTTP 传输的 MCP 服务器和客户端模拟器\n- 根据预期输出验证消息\n- 覆盖多种消息类型\n- SSL\u002FTLS 加密的 HTTP 通信测试\n\n## 限制\n\n- **FS 事件缓冲区大小**:每个消息限制为 16KB。这意味着 **缓冲区大小** 超过 16KB 的 MCP 消息将被遗漏或忽略。\n- **由多个消息组成的 FS 事件**:MCPSpy 目前不支持重构跨多个 `read` 或 `write` 系统调用拆分的 MCP 消息。因此,如果 MCP 消息大于单次系统调用使用的缓冲区大小,可能会被遗漏或忽略。\n- **对于 stdio 传输的 inode 冲突**:inode 号码仅在单个文件系统内是唯一的。如果监控跨多个文件系统或挂载命名空间的进程,理论上可能存在 inode 冲突,但在基于管道的 stdio 通信中这种情况很少发生。\n- **平台**:仅支持 Linux(内核 5.15+)。\n\n## 代理工作流设置\n\nMCPSpy 支持与 Claude Code 等 AI 编程助手一起开发。由于 mcpspy 需要 root 权限才能执行 eBPF 操作,您需要配置无密码 sudo,以实现自动化测试执行。\n\n### 配置 Sudoers 以实现无密码执行\n\n创建一个 sudoers 规则,允许您的用户无需输入密码即可运行 mcpspy。端到端测试会使用位于 `build\u002Fmcpspy-linux-amd64`(或在 ARM 上为 `build\u002Fmcpspy-linux-arm64`)的二进制文件:\n\n```bash\n# 选项 1:使用 visudo(打开编辑器)\nsudo visudo -f \u002Fetc\u002Fsudoers.d\u002Fmcpspy\n# 添加以下行(替换 YOUR_USERNAME 并根据需要调整路径):\n# YOUR_USERNAME ALL=(ALL) NOPASSWD: \u002Fhome\u002FYOUR_USERNAME\u002Fmcpspy\u002Fbuild\u002Fmcpspy-linux-amd64, \u002Fhome\u002FYOUR_USERNAME\u002Fmcpspy\u002F.worktrees\u002F*\u002Fbuild\u002Fmcpspy-linux-amd64\n\n# 选项 2:一行命令(替换 YOUR_USERNAME 和路径)\necho 'YOUR_USERNAME ALL=(ALL) NOPASSWD: \u002Fhome\u002FYOUR_USERNAME\u002Fmcpspy\u002Fbuild\u002Fmcpspy-linux-amd64, \u002Fhome\u002FYOUR_USERNAME\u002Fmcpspy\u002F.worktrees\u002F*\u002Fbuild\u002Fmcpspy-linux-amd64' | sudo tee \u002Fetc\u002Fsudoers.d\u002Fmcpspy && sudo chmod 440 \u002Fetc\u002Fsudoers.d\u002Fmcpspy\n```\n\n`.worktrees\u002F*` 模式允许从 git 工作树中无密码执行。请注意,sudoers 中的 `*` 不匹配 `\u002F`,因此需要同时使用这两种模式。\n\n配置完成后,请验证是否生效:\n\n```bash\nsudo \u002Fpath\u002Fto\u002Fbuild\u002Fmcpspy-linux-amd64 --help # 不应提示输入密码\n```\n\n这样,AI 助手就可以运行需要 sudo 权限进行 eBPF 操作的端到端测试(`make test-e2e`)。\n\n## 贡献\n\n我们欢迎您的贡献!请随时提出问题或提交拉取请求。\n\n## 许可证\n\n- **用户态代码**(主要为 Go):Apache 2.0(参见 [LICENSE](LICENSE))\n- **eBPF C 程序**(`bpf\u002F*`):GPL-2.0-only(参见 [LICENSE-BPF](LICENSE-BPF))\n\n---\n\n\u003Cdiv align=\"center\">\n由 Alex Ilgayev 用心制作\n\u003C\u002Fdiv>","# MCPSpy 快速上手指南\n\nMCPSpy 是一款基于 eBPF 技术的命令行工具,用于在内核层面实时监控模型上下文协议(MCP)的通信流量。它支持 Stdio 和 HTTP\u002FHTTPS 传输协议,帮助开发者调试集成、分析安全风险及监控性能。\n\n## 环境准备\n\n在开始之前,请确保您的系统满足以下要求:\n\n* **操作系统**:Linux (内核版本 5.15 或更高)\n* **权限要求**:需要 Root 权限(eBPF 程序加载必需)\n* **架构支持**:amd64 (x86_64) 或 arm64 (aarch64)\n\n> **注意**:目前仅支持 Linux 平台。\n\n## 安装步骤\n\n您可以选择下载预编译二进制文件(推荐)或通过源码构建。\n\n### 方法一:下载预编译二进制文件\n\n以下命令会自动检测您的操作系统和架构,下载对应的最新版本并安装到系统路径:\n\n```bash\n# 设置平台相关的二进制文件名\nBIN=\"mcpspy-$(uname -s | tr '[:upper:]' '[:lower:]')-$(uname -m | sed -e 's\u002Fx86_64\u002Famd64\u002F' -e 's\u002Faarch64\u002Farm64\u002F')\"\n\n# 下载对应的二进制文件\nwget \"https:\u002F\u002Fgithub.com\u002Falex-ilgayev\u002Fmcpspy\u002Freleases\u002Flatest\u002Fdownload\u002F${BIN}\"\n\n# 赋予执行权限并移动到 PATH 目录\nchmod +x \"${BIN}\"\nsudo mv \"${BIN}\" \u002Fusr\u002Flocal\u002Fbin\u002Fmcpspy\n```\n\n### 方法二:从源码构建\n\n如果您需要自定义构建或贡献代码,请按以下步骤操作:\n\n1. **安装系统依赖**:\n\n ```bash\n sudo apt-get update\n # 安装构建工具及 eBPF 依赖\n sudo apt-get install -y clang clang-format llvm make libbpf-dev build-essential\n # 安装 Python 3 (用于端到端测试)\n sudo apt-get install -y python3 python3-pip python3-venv\n # 安装 Docker (可选)\n sudo apt-get install -y docker.io docker-buildx\n ```\n\n2. **安装 Go 语言环境** (需 Go 1.24+):\n\n ```bash\n # 下载并安装 Go (以 1.24.1 为例)\n wget https:\u002F\u002Fgo.dev\u002Fdl\u002Fgo1.24.1.linux-amd64.tar.gz\n sudo rm -rf \u002Fusr\u002Flocal\u002Fgo\n sudo tar -C \u002Fusr\u002Flocal -xzf go1.24.1.linux-amd64.tar.gz\n\n # 配置环境变量 (建议添加到 ~\u002F.bashrc)\n export PATH=$PATH:\u002Fusr\u002Flocal\u002Fgo\u002Fbin\n ```\n\n3. **克隆并编译**:\n\n ```bash\n git clone https:\u002F\u002Fgithub.com\u002Falex-ilgayev\u002Fmcpspy.git\n cd mcpspy\n make all\n ```\n\n### 方法三:使用 Docker\n\n如果您希望在不污染宿主机的情况下运行:\n\n```bash\n# 拉取最新镜像\ndocker pull ghcr.io\u002Falex-ilgayev\u002Fmcpspy:latest\n\n# 运行容器 (需要 --privileged 权限)\ndocker run --rm -it --privileged ghcr.io\u002Falex-ilgayev\u002Fmcpspy:latest\n```\n\n## 基本使用\n\n安装完成后,即可开始监控 MCP 通信。\n\n### 1. 启动监控 (交互模式)\n\n默认情况下,MCPSpy 以交互式终端界面 (TUI) 启动,提供实时表格视图、消息详情查看和过滤功能:\n\n```bash\nsudo mcpspy\n```\n\n* **操作提示**:按 `Enter` 查看详细消息,按 `q` 或 `Ctrl+C` 退出。\n\n### 2. 静态控制台输出\n\n如果您只需要简单的文本日志流,可以禁用 TUI:\n\n```bash\nsudo mcpspy --tui=false\n```\n\n### 3. 保存日志到文件\n\n将监控到的 JSON-RPC 消息保存为 JSONL 格式以便后续分析:\n\n```bash\nsudo mcpspy -o output.jsonl\n```\n\n### 4. 启用提示词注入检测 (高级)\n\nMCPSpy 支持实时检测提示词注入攻击。您需要提供 HuggingFace API Token:\n\n```bash\n# 启用安全检查并指定 Token\nsudo mcpspy --security --hf-token=hf_xxxxx\n```\n\n* 当检测到潜在攻击时,工具会显示风险等级(低\u002F中\u002F高\u002F严重)及告警详情。","某金融科技公司正在开发一款基于 MCP 架构的智能投顾助手,需确保用户隐私数据在模型与工具间传输时绝对安全且合规。\n\n### 没有 MCPSpy 时\n- **黑盒调试困难**:开发人员无法直观看到 Stdio 或 HTTP 通道中具体的 JSON-RPC 消息流,排查集成故障只能靠猜测或添加大量冗余日志。\n- **隐私泄露风险隐蔽**:敏感信息(如账户号、身份证号)可能在提示词中被意外传递给外部模型,缺乏实时监测手段,往往事后才能发现。\n- **注入攻击难防御**:面对复杂的提示词注入或越狱尝试,传统应用层日志难以捕捉底层通信异常,导致安全响应滞后。\n- **性能瓶颈定位慢**:当系统响应变慢时,无法区分是网络延迟、模型处理耗时还是 MCP 协议本身的序列化开销,优化无从下手。\n\n### 使用 MCPSpy 后\n- **全链路透明可视**:利用 eBPF 技术内核级钩住系统调用,实时展示客户端与服务端之间完整的请求\u002F响应报文,让调试过程一目了然。\n- **实时隐私审计**:自动监控传输内容,一旦检测到 PII(个人敏感信息)违规外传立即告警,将数据泄露风险拦截在萌芽状态。\n- **主动威胁感知**:内置检测机制能即时识别恶意的提示词注入模式,帮助安全团队在攻击生效前阻断异常会话。\n- **精准性能分析**:清晰呈现每条消息的时间戳与耗时分布,快速定位是网络传输还是工具执行导致了延迟,大幅缩短调优周期。\n\nMCPSpy 通过内核级的深度可观测性,将原本不可见的 MCP 通信转化为可审计、可防御、可优化的透明数据流,为 AI 应用的安全落地提供了坚实保障。","https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Falex-ilgayev_MCPSpy_58fa18cc.png","alex-ilgayev","Alex Ilgayev","https:\u002F\u002Foss.gittoolsai.com\u002Favatars\u002Falex-ilgayev_6e5c9257.jpg","Head of Security Research @ Cycode. \r\nMy interests involve Cyber Security and Software Development","Cycode","Tel Aviv, Israel",null,"_alex_il_","https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Filgayev","https:\u002F\u002Fgithub.com\u002Falex-ilgayev",[84,88,92,96,100,104],{"name":85,"color":86,"percentage":87},"C","#555555",75.8,{"name":89,"color":90,"percentage":91},"Go","#00ADD8",20.8,{"name":93,"color":94,"percentage":95},"Python","#3572A5",2.8,{"name":97,"color":98,"percentage":99},"Makefile","#427819",0.4,{"name":101,"color":102,"percentage":103},"Shell","#89e051",0.1,{"name":105,"color":106,"percentage":107},"Dockerfile","#384d54",0,504,76,"2026-04-01T17:23:06","Apache-2.0",4,"Linux","未说明",{"notes":116,"python":117,"dependencies":118},"必须拥有 Root 权限以运行 eBPF 程序。目前仅支持 linux-amd64 和 linux-arm64 架构。若启用提示注入检测功能,需配置 HuggingFace API Token。构建源码时需安装 clang、llvm 及 libbpf-dev 等系统依赖。","3.x (用于端到端测试)",[119,120,121,122,123,124,125],"Go 1.24+","Linux Kernel 5.15+","clang","llvm","libbpf-dev","docker.io","cilium\u002Febpf",[14,13,15,35],[128,129,130,131,132,133],"ai","llm","mcp","monitoring","security","ai-security","2026-03-27T02:49:30.150509","2026-04-06T18:54:43.708105",[],[138,143,148,153,158,163],{"id":139,"version":140,"summary_zh":141,"released_at":142},117887,"v0.0.6","MCPSpy v0.0.6 版本发布!\n\n**下载适用于您平台的二进制文件:**\n* Linux AMD64:`mcpspy-linux-amd64`\n* Linux ARM64:`mcpspy-linux-arm64`\n* 二进制文件的校验和也已提供。\n\n**Docker 镜像(多平台):** `ghcr.io\u002Falex-ilgayev\u002Fmcpspy:v0.0.6`\n\n更多详情请查看 Docker Hub\u002FGHCR 页面。","2025-11-15T12:07:52",{"id":144,"version":145,"summary_zh":146,"released_at":147},117888,"v0.0.5","MCPSpy v0.0.5 版本发布!\n\n**下载适用于您平台的二进制文件:**\n* Linux AMD64: `mcpspy-linux-amd64`\n* Linux ARM64: `mcpspy-linux-arm64`\n* 二进制文件的校验和也已提供。\n\n**Docker 镜像(多平台):** `ghcr.io\u002Falex-ilgayev\u002Fmcpspy:v0.0.5`\n\n更多详情请参阅 Docker Hub\u002FGHCR 页面。","2025-10-12T06:13:14",{"id":149,"version":150,"summary_zh":151,"released_at":152},117889,"v0.0.4","MCPSpy v0.0.4 版本发布!\n\n**下载适用于您平台的二进制文件:**\n* Linux AMD64:`mcpspy-linux-amd64`\n* Linux ARM64:`mcpspy-linux-arm64`\n* 二进制文件的校验和也已提供。\n\n**Docker 镜像(多平台):** `ghcr.io\u002Falex-ilgayev\u002Fmcpspy:v0.0.4`\n\n更多详情请查看 Docker Hub\u002FGHCR 页面。","2025-09-14T06:41:03",{"id":154,"version":155,"summary_zh":156,"released_at":157},117890,"v0.0.3","MCPSpy v0.0.3 版本发布!\n\n**下载适用于您平台的二进制文件:**\n* Linux AMD64: `mcpspy-linux-amd64`\n* Linux ARM64: `mcpspy-linux-arm64`\n* 二进制文件的校验和也已提供。\n\n**Docker 镜像(多平台):** `ghcr.io\u002Falex-ilgayev\u002Fmcpspy:v0.0.3`\n\n更多详情请参阅 Docker Hub\u002FGHCR 页面。","2025-08-11T08:18:42",{"id":159,"version":160,"summary_zh":161,"released_at":162},117891,"v0.0.2","MCPSpy v0.0.2 版本发布!\n\n**下载适用于您平台的二进制文件:**\n* Linux AMD64:`mcpspy-linux-amd64`\n* Linux ARM64:`mcpspy-linux-arm64`\n* 二进制文件的校验和也已提供。\n\n**Docker 镜像(多架构):** `ghcr.io\u002Falex-ilgayev\u002Fmcpspy:v0.0.2`\n\n更多详情请参阅 Docker Hub\u002FGHCR 页面。","2025-07-28T09:42:10",{"id":164,"version":165,"summary_zh":79,"released_at":166},117892,"v0.0.1","2025-07-19T06:57:38"]