Skip to content

feat(mcp): add read-only zombie-mcp diagnostics server#551

Open
DenzelPenzel wants to merge 7 commits into
mainfrom
denzelpenzel/zombie-mcp-diagnostics-server
Open

feat(mcp): add read-only zombie-mcp diagnostics server#551
DenzelPenzel wants to merge 7 commits into
mainfrom
denzelpenzel/zombie-mcp-diagnostics-server

Conversation

@DenzelPenzel

@DenzelPenzel DenzelPenzel commented Jun 20, 2026

Copy link
Copy Markdown
Contributor

Adds zombie-mcp, a read-only diagnostics tool for a Zombienet run you already
started. It uses zombie.json as the run handle and inspects configs, logs,
liveness, metrics, and block production — it never spawns or destroys networks.

It works two ways, sharing one core:

  • CLI (deterministic, no LLM) — run the diagnostics by hand or in CI.
  • MCP server (additive) — let an AI agent (Codex / Claude Code) drive the
    same core via natural language, correlate evidence with repo source, and
    reason about errors outside the baked checks.

Core tools / checks

  • find_recent_runs — discover recent run candidates with no arguments
  • diagnose_run — triage a started run from zombie_json_path, including
    scanning logs near the expected path when startup failed before zombie.json
    was written
  • validate_config — validate a network config file
  • list_nodes / get_node_logs — inspect an attached live network
  • check_node_liveness / check_block_production — node health checks
  • query_metric — read a Prometheus metric from a node

CLI mode

zombie-mcp diagnose --auto                       # find newest run and diagnose
zombie-mcp diagnose --zombie-json <path>         # diagnose a specific run
zombie-mcp validate  --config <toml>             # validate a config

The JSON DiagnosticReport goes to stdout; logs to stderr. The MCP server is an
optional mcp feature (on by default) — core + CLI build without it
(--no-default-features).

Install (MCP)

zombie-mcp install codex --force      # Codex
zombie-mcp install claude --force     # Claude Code

Then, after a run fails: "Debug my zombienet run with zombie-mcp."

Diagnostics correctness

  • check_block_production no longer counts the genesis block (#0) as
    production — a stalled chain times out instead of a false success.
  • A node that is up but stuck at best block 0 is flagged (no_block_progress)
    instead of being reported healthy.
  • next_steps covers the stalled-block case (registration / connectivity /
    para id) rather than "No immediate failure detected".
  • Identical findings (e.g. a log error repeated across relaunch attempts) are
    collapsed so the summary is honest.

@socket-security

socket-security Bot commented Jun 20, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addednix@​0.30.1801009310070
Addedrmcp@​0.16.09085100100100
Addedschemars@​1.2.1100100100100100

View full report

@socket-security

socket-security Bot commented Jun 20, 2026

Copy link
Copy Markdown

Warning

[Security]

Socket has found a problem with the dependencies from this PR. Check the details below to solve the issue. If the affected dependency is unreachable, we still recommend you to use a patched version.

Remember: according to Parity's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
High CVE: cargo rmcp Streamable HTTP server transport has a DNS rebinding vulnerability

CVE: GHSA-89vp-x53w-74fx rmcp Streamable HTTP server transport has a DNS rebinding vulnerability (HIGH)

Affected versions: < 1.4.0

Patched version: 1.4.0

From: Cargo.lockcargo/rmcp@0.16.0

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/rmcp@0.16.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@DenzelPenzel
DenzelPenzel force-pushed the denzelpenzel/zombie-mcp-diagnostics-server branch 2 times, most recently from c414025 to 4d3df98 Compare June 20, 2026 13:51
@DenzelPenzel
DenzelPenzel force-pushed the denzelpenzel/zombie-mcp-diagnostics-server branch from 4d3df98 to 62e205b Compare June 20, 2026 13:53
@DenzelPenzel
DenzelPenzel requested a review from pepoviola June 20, 2026 15:06
@pepoviola

Copy link
Copy Markdown
Collaborator

Hey @DenzelPenzel, thanks for your contribution. What's the reasoning behind this tool? the idea is just allow cloude/codex to allow to attach and run those diagnosis functions? can you include some example of the usage in the pr also, there are several parts in the code that needs to improve :)

Thx!

@pepoviola pepoviola left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contribution, let's touch base to discus some design in this tool.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

Status: No status

Development

Successfully merging this pull request may close these issues.

2 participants