- docker_health now runs HTTP call in thread executor instead of
blocking the async event loop (prevents MCP server freeze during polls)
- docker_auto_start defaults to wait=False so tool returns immediately
(clients should call docker_wait separately if needed)
- docker_stop now validates container belongs to current session
before stopping (prevents one agent from stopping another's work)
- docker_cleanup now defaults to session_only=True for safety
(agents can still use session_only=False with caution)
Addresses audit finding: tools could cause cross-session interference
Ports are now always allocated from the pool (8192-8199) automatically.
This prevents session collisions where different agents would specify
the same port and interfere with each other.
Clients can't accidentally (or intentionally) override the port allocation
— the pool manager handles all assignments.
instances_use previously called register_instance which made a
blocking safe_get (30s timeout) to validate the connection. If the
Ghidra server was slow or unresponsive, this could hang the MCP tool
call indefinitely from the client's perspective.
Now instances_use creates a lazy stub entry and sets the port
immediately — pure in-memory, no network I/O. The first actual tool
call validates the connection naturally.
Also fix background discovery thread using request_timeout (30s)
instead of discovery_timeout (0.5s) per port — worst case went from
300s to 5s per scan cycle.
instances_use held _instances_lock while calling register_instance,
which also acquires the same lock — non-reentrant Lock = hang forever.
- Release lock before calling register_instance (avoids blocking
other threads during the HTTP health check too)
- Upgrade Lock → RLock as safety net for any other reentrant paths
Allows AI clients to submit feedback about tool quality, report issues,
and track statistics. Persists to ~/.ghydramcp/feedback.db (SQLite).
- Add fastmcp-feedback dependency
- Add feedback_enabled / feedback_db_path config fields
- Wire add_feedback_tools() into create_server() with graceful fallback
- Show feedback path in startup banner
Disable with GHYDRA_FEEDBACK=false
return_all=True on large binaries (1800+ functions) produced 72K char
responses that exceeded the MCP tool result limit. Instead of truncating,
oversized responses now return a structured summary with sample data,
available fields, and actionable instructions for narrowing the query.
Three layers of filtering:
- Server-side grep: Jython HTTP handlers filter during Ghidra iteration
- Field projection: jq-style key selection strips unneeded fields
- Token budget guard: responses exceeding 8k tokens return a summary
New files: core/filtering.py (project_fields, apply_grep, estimate_and_guard)
Modified: config, pagination, base mixin, all 5 domain mixins, headless server
Refactors Docker mixin to support multiple Claude processes sharing
the same MCP server without port/container conflicts:
- PortPool class with flock-based cross-process synchronization
- Session-scoped container naming with UUID prefixes
- Docker label-based tracking for cross-process container discovery
- Automatic port allocation from pool (8192-8199)
- Cleanup mechanism for orphaned containers and stale locks
- New tools: docker_cleanup, docker_session_info
- Add ghydramcp Python package with FastMCP server implementation
- Add docker-compose.yml for easy container management
- Add Makefile with build/run targets
- Add QUICKSTART.md for getting started
- Add uv.lock for reproducible dependencies
- Switch from Java to Python scripts (avoids OSGi bundle issues)
- Update pyproject.toml with proper src layout and ruff config
- Add binaries/ and ghidra-src/ to gitignore
- Clean up Module.manifest
Add start_line, end_line, and max_lines parameters to decompile
functions, allowing AI models to retrieve only specific portions
of decompiled code for better context management.
Parameters:
- start_line: Start at this line number (1-indexed)
- end_line: End at this line number (inclusive)
- max_lines: Maximum lines to return (overrides end_line)
Response includes filter metadata with total_lines when filtering
is applied, helping models understand what portion they're viewing.
Examples:
- Get first 20 lines: max_lines=20
- Get lines 10-30: start_line=10, end_line=30
- Get 15 lines from line 25: start_line=25, max_lines=15
When applying a larger struct to an address, clear enough space
for the new data type rather than just the old data's length.
This prevents 'Conflicting data exists' errors when the new
type is larger than the existing data.
Fixes issue where ConfigParametersStruct couldn't be applied
due to conflicting smaller data items in the address range.
Comprehensive documentation overhaul reflecting all enhancements since fork:
- Documented new namespaced tool organization (instances_*, functions_*, data_*, structs_*, etc.)
- Added complete struct management API documentation
- Updated example usage with realistic reverse engineering workflows
- Added uvx installation method (recommended: local install for version sync)
- Updated all repository URLs to starsong-consulting
- Bumped plugin and bridge versions to v2.1.0, API version to 2010
Add endpoints and MCP tools to create, read, update, and delete struct
data types in Ghidra's data type manager. Enables programmatic definition
of complex data structures for reverse engineering workflows.
Includes pagination, category filtering, and field-level operations
(add, update by name or offset).
- Update all Ghidra JAR dependencies to 11.4.2
- Improve TransactionHelper to properly handle endTransaction return value
- Add GHIDRA_HOME environment variable support for flexible builds
- Update version references in extension.properties and MANIFEST.MF
The transaction fix now checks the return value from endTransaction() and
properly reports transaction failures, providing better error handling for
Ghidra 11.3.2+ compatibility.
Refs #7
- Update version to v2.0.0 in ApiConstants.java and bridge_mcp_hydra.py
- Create CHANGELOG v2.0.0 section with release date
- Fix Ghidra 11.3.2+ compatibility in TransactionHelper (endTransaction signature)
- Clarify instances_list vs instances_discover usage in documentation
- Remove commented-out code in pom.xml
Fixes#7Closes#5
- Fixed memory_write() endpoint to use correct ProgramEndpoints path
- Standardized all error responses to structured format with error codes
- Enhanced instances_discover() to return both new and existing instances
- Updated API version to 2005 for compatibility tracking
- Verified all bridge-to-plugin endpoint mappings are correct
- Confirmed route registration order follows proper specificity
Ready for v2.0.0 stable release after final testing.
- Modified ProgramEndpoints.java to support the name and address parameters
- Updated bridge MCP tool analysis_get_callgraph to use both parameters
- Updated tests to verify functionality with both parameters
- Added the change to CHANGELOG.md
This commit fixes an issue where variable operations with paths like
/functions/by-name/FunctionName/variables/varName were not being properly
processed. The handleFunctionResource method now checks for paths that
start with 'variables/' and extracts the variable name for processing.
Added implementation to handle renaming of decompiler-generated variables.
The new endpoint provides:
- GET /strings endpoint with pagination and filtering
- Python bridge support via list_strings() function
- Searching of string data types across memory blocks
- Filtering options for string content
- Update Java plugin version to v2.0.0-beta.1
- Add version identifier to bridge script
- Add API version check in bridge to verify plugin compatibility
- Bridge script will now check for API version 2 compatibility
- Add handleCreateData method to Java plugin to support creating new data
- Add data type mapping to support common types like byte, word, dword, string
- Implement delete_data functionality with graceful handling of missing data
- Add proper error handling when conflicts are detected
- Add comprehensive tests for both create_data and delete_data functionality
- Add comprehensive data manipulation capabilities
- Implement separate pathways for rename-only, type-only, and combined operations
- Fix HTTP request body consumption issue in DataEndpoints
- Standardize on 'type' parameter name instead of 'dataType'
- Add thorough test coverage with dedicated test_data_update.py script
- Update API documentation to version 2 with full endpoint descriptions
- Update CHANGELOG with detailed information about data manipulation features
- Add support for setting data types and renaming data items
- Fix Java API implementation for data operation endpoints
- Create rename_data and set_data_type tools for clearer separation of concerns
- Add comprehensive test scripts for data operations
- Successfully test changing data types and naming
- Replace getDefinedAddresses with proper Listing methods
- Use getInstructions and getDefinedData instead
- Check both instructions and data for a valid starting address
- Improve fallback strategy for current address retrieval
- Add helper method to handle ReferenceIterator conversion
- Support both Reference[] and ReferenceIterator types
- Replace LocationService with reflection-based approach
- Use listing's defined addresses as fallback
- Fix reference handling using ReferenceIterator
- Use proper Ghidra 11 services for current address retrieval
- Implement location tracking via LocationService and SelectionService
- Java plugin now uses Ghidra ReferenceManager to find real cross-references
- Added detailed information about xrefs, including related functions and instructions
- Bridge script now provides simplified and human-readable text for xrefs
- Support bi-directional search for references to/from addresses
- Added filtering by reference type
- Properly implement getCurrentAddress using Ghidra service APIs
- Implemented efficient pagination for variables endpoints to avoid timeout
- Added globalOnly parameter to allow fetching just global variables
- Limited decompilation to only process functions needed for current page
- Improved estimation of total count for better pagination links
- Reduced decompilation timeout to improve performance
- Fixed disassembly endpoint to show real instructions instead of placeholders
- Improved memory endpoint to handle address errors gracefully
- Fixed address arithmetic error in xrefs endpoint
- Added proper error handling and fallbacks in all endpoints
- Add ProgramEndpoints for proper HATEOAS URL structure
- Fix response structure to include required HATEOAS links
- Ensure proper result formats for segments, decompiled functions, and variables
- Reorganize endpoints to use nested resource pattern (/programs/current/functions/{address})
- Fix all tests to ensure HATEOAS compliance
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add toggleCCode, toggleSyntaxTree and setSimplificationStyle controls to
the Java plugin. These allow controlling decompiler output format between
C code (default) and raw decompiler output with syntax trees.
Example usage:
decompile_function_by_address(port=8192, address='0x1000', cCode=True)
decompile_function_by_address(port=8192, address='0x1000', syntaxTree=True)
