On this page

Bolt / MCP Overview

Cyberstrike uses the Model Context Protocol (MCP) to integrate with external security tools. Bolt is our plugin-based tool server that provides security tools through a Docker container.

🎬 GIF: bolt-tool-execution.gif

Bolt tool execution demo - nmap scan (20s)

Architecture Overview

Cyberstrike provides two approaches to access security tools:

flowchart TB
    subgraph User["Your Machine"]
        CS[Cyberstrike CLI]
        Agent[AI Agent]
    end

    subgraph Bolt["Bolt (Recommended)"]
        Docker[Docker Container]
        Plugins[6 Security Plugins]
        HTTP[HTTP/MCP Transport]
    end

    subgraph Local["Local MCP"]
        Stdio[Stdio Transport]
        LocalTools[Locally Installed Tools]
    end

    Agent --> CS
    CS -->|"HTTP (Remote)"| HTTP
    HTTP --> Docker
    Docker --> Plugins

    CS -->|"Stdio (Local)"| Stdio
    Stdio --> LocalTools

    style Bolt fill:#10b981,color:#fff
    style Local fill:#6b7280,color:#fff

Approach	Pros	Cons
Bolt (Remote)	Pre-installed tools, Docker isolation, easy setup, direct tool calls	Network latency, Docker required
Local MCP	Zero latency, offline operation	Manual tool installation, no isolation

Quick Comparison

Bolt (Recommended)

# One command to start
curl -sSL https://bolt.cyberstrike.io/install.sh | bash

6 security tool plugins (subfinder, nmap, nuclei, httpx, ffuf, run_command)
Docker-based isolation (Ubuntu 24.04)
Ed25519 authentication
Direct tool calls — 1 LLM turn per tool
Works on any platform

Local MCP

{
  "mcp": {
    "my-tools": {
      "type": "local",
      "command": ["your-mcp-server"]
    }
  }
}

Requires tools installed locally
Direct system access
Zero network latency
Best for offline use

How It Works

1. Tool Discovery

When Bolt is connected, all plugin tools are immediately available to the AI agent. No searching or loading required.

sequenceDiagram
    participant Agent as AI Agent
    participant CS as Cyberstrike
    participant MCP as Bolt Server

    Agent->>CS: "I need to scan ports"
    CS->>MCP: tools/list
    MCP-->>CS: [nmap, subfinder, nuclei, httpx, ffuf, run_command]
    CS-->>Agent: Tools available

2. Tool Execution

The agent calls tools directly with appropriate arguments:

sequenceDiagram
    participant Agent as AI Agent
    participant CS as Cyberstrike
    participant MCP as Bolt Server
    participant Tool as nmap

    Agent->>CS: nmap({target: "192.168.1.1", flags: "-sV"})
    CS->>MCP: tools/call
    MCP->>Tool: Bun.spawn
    Tool-->>MCP: scan results
    MCP-->>CS: JSON output
    CS-->>Agent: Formatted results

Each tool call is a single LLM turn — the agent decides which tool to use and calls it directly.

TUI Management

Use the /bolt command to manage all MCP servers (both local and remote) in the TUI:

Keyboard Shortcuts

Key	Action
a	Add new MCP server (local or remote)
space	Toggle connection
ctrl+d	Delete server
esc	Close dialog

Status Indicators

Icon	Status
⚡	Bolt container
◆	Local MCP server (stdio)
◇	Remote MCP server (HTTP)

Connection States:

Green = Connected
Gray = Disabled
Red = Failed (with error message)
Yellow = Needs Auth

Model Compatibility

Caution

Important: Subprocess models cannot access MCP tools. Use direct API models for full Bolt integration.

Supported Models (Direct API)

These models run within Cyberstrike and have full MCP access:

anthropic/claude-sonnet-4
anthropic/claude-opus-4
openai/gpt-4o
openai/gpt-4o-mini

Unsupported Models (Subprocess)

These models run as separate processes and cannot access MCP:

claude-cli/opus (runs claude CLI as subprocess)
claude-cli/sonnet
Any subprocess-based model

flowchart LR
    subgraph Supported["✅ Direct API Models"]
        API[anthropic/claude-*]
        MCP1[MCP Access]
        API --> MCP1
    end

    subgraph Unsupported["❌ Subprocess Models"]
        Sub[claude-cli/*]
        Sep[Separate Process]
        Sub --> Sep
        Sep -. No Access .-> MCP2[MCP]
    end

    style Supported fill:#10b981,color:#fff
    style Unsupported fill:#ef4444,color:#fff

Configuration Locations

MCP servers can be configured at multiple levels:

Location	Scope	Priority
`./cyberstrike.json`	Project	Highest
`./.cyberstrike/cyberstrike.json`	Project	High
`~/.config/cyberstrike/cyberstrike.json`	Global	Low

Project configuration overrides global configuration.

Getting Started

Option 1: Bolt (Recommended)

Start Bolt server:

curl -sSL https://bolt.cyberstrike.io/install.sh | bash

Get admin token:
Terminal window
```
docker logs bolt | grep "Admin token"
```
Add in TUI: Press /bolt → a → Enter URL and token

See Bolt documentation for full details.

Option 2: Local MCP

Install tools locally (nmap, nuclei, etc.)

Configure MCP:

{
  "mcp": {
    "my-tools": {
      "type": "local",
      "command": ["your-mcp-server"]
    }
  }
}

See Local Servers for details.

Documentation Structure

Page	Description
Bolt	Plugin-based security tool server (recommended)
Local Servers	Locally running MCP servers
Remote Servers	HTTP/SSE remote connections
OAuth	OAuth authentication setup
Creating Servers	Build custom MCP servers

Danger

Only use security tools against authorized targets. Unauthorized penetration testing is illegal.