endpoint-aiops-mcp
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| ENDPOINT_AIOPS_HOME | No | Override the home directory for configuration and audit logs (default: ~/.endpoint-aiops). | |
| ENDPOINT_AUDIT_RATIONALE | No | Rationale for high-risk operations. Required when performing high-risk writes. | |
| ENDPOINT_AUDIT_APPROVED_BY | No | Name of the approver for high-risk operations. Required when performing high-risk writes. | |
| ENDPOINT_AIOPS_MASTER_PASSWORD | Yes | Master password to unlock the encrypted secrets store. Required for MCP server. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| drift_reportA | [READ] Report endpoints drifted from a per-field baseline (patch/agent/OS/profile). Answers "which endpoints have drifted from the fleet?" With no baseline it derives one by fleet majority (the most common value per field is treated as intended), so it works before any gold image is declared. Pass 'endpoints' for pure analysis, or a target to pull live inventory. Args: baseline: Field→intended-value map; omit to derive the fleet majority. fields: Inventory fields to check (default agentVersion, patchLevel, osBuild, profileId). endpoints: Injected inventory rows; skips live collection. target: Endpoint-management target name from config; omit for the default. Returns dict: {totalEndpoints, baselineSource, baseline, fieldsChecked, driftedCount, compliantCount, driftByField, driftedEndpoints[], truncated}. Example: drift_report(endpoints=[{"hostname":"tc01","patchLevel":"2026-06"}, {"hostname":"tc02","patchLevel":"2026-05"}]). |
| patch_statusA | [READ] Patch-level distribution + which endpoints are behind the target level. Args: target_patch: Desired patch level; omit to use the fleet-majority level. endpoints: Injected inventory rows; skips live collection. target: Endpoint-management target name from config; omit for the default. Returns dict: {totalEndpoints, targetPatch, targetSource, distribution, behindCount, behind[], truncated}. |
| patch_complianceA | [READ] Patch-compliance SLA measure: % of the fleet on the target patch level. Reframes patch_status (the patch-level distribution) as an SLA/compliance verdict: what fraction of the fleet is on the target level, whether that meets the SLA, and which endpoints are non-compliant. Compliance is an exact string match on patchLevel — a transparent check, not a version-semantics parser. Injected-only: pass 'endpoints' (inventory rows); no live collection. Args: endpoints: Injected inventory rows to evaluate (e.g. from endpoint_list). target_patch: Desired patch level; omit to use the fleet-majority level. sla_pct: Compliance SLA threshold percent; default 95.0. Returns dict: {endpointsEvaluated, targetPatch, targetSource, slaTargetPct, complianceRatePct, compliantCount, verdict, nonCompliant[], note}. Example: patch_compliance(endpoints=[{"hostname":"tc01","patchLevel":"2026-06"}, {"hostname":"tc02","patchLevel":"2026-05"}], target_patch="2026-06"). |
| overviewA | [READ] One-shot fleet health: online/offline, stale endpoints, version spread. Call this first to triage a managed-endpoint fleet before drilling into a specific endpoint, login storm, or drift report. Args: target: Endpoint-management target name from config; omit for the default. |
| endpoint_listA | [READ] List all managed endpoints (id, hostname, OS, agent/patch, online). Args: target: Endpoint-management target name from config; omit for the default. |
| endpoint_getB | [READ] One managed endpoint by id, normalised to the stable shape. Args: endpoint_id: Endpoint id (or uuid/mac) as returned by endpoint_list. target: Endpoint-management target name from config; omit for the default. |
| endpoint_health_scoreA | [READ] Composite per-endpoint health score (0-100), worst endpoints first. Answers "which endpoints are worst?" by folding the fleet signals into one ranked view: it deducts points for each risk signal (offline, stale, patch-behind, agent-behind) and cites every deduction in the endpoint's 'reasons'. Pure analysis over injected inventory rows (the shape from endpoint_list) — no live connection is used. With no baseline, the patch and agent baselines are derived by fleet majority, so it works before a gold image is declared. Args: endpoints: Injected inventory rows (id, hostname, online, lastSeenHours, agentVersion, patchLevel) to score. Required — no live pull. stale_hours: An endpoint whose lastSeenHours >= this is 'stale' (default 24). baseline: Intended {'agentVersion', 'patchLevel'}; omit to derive the fleet majority. Returns dict: {endpointsEvaluated, baseline:{agentVersion, patchLevel, source}, summary:{healthy, degraded, critical}, worst:[{endpoint, score, band, reasons[]} ...worst-first], note}. Example: endpoint_health_score(endpoints=[ {"hostname":"tc01","online":True,"agentVersion":"12.6","patchLevel":"2026-06"}, {"hostname":"tc02","online":False,"agentVersion":"12.5","patchLevel":"2026-05"}]). |
| endpoint_assign_profileA | [WRITE][risk=high] Assign a config profile to an endpoint (reversible). Captures the prior profile before switching, so the harness records an undo (reassign the prior profile) and a faithful audit trail. Args: endpoint_id: Endpoint id as returned by endpoint_list. profile_id: Config profile to assign. target: Endpoint-management target name from config; omit for the default. |
| endpoint_rebootA | [WRITE][risk=medium] Request an endpoint reboot (no safe inverse). Records the endpoint's prior online state for the audit trail; a reboot cannot be undone, so no undo descriptor is offered. Args: endpoint_id: Endpoint id as returned by endpoint_list. target: Endpoint-management target name from config; omit for the default. |
| session_listA | [READ] Recent login/boot sessions (endpoint, user, login_ms, boot_ms, result). Args: since_hours: Look-back window in hours (1..720, default 24). target: Endpoint-management target name from config; omit for the default. |
| login_storm_analysisA | [READ] Detect login storms + rank the slowest login/boot contributors. Answers "is this a morning login storm, and which endpoints/users are dragging login and boot times?" Groups logins into storm episodes (>= min_concurrent within a window_s sliding window) and flags sessions slower than the thresholds — every flag is reported with its number, not a verdict. Pass 'sessions' for pure analysis, or a target to pull live via session_list. Args: since_hours: Live look-back window when sessions is omitted (default 24). window_s: Sliding window that defines "concurrent" logins (default 300). min_concurrent: Logins within a window that constitute a storm (default 10). slow_login_ms: Login duration (ms) flagged as slow (default 30000). slow_boot_ms: Boot duration (ms) flagged as slow (default 90000). sessions: Injected session records — {endpoint, user, login_ms, boot_ms, timestamp (ISO-8601), result}; skips live collection. target: Endpoint-management target name from config; omit for the default. Returns dict: {totalSessions, stormCount, storms:[{start, end, count, peakConcurrent, spanS, distinctUsers, distinctEndpoints, avgLoginMs}], slowLoginCount, slowestByLogin[], slowestByBoot[], failedLogins, thresholds}. Example: login_storm_analysis(sessions=[{"endpoint":"tc01","user":"a", "login_ms":42000,"timestamp":"2026-07-12T08:00:00Z"}, ...]). |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/AIops-tools/Endpoint-AIops'
If you have feedback or need assistance with the MCP directory API, please join our Discord server