Bolt / MCP Overview

Cyberstrike uses the Model Context Protocol (MCP) to integrate with external security tools. Bolt is our recommended way to access 100+ Kali Linux tools through a Docker container.

🎞️ MARP SLIDE: architecture-overview.md

Bolt/MCP architecture overview presentation slide

🎬 GIF: bolt-tool-execution.gif

Bolt tool execution demo - nmap scan (20s)

Architecture Overview

Cyberstrike provides two approaches to access security tools:

flowchart TB
    subgraph User["Your Machine"]
        CS[Cyberstrike CLI]
        Agent[AI Agent]
    end

    subgraph Bolt["Bolt (Recommended)"]
        Docker[Docker Container]
        Kali[100+ Kali Tools]
        HTTP[HTTP/MCP Transport]
    end

    subgraph Local["Local MCP"]
        Stdio[Stdio Transport]
        LocalTools[Locally Installed Tools]
    end

    Agent --> CS
    CS -->|"HTTP (Remote)"| HTTP
    HTTP --> Docker
    Docker --> Kali

    CS -->|"Stdio (Local)"| Stdio
    Stdio --> LocalTools

    style Bolt fill:#10b981,color:#fff
    style Local fill:#6b7280,color:#fff

Approach	Pros	Cons
Bolt (Remote)	Pre-installed tools, Docker isolation, easy setup	Network latency, Docker required
Local MCP	Zero latency, offline operation	Manual tool installation, no isolation

Quick Comparison

📸 SCREENSHOT: bolt-vs-local-comparison.png

Side-by-side comparison of Bolt and Local MCP setup

Bolt (Recommended)

# One command to start
curl -sSL https://bolt.cyberstrike.io/install.sh | bash

100+ pre-installed Kali tools
Docker-based isolation
Ed25519 authentication
Optional port knocking
Works on any platform

Local MCP

{
  "mcp": {
    "kali": {
      "type": "local",
      "command": ["npx", "@cyberstrike/mcp-kali"]
    }
  }
}

Requires tools installed locally
Direct system access
Zero network latency
Best for offline use

How It Works

🎞️ MARP SLIDE: data-flow.md

MCP data flow between Cyberstrike and tools

1. Tool Discovery

The AI agent searches for needed capabilities:

sequenceDiagram
    participant Agent as AI Agent
    participant CS as Cyberstrike
    participant MCP as MCP Server
    participant Tool as Kali Tool

    Agent->>CS: "I need to scan ports"
    CS->>MCP: tool_search("port scanner")
    MCP-->>CS: [nmap, masscan, ...]
    CS-->>Agent: Available: nmap, masscan

🎬 GIF: tool-discovery.gif

Tool search and discovery flow (15s)

2. Tool Loading

Selected tools are loaded into the agent’s context:

sequenceDiagram
    participant Agent as AI Agent
    participant CS as Cyberstrike
    participant MCP as MCP Server

    Agent->>CS: load_tool("nmap")
    CS->>MCP: tools/list
    MCP-->>CS: nmap schema + description
    CS-->>Agent: nmap ready (350 tokens)

3. Tool Execution

The agent calls tools with appropriate arguments:

sequenceDiagram
    participant Agent as AI Agent
    participant CS as Cyberstrike
    participant MCP as MCP Server
    participant Tool as nmap

    Agent->>CS: bolt_execute(nmap, ["-sV", "target"])
    CS->>MCP: tools/call
    MCP->>Tool: spawn process
    Tool-->>MCP: scan results
    MCP-->>CS: JSON output
    CS-->>Agent: Formatted results

🎬 GIF: tool-execution-flow.gif

Complete tool execution flow (20s)

Dynamic Tool Loading

Cyberstrike uses a dynamic loading system to manage 100+ tools without overwhelming the AI context window.

🎞️ MARP SLIDE: token-budget.md

Dynamic tool loading and token budget management

Token Budget System

Each tool consumes context tokens based on its schema complexity:

Tool	Estimated Tokens
nmap	~350
sqlmap	~500
nuclei	~400
metasploit	~800

Default budget: 20,000 tokens for MCP tools

Meta-Tools

These tools manage the dynamic loading system:

Tool	Description
`tool_search`	Search available tools by name/description
`load_tools`	Load tools into current session
`unload_tools`	Remove tools to free budget
`list_loaded_tools`	Show loaded tools and token usage

📸 SCREENSHOT: token-budget-ui.png

Token budget indicator in TUI status bar

TUI Management

Use the /bolt command to manage all MCP servers (both local and remote) in the TUI:

🎬 GIF: bolt-tui-management.gif

/bolt command demo - add, toggle, delete servers (25s)

Keyboard Shortcuts

Key	Action
a	Add new MCP server (local or remote)
space	Toggle connection
d	Delete server
esc	Close dialog

Status Indicators

Icon	Status
⚡	Bolt container (Kali tools)
◆	Local MCP server (stdio)
◇	Remote MCP server (HTTP)

Connection States:

Green = Connected
Gray = Disabled
Red = Failed
Yellow = Needs Auth

📸 SCREENSHOT: bolt-dialog-states.png

Bolt dialog showing different server states

Model Compatibility

Caution

Important: Subprocess models cannot access MCP tools. Use direct API models for full Bolt integration.

🎞️ MARP SLIDE: model-compatibility.md

Which AI models work with Bolt/MCP

Supported Models (Direct API)

These models run within Cyberstrike and have full MCP access:

anthropic/claude-sonnet-4
anthropic/claude-opus-4
openai/gpt-4o
openai/gpt-4o-mini

Unsupported Models (Subprocess)

These models run as separate processes and cannot access MCP:

claude-cli/opus (runs claude CLI as subprocess)
claude-cli/sonnet
Any subprocess-based model

flowchart LR
    subgraph Supported["✅ Direct API Models"]
        API[anthropic/claude-*]
        MCP1[MCP Access]
        API --> MCP1
    end

    subgraph Unsupported["❌ Subprocess Models"]
        Sub[claude-cli/*]
        Sep[Separate Process]
        Sub --> Sep
        Sep -. No Access .-> MCP2[MCP]
    end

    style Supported fill:#10b981,color:#fff
    style Unsupported fill:#ef4444,color:#fff

Configuration Locations

MCP servers can be configured at multiple levels:

Location	Scope	Priority
`./cyberstrike.json`	Project	Highest
`./.cyberstrike/cyberstrike.json`	Project	High
`~/.config/cyberstrike/cyberstrike.json`	Global	Low

Project configuration overrides global configuration.

📸 SCREENSHOT: config-locations.png

Configuration file hierarchy visualization

Getting Started

Option 1: Bolt (Recommended)

Start Bolt server:

curl -sSL https://bolt.cyberstrike.io/install.sh | bash

Get admin token:
Terminal window
```
docker logs bolt | grep "Admin token"
```
Add in TUI: Press /bolt → a → Enter URL and token

See Bolt documentation for full details.

Option 2: Local MCP

Install tools locally (nmap, sqlmap, etc.)

Configure MCP:

{
  "mcp": {
    "kali": {
      "type": "local",
      "command": ["npx", "@cyberstrike/mcp-kali"]
    }
  }
}

See Local Servers for details.

Documentation Structure

Page	Description
Bolt	Docker-based Kali tools (recommended)
Local Servers	Locally running MCP servers
Remote Servers	HTTP/SSE remote connections
OAuth	OAuth authentication setup
Creating Servers	Build custom MCP servers

🎞️ MARP SLIDE: documentation-map.md

Visual map of Bolt/MCP documentation

Danger

Only use security tools against authorized targets. Unauthorized penetration testing is illegal.