ECC
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
npx ecc-install --profile fullThe agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
npx ecc-install --profile fullFair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
npx n8nAn open-source AI agent that brings the power of Gemini directly into your terminal.
npx @google/gemini-cliCommunity: Join us on Discord
CyberStrikeAI is building the agentic execution layer for modern cyber security.
It brings AI agents, security tools, MCP-native integrations, knowledge systems, human oversight, and attack-chain intelligence into a unified workspace for authorized cyber engagements. Instead of treating tools, prompts, evidence, approvals, and reports as separate fragments, CyberStrikeAI turns security intent into auditable multi-agent workflows that can plan, execute, review, replay, and continuously accumulate operational context.
Built in Go, CyberStrikeAI provides a full-stack foundation for AI-native security operations: 100+ curated tool recipes, role-based testing, Agent Skills, Eino-powered single-agent and multi-agent orchestration, RAG knowledge retrieval, graph workflows, vulnerability and task lifecycle management, WebShell operations, chatbot access, and a lightweight built-in C2 framework for authorized lab and engagement scenarios.
If CyberStrikeAI helps you, you can support the project via WeChat Pay or Alipay:
The dashboard provides a comprehensive overview of system runtime status, security vulnerabilities, tool usage, and knowledge base, helping users quickly understand the platform's core features and current state.
gte-rerank / Cohere-compatible) + post-processing (dedupe, budget); Eino Compose indexing pipelineupsert_project_fact + links to chain paths; attack-chain and project fact graph views{{previous.output}} and {{outputs.variable_name}} for inter-node data passing; bind a graph to a role for automatic execution on chat. See Graph orchestration guide/api/eino-agent/stream (Eino ADK ChatModelAgent); multi-agent via /api/multi-agent/stream with deep (coordinator + task sub-agents), plan_execute, or supervisor (orchestration in the request body). ADK summarization compresses long contexts; pre-compaction transcripts land at data/conversation_artifacts/<conversation-id>/summarization/transcript.txt (full user/assistant/tool turns; static system omitted). Markdown under agents/: orchestrator.md, orchestrator-plan-execute.md, orchestrator-supervisor.md, plus sub-agent *.md (see Multi-agent doc)analyze_image): separate VL model (e.g. qwen-vl-max) via MCP for local screenshots, captchas, and UI; image bytes stay out of agent history (text summaries only). Configure vision in config.yaml; see docs/en-US/VISION.mdskills_dir follow Agent Skills layout (SKILL.md + optional files); multi-agent sessions use the official Eino ADK skill tool for progressive disclosure (load by name), with optional host filesystem / shell via multi_agent.eino_skills; optional eino_middleware adds patchtoolcalls, tool_search, plantask (TaskCreate / TaskList boards under skills_dir/.eino/plantask/), reduction, file checkpoints (checkpoint_dir), ChatModel retries, session output key, and Deep tuning—20+ sample domains (SQLi, XSS, API security, …) ship under skills/config.yaml under hitl.tool_whitelist; the Audit Agent can use a separate lightweight model via hitl.audit_model; Apply can merge new tools into the file and update the running server without restart; dedicated HITL page for pending approvals. See HITL best practices/api/c2/*, plus unified MCP tools (c2_listener, c2_session, c2_task, c2_task_manage, c2_payload, c2_event, c2_profile, c2_file); optional HITL approval for sensitive operations and OPSEC-style controls (e.g. command deny rules). Authorized testing only.CyberStrikeAI includes optional integrations under plugins/.
plugins/burp-suite/cyberstrikeai-burp-extension/plugins/burp-suite/cyberstrikeai-burp-extension/dist/cyberstrikeai-burp-extension.jarplugins/burp-suite/cyberstrikeai-burp-extension/README.mdplugins/browser-extension/cyberstrikeai-browser-extension/chrome://extensions/ → Load unpacked → F12 → CyberStrikeAI tabplugins/browser-extension/cyberstrikeai-browser-extension/dist/cyberstrikeai-browser-extension.zipplugins/browser-extension/cyberstrikeai-browser-extension/README.md / README.zh-CN.mdCyberStrikeAI ships with 100+ curated tools covering the whole kill chain:
Prerequisites:
One-Command Deployment:
git clone https://github.com/Ed1s0nZ/CyberStrikeAI.git
cd CyberStrikeAI
chmod +x run.sh && ./run.sh
The run.sh script will automatically:
Networking defaults: run.sh starts the server with --https and the repo config.yaml (local self-signed TLS; better for many concurrent streams). Use ./run.sh --http for plain HTTP. In production, set server.tls_cert_path / server.tls_key_path in config.yaml (see comments there). For manual runs, add --https or CYBERSTRIKE_HTTPS=1; if -config is wrong, the binary prints a short usage hint on stderr.
First-Time Configuration:
Configure OpenAI-compatible API (required before first use)
https://127.0.0.1:8080/ (or https://localhost:8080/; replace 8080 with server.port in config.yaml) and accept the self-signed certificate warning once. If you used ./run.sh --http, use http:// instead.Settings → Fill in your API credentials:
openai:
api_key: "sk-your-key"
base_url: "https://api.openai.com/v1" # or https://api.deepseek.com/v1
model: "gpt-4o" # or deepseek-chat, claude-3-opus, etc.
config.yaml directly before launchingLogin - Use the auto-generated password shown in the console (or set auth.password in config.yaml)
Install security tools (optional) - Install tools from tools/ as needed; missing tools are skipped or substituted at runtime. Common examples:
macOS (Homebrew):
brew install nmap masscan sqlmap nikto gobuster ffuf hydra hashcat nuclei subfinder
Linux (Kali / Debian / Ubuntu):
sudo apt update
sudo apt install -y nmap masscan sqlmap nikto gobuster hydra hashcat john binwalk
# On some distros, install ffuf/nuclei/subfinder via go install or upstream docs
Alternative Launch Methods:
# Direct Go run (set up env yourself); add --https to match run.sh defaults
go run cmd/server/main.go --https
# Manual build
go build -o cyberstrike-ai cmd/server/main.go
./cyberstrike-ai --https
If server logs show client sent an HTTP request to an HTTPS server, a client is still using http:// on a TLS-only port—switch the URL to https://.
Note: The Python virtual environment (venv/) is automatically created and managed by run.sh. Tools that require Python (like api-fuzzer, http-framework-test, etc.) will automatically use this environment.
CyberStrikeAI one-click upgrade (recommended):
chmod +x upgrade.sh./upgrade.sh (optional flags: --tag vX.Y.Z, --no-venv, --yes). Local tools/, roles/, and skills/ are always preserved.config.yaml and data/, upgrade the code from GitHub Release, update config.yaml's version, then restart the server.Recommended one-liner:
chmod +x upgrade.sh && ./upgrade.sh --yes
If something goes wrong, you can restore from .upgrade-backup/ (or manually copy /data and config.yaml back) and run ./run.sh again.
Requirements / tips:
curl or wget for downloading Release packages.rsync is recommended/required for the safe code sync.export GITHUB_TOKEN="..." before running ./upgrade.sh.⚠️ Note: This procedure only applies to version updates without compatibility or breaking changes. If a release includes compatibility changes, this method may not apply.
Examples: No breaking changes — e.g. v1.3.1 → v1.3.2; with breaking changes — e.g. v1.3.1 → v1.4.0. The project follows Semantic Versioning (SemVer): when only the patch version (third number) changes, this upgrade path is usually safe; when the minor or major version changes, config, data, or APIs may have changed — check the release notes before using this method.
/api/eino-agent/stream) and multi-agent (/api/multi-agent/stream with orchestration: deep | plan_execute | supervisor). Multi mode requires multi_agent.enabled: true. MCP tools are bridged the same way for both paths.workflow_id on a role to run the graph on chat (Agent, MCP tools, condition branches). Use {{outputs.variable_name}} to pass data across non-adjacent nodes. See Graph orchestration guide.auth.password is empty.roles/ directory.user_prompt that prepends to user messages, guiding the AI to adopt specialized testing methodologies and focus areas.tools list to limit available tools, ensuring focused testing workflows (e.g., CTF role restricts to CTF-specific utilities).skills_dir and load via the Eino ADK skill tool (progressive disclosure) in both single- and multi-agent sessions when multi_agent.eino_skills is enabled. Optional host read_file / glob / grep / write / edit / execute and eino_middleware (tool_search, plantask, reduction, checkpoints, summarization transcripts, etc.) apply per mode—see docs.roles/ directory. Each role defines name, description, user_prompt, icon, tools, and enabled fields.Creating a custom role (example):
roles/ (e.g., roles/custom-role.yaml):
name: Custom Role
description: Specialized testing scenario
user_prompt: You are a specialized security tester focusing on API security...
icon: "\U0001F4E1"
tools:
- api-fuzzer
- arjun
- graphql-scanner
enabled: true
adk/prebuilt (alongside Eino single-agent on /api/eino-agent*): deep — coordinator + task sub-agents for complex security testing and delegated synthesis; plan_execute — planner / executor / replanner for structured loops; supervisor — expert-routing mode with transfer / exit for multiple specialist sub-agents. Client sends orchestration: deep | plan_execute | supervisor (default deep).agents_dir (default agents/):
orchestrator.md or one .md with kind: orchestrator. Body or multi_agent.orchestrator_instruction, then Eino defaults.orchestrator-plan-execute.md (plus optional in YAML).SKILL.md only (Agent Skills): YAML front matter only name and description, plus Markdown body. Optional sibling files (FORMS.md, REFERENCE.md, scripts/*, …). No SKILL.yaml (not part of Claude or Eino specs); sections/scripts/progressive behavior are derived at runtime from Markdown and the filesystem.skills_dir is the single root for packs. Multi-agent loads them through Eino’s official skill middleware (progressive disclosure: model calls skill with a pack name instead of receiving full SKILL text up front). Configure via multi_agent.eino_skills: disable, filesystem_tools (host read/glob/grep/write/edit/execute), skill_tool_name.schema.Document chunks for FilesystemSkillsRetriever (skills.AsEinoRetriever()) in graphs (e.g. knowledge/indexing pipelines).Creating a skill:
mkdir skills/<skill-id> and add standard SKILL.md (+ any optional files), or drop in an open-source skill folder as-is.multi_agent.eino_skills enabled so the model can call the skill tool with that pack name.tools/*.yaml describe commands, arguments, prompts, and metadata.security.tools_dir to a folder is usually enough; inline definitions in config.yaml remain supported for quick experiments.reduction_max_length_for_trunc are summarized via Eino reduction with full content persisted under tmp/reduction/; use read_file on the path in <persisted-output>.Creating a custom tool (typical flow)
tools/ (for example tools/nmap.yaml or tools/ffuf.yaml).name, command, args, and short_description.parameters[] so the agent knows how to build CLI arguments.description/notes block if the agent needs extra context or post-processing tips.cmd), and an optional remark; all records persist in SQLite and are compatible with common clients such as IceSword and AntSword.echo 1 check).tcp_reverse, http_beacon, https_beacon, and websocket; per-listener crypto keys; running listeners can be restored after restart when marked running in the database.c2_task, task management, payloads, events, profiles, files) so the same agent loop can orchestrate C2 alongside other tools; dangerous task types can go through the existing HITL bridge when your session policy requires it.go run cmd/mcp-stdio/main.go exposes the agent to Cursor/CLI.mcp-servers/ directory provides standalone MCPs (e.g. reverse shell). They speak standard MCP over stdio and work with CyberStrikeAI (Settings → External MCP), Cursor, VS Code, and other MCP clients.go build -o cyberstrike-ai-mcp cmd/mcp-stdio/main.go
Settings → Tools & MCP → Add Custom MCP, pick Command, then point to the compiled binary and your config:
{
"mcpServers": {
"cyberstrike-ai": {
"command": "/absolute/path/to/cyberstrike-ai-mcp",
"args": [
"--config",
"/absolute/path/to/config.yaml"
]
}
}
}
Replace the paths with your local locations; Cursor will launch the stdio server automatically.The HTTP MCP server runs on a separate port (default 8081) and supports header-based authentication so only clients that send the correct header can call tools.
config.yaml set mcp.enabled: true and optionally mcp.host / mcp.port. For auth (recommended if the port is reachable from the network), set:
mcp.auth_header – header name (e.g. X-MCP-Token);mcp.auth_header_value – secret value. Leave it empty if you want the server to auto-generate a random token on first start and write it back to the config../run.sh or go run cmd/server/main.go. The MCP endpoint is http://<host>:<port>/mcp (e.g. http://localhost:8081/mcp).auth_header_value was empty, it will have been generated and saved; the printed JSON includes the URL and headers.~/.cursor/mcp.json (or your project’s .cursor/mcp.json) under mcpServers, or merge it into your existing mcpServers..mcp.json or ~/.claude.json under .Example of what the terminal prints (with auth enabled):
{
"mcpServers": {
"cyberstrike-ai": {
"url": "http://localhost:8081/mcp",
"headers": {
"X-MCP-Token": "<auto-generated-or-your-value>"
},
"type": "http"
}
}
}
If you do not set auth_header / auth_header_value, the endpoint accepts requests without authentication (suitable only for localhost or trusted networks).
CyberStrikeAI supports connecting to external MCP servers via three transport modes:
To add an external MCP server:
Open the Web UI and navigate to Settings → External MCP.
Click Add External MCP and provide the configuration in JSON format:
HTTP mode example:
{
"my-http-mcp": {
"transport": "http",
"url": "http://127.0.0.1:8081/mcp",
"description": "HTTP MCP server",
"timeout": 30
}
}
stdio mode example:
{
"my-stdio-mcp": {
"command": "python3",
"args": ["/path/to/mcp-server.py"],
"description": "stdio MCP server",
"timeout": 30
}
}
SSE mode example:
{
"my-sse-mcp": {
"transport": "sse",
"url": "http://127.0.0.1:8082/sse",
"description": "SSE MCP server",
"timeout": 30
}
}
Click Save and then Start to connect to the server.
Monitor the connection status, tool count, and health in real time.
SSE mode benefits:
A test SSE MCP server is available at cmd/test-sse-mcp-server/ for validation purposes.
search_knowledge_base tool.gte-rerank or Cohere-compatible /v1/rerank) → post-processing (normalized dedupe, char/token budget, final top_k). Rerank failures degrade to fusion order without breaking search.retriever.Retriever usage.knowledge_base/ directory for Markdown files and automatically indexes them with embeddings (Markdown header split + recursive chunking via Eino).Setting up the knowledge base:
knowledge.enabled: true in config.yaml:
knowledge:
enabled: true
base_path: knowledge_base
embedding:
provider: openai
model: text-embedding-v4
base_url: "https://api.openai.com/v1" # or your embedding API
api_key: "sk-xxx"
retrieval:
top_k: 5
similarity_threshold: 0.7
multi_query:
max_queries: 4 # LLM rewrite variants (always on)
rerank: # always on; empty fields inherit openai/embedding credentials
provider: "" # auto: dashscope | cohere from base_url
model: "" # empty: gte-rerank (DashScope) or rerank-multilingual-v3.0 (Cohere)
base_url: ""
api_key: ""
post_retrieve:
prefetch_top_k: 20 # vector candidates per MultiQuery variant; 0 = max(top_k×4, 20)
max_context_chars: 0
max_context_tokens: 0
knowledge_base/ directory, organized by category (e.g., knowledge_base/SQL Injection/README.md).search_knowledge_base when it needs security knowledge. You can also explicitly ask: "Search the knowledge base for SQL injection techniques".Knowledge base structure:
POST /api/multi-agent/stream (SSE, when enabled), POST /api/multi-agent (non-streaming), Markdown agents under /api/multi-agent/markdown-agents (list/get/create/update/delete)./api/roles endpoints: GET /api/roles (list all roles), GET /api/roles/:name (get role), POST /api/roles (create role), PUT /api/roles/:name (update role), DELETE /api/roles/:name (delete role). Roles are stored as YAML files in the roles/ directory and support hot-reload./api/vulnerabilities endpoints: GET /api/vulnerabilities (list with filters), POST /api/vulnerabilities (create), GET /api/vulnerabilities/:id (get), PUT /api/vulnerabilities/:id (update), DELETE /api/vulnerabilities/:id (delete), GET /api/vulnerabilities/stats (statistics)./api/batch-tasks endpoints: POST /api/batch-tasks (create queue), (list queues), (get queue), (start execution), (cancel), (delete), (add task), (update task), (delete task). Tasks execute sequentially, each creating a separate conversation with full status tracking.auth:
password: "change-me"
session_duration_hours: 12
server:
host: "0.0.0.0"
port: 8080
log:
level: "info"
output: "stdout"
mcp:
enabled: true
host: "0.0.0.0"
port: 8081
auth_header: "X-MCP-Token" # optional; leave empty for no auth
auth_header_value: "" # optional; leave empty to auto-generate on first start
openai:
api_key: "sk-xxx"
base_url: "https://api.deepseek.com/v1"
model: "deepseek-chat"
database:
path: "data/conversations.db"
knowledge_db_path: "data/knowledge.db" # Optional: separate DB for knowledge base
security:
tools_dir: "tools"
knowledge:
enabled: false # Enable knowledge base feature
base_path: "knowledge_base" # Path to knowledge base directory
embedding:
provider: "openai" # Embedding provider (currently only "openai")
model: "text-embedding-v4" # Embedding model name
base_url: "" # Leave empty to use OpenAI base_url
api_key: "" # Leave empty to use OpenAI api_key
retrieval:
top_k: 5 # Number of top results to return
similarity_threshold: 0.7 # Minimum cosine similarity (0-1)
multi_query:
max_queries: 4 # MultiQuery rewrite variants (always on)
rerank: # HTTP rerank (always on); empty fields inherit openai/embedding credentials
provider: ""
model: ""
base_url: ""
api_key: ""
post_retrieve:
prefetch_top_k: 20 # per MultiQuery variant; 0 = max(top_k×4, 20)
max_context_chars: 0
max_context_tokens: 0
roles_dir: "roles" # Role configuration directory (relative to config file)
skills_dir: "skills" # Skills directory (relative to config file)
agents_dir: "agents" # Multi-agent Markdown definitions (orchestrator + sub-agents)
multi_agent:
enabled: false
default_mode: "eino_single" # eino_single | multi (UI default when multi-agent is enabled)
robot_default_agent_mode: eino_single
batch_use_multi_agent: false
orchestrator_instruction: "" # Deep; used when orchestrator.md body is empty
# orchestrator_instruction_plan_execute / orchestrator_instruction_supervisor optional
# eino_skills: { disable: false, filesystem_tools: true, skill_tool_name: skill }
# eino_middleware: plantask_enable, checkpoint_dir, deep_model_retry_max_retries, deep_output_key, ...
project:
enabled: true # Enable project blackboard & fact MCP tools
fact_index_max_runes: 65000
fact_summary_max_runes: 24000
default_inject_deprecated: false
tools/nmap.yaml)name: "nmap"
command: "nmap"
args: ["-sT", "-sV", "-sC"]
enabled: true
short_description: "Network mapping & service fingerprinting"
parameters:
- name: "target"
type: "string"
description: "IP or domain"
required: true
position: 0
- name: "ports"
type: "string"
flag: "-p"
description: "Range, e.g. 1-1000"
roles/penetration-testing.yaml)name: Penetration Testing
description: Professional penetration testing expert for comprehensive security testing
user_prompt: You are a professional cybersecurity penetration testing expert. Please use professional penetration testing methods and tools to conduct comprehensive security testing on targets, including but not limited to SQL injection, XSS, CSRF, file inclusion, command execution and other common vulnerabilities.
icon: "\U0001F3AF"
tools:
- nmap
- sqlmap
- nuclei
- burpsuite
- metasploit
- httpx
- record_vulnerability
- list_knowledge_risk_types
- search_knowledge_base
enabled: true
config.yaml sections, recommended values, and update guidance.CyberStrikeAI/
├── cmd/ # Server, MCP stdio entrypoints, tooling
├── internal/ # Agent, MCP core, handlers, C2 (`internal/c2`), security executor
├── web/ # Static SPA + templates
├── tools/ # YAML tool recipes (100+ examples provided)
├── roles/ # Role configurations (12+ predefined security testing roles)
├── skills/ # Agent Skills dirs (SKILL.md + optional files; demo: cyberstrike-eino-demo)
├── agents/ # Multi-agent Markdown (orchestrator.md + sub-agent *.md)
├── docs/ # Topic docs (deployment, config, security, API, knowledge base, C2, WebShell, etc.)
├── images/ # Docs screenshots & diagrams
├── config.yaml # Runtime configuration
├── run.sh # Convenience launcher
└── README*.md
Scan open ports on 192.168.1.1
Perform a comprehensive port scan on 192.168.1.1 focusing on 80,443,22
Check if https://example.com/page?id=1 is vulnerable to SQL injection
Scan https://example.com for hidden directories and outdated software
Enumerate subdomains for example.com, then run nuclei against the results
Load the recon-engagement template, run amass/subfinder, then brute-force dirs on every live host.
Use external Burp-based MCP server for authenticated traffic replay, then pass findings back for graphing.
Compress the 5 MB nuclei report, summarize critical CVEs, and attach the artifact to the conversation.
Build an attack chain for the latest engagement and export the node list with severity >= high.
CyberStrikeAI has joined 404Starlink
CyberStrikeAI is licensed under the Apache License 2.0.
See the LICENSE file for details.
This tool is for educational and authorized testing purposes only!
CyberStrikeAI is a professional security testing platform designed to assist security researchers, penetration testers, and IT professionals in conducting security assessments and vulnerability research with explicit authorization.
By using this tool, you agree to:
The developers are not responsible for any misuse! Please ensure your usage complies with local laws and regulations, and that you have obtained explicit authorization from the target system owner.
For vulnerability reporting and deployment hardening guidance, see SECURITY.md.
Need help or want to contribute? Open an issue or PR—community tooling additions are welcome!
See the tools/ directory for the full list; refer to each tool's official docs for install details.
/api/c2/*. Agents and external clients use the C2 MCP tool family (including c2_task); when HITL is enabled, high-risk tasks can require human approval. Intended only for systems you are explicitly authorized to test.config.yaml under hitl.tool_whitelist. The Audit Agent can use a separate low-cost model through hitl.audit_model, useful when human reviewers cannot keep up. Apply updates browser/server and can merge new tools into the file (no restart). New chat keeps sidebar choices; HITL nav shows pending approvals. Removing a tool in the sidebar does not remove it from the global list in config.yaml—edit the file if needed.orchestrator_instruction_plan_executeorchestrator-supervisor.md (plus optional orchestrator_instruction_supervisor); requires at least one sub-agent, and one-sub-agent runs emit a hint that expert routing has limited value.*.md files (YAML front matter + body). Not used as task targets if marked orchestrator-only./api/multi-agent/markdown-agents.multi_agent in config.yaml: enabled, robot_default_agent_mode, batch_use_multi_agent, max_iteration, plan_execute_loop_max_iterations, per-mode orchestrator instruction fields, optional YAML sub_agents merged with disk (id clash → Markdown wins), eino_skills, eino_middleware (optional ADK middleware and Deep/Supervisor tuning).checkpoint_dir enables ADK resume after process crashes (distinct from trace-based “interrupt & continue”). deep_model_retry_max_retries retries transient LLM API failures within a single call. Summarization writes a filtered transcript when compression fires; the summary message includes the path so the model can read_file for scan output and other pre-compaction details./api/skills listing and depth (summary | full), section, and resource_path remain for the web UI and ops; model-side skill loading in multi-agent uses the skill tool, not MCP.eino_middleware – e.g. tool_search (dynamic MCP tool list), patch_tool_calls, plantask (Eino TaskCreate / TaskGet / TaskUpdate / TaskList; JSON under skills_dir/.eino/plantask/<conversation-id>/; Eino clears task files when all tasks are marked completed), reduction, checkpoint_dir (data/eino-checkpoints/), deep_model_retry_max_retries, deep_output_key, task-tool description prefix—see config.yaml and internal/config/config.go.skills/cyberstrike-eino-demo/; see skills/README.md.mcpServersGET /api/batch-tasksGET /api/batch-tasks/:queueIdPOST /api/batch-tasks/:queueId/startPOST /api/batch-tasks/:queueId/cancelDELETE /api/batch-tasks/:queueIdPOST /api/batch-tasks/:queueId/tasksPUT /api/batch-tasks/:queueId/tasks/:taskIdDELETE /api/batch-tasks/:queueId/tasks/:taskId/api/webshell/connections (GET list, POST create, PUT update, DELETE delete) and /api/webshell/exec (command execution), /api/webshell/fileop (list/read/write/delete files)./api/c2/* (e.g. listeners CRUD/start/stop, session sleep, task create/cancel/wait, payload build/download, event stream)./api/auth/change-password, enforce short-lived sessions, and restrict MCP ports at the network layer when exposing the service.agents/*.mdeino_skillseino_middlewareprevious / outputs variable passing, and role binding.