mcp: align metasploit-local with HexStrike style; add FORCE_SUBTREE_PULL to .env.example

.env.example

@@ -28,6 +28,11 @@ LAUNCH_HEXTRIKE=false
 # auto-launch `msfrpcd` (it will never invoke sudo).
 LAUNCH_METASPLOIT_MCP=false
 
+# When set to `true`, the subtree helper scripts (e.g. scripts/add_metasploit_subtree.sh)
+# will force a pull/update of vendored subtrees. Useful when you want to refresh
+# the third_party trees during setup. Set to `true` to enable.
+FORCE_SUBTREE_PULL=true
+
 # Metasploit RPC (msfrpcd) connection settings
 # - `MSF_USER`/`MSF_PASSWORD`: msfrpcd credentials (keep password secret)
 # - `MSF_SERVER`/`MSF_PORT`: host/port where msfrpcd listens (typically 127.0.0.1)

pentestagent/mcp/mcp_servers.json

@@ -17,16 +17,12 @@
       "command": "python3",
       "args": [
         "third_party/MetasploitMCP/MetasploitMCP.py",
-        "--transport",
-        "http",
-        "--host",
-        "127.0.0.1",
-        "--port",
-        "7777"
+        "--server",
+        "http://127.0.0.1:7777"
       ],
       "description": "Metasploit MCP (vendored) - local server",
       "timeout": 300,
-      "enabled": false,
+      "enabled": true,
       "start_on_launch": false
     }
   }