PowerShell Exec MCP Server

Instructions

Creates a PowerShell action script that follows IBM BigFix best practices:
- Proper exit codes (0=success, 1=retryable failure, 2=non-retryable failure)
- BigFix client log integration for monitoring
- System restore point creation before changes
- Comprehensive error handling and logging
- Event log integration for troubleshooting

⚠️ IMPORTANT: For complete BigFix deployments, you need BOTH relevance and action scripts.
Consider using 'generate_bigfix_script_pair' instead to create both scripts together.

IBM BigFix References:
- Action Scripts: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_creating_action_scripts.html
- Exit Codes: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_action_script_exit_codes.html
- Best Practices: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_best_practices_for_creating_fixlets.html
- Client Logging: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Installation/c_bes_client_logging.html

Args:
    description: Clear description of what the script should accomplish (e.g., 'Install Chrome browser', 'Configure Windows firewall')
    action_logic: PowerShell code that performs the action. Use 'Complete-Action -Result "Success/RetryableFailure/NonRetryableFailure" -Message "details"' to indicate completion
    output_path: Optional file path where the script will be saved. If not provided, returns script content
    timeout: Command timeout in seconds (1-300, default 60)
    
Returns:
    Generated script content or path where script was saved
    
Example:
    Generate a script to install Chrome:
    ```
    result = await generate_bigfix_action_script(
        description="Install Chrome browser to latest version",
        action_logic='''
        try {
            $installer = "$env:TEMP\ChromeSetup.exe"
            Write-BigFixLog "Downloading Chrome installer..."
            Invoke-WebRequest -Uri "https://dl.google.com/chrome/install/latest/chrome_installer.exe" -OutFile $installer -UseBasicParsing
            Write-BigFixLog "Installing Chrome silently..."
            Start-Process -FilePath $installer -Args "/silent /install" -Wait
            Remove-Item $installer -Force
            Complete-Action -Result "Success" -Message "Chrome installation completed successfully"
        } catch {
            Complete-Action -Result "RetryableFailure" -Message "Chrome installation failed: $($_.Exception.Message)"
        }
        ''',
        output_path="chrome_action.ps1"
    )
    ```
    
Tips:
    - Always use Complete-Action function to set proper exit codes
    - Use "Success" for completed actions
    - Use "RetryableFailure" for temporary issues (network, locks, etc.)
    - Use "NonRetryableFailure" for permanent issues (unsupported OS, etc.)
    - Test action logic in safe environments first
    - Consider creating system restore points for major changes
    - Use Write-BigFixLog for detailed logging and troubleshooting
    - Make actions idempotent (safe to run multiple times)

Implementation Reference

• server.py:659-735 (handler)

  The primary handler function for the 'generate_bigfix_action_script' MCP tool. Decorated with @mcp.tool() for automatic schema generation and registration. Generates BigFix action scripts by populating the 'bigfix_action' template with provided parameters and logic.

  @mcp.tool()
  async def generate_bigfix_action_script(
      description: str,
      action_logic: str,
      output_path: Optional[str] = None,
      timeout: Optional[int] = 60
  ) -> str:
      """Generate a BigFix action script to perform remediation or configuration changes.
      
      Creates a PowerShell action script that follows IBM BigFix best practices:
      - Proper exit codes (0=success, 1=retryable failure, 2=non-retryable failure)
      - BigFix client log integration for monitoring
      - System restore point creation before changes
      - Comprehensive error handling and logging
      - Event log integration for troubleshooting
      
      ⚠️ IMPORTANT: For complete BigFix deployments, you need BOTH relevance and action scripts.
      Consider using 'generate_bigfix_script_pair' instead to create both scripts together.
      
      IBM BigFix References:
      - Action Scripts: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_creating_action_scripts.html
      - Exit Codes: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_action_script_exit_codes.html
      - Best Practices: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_best_practices_for_creating_fixlets.html
      - Client Logging: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Installation/c_bes_client_logging.html
      
      Args:
          description: Clear description of what the script should accomplish (e.g., 'Install Chrome browser', 'Configure Windows firewall')
          action_logic: PowerShell code that performs the action. Use 'Complete-Action -Result "Success/RetryableFailure/NonRetryableFailure" -Message "details"' to indicate completion
          output_path: Optional file path where the script will be saved. If not provided, returns script content
          timeout: Command timeout in seconds (1-300, default 60)
          
      Returns:
          Generated script content or path where script was saved
          
      Example:
          Generate a script to install Chrome:
          ```
          result = await generate_bigfix_action_script(
              description="Install Chrome browser to latest version",
              action_logic='''
              try {
                  $installer = "$env:TEMP\\ChromeSetup.exe"
                  Write-BigFixLog "Downloading Chrome installer..."
                  Invoke-WebRequest -Uri "https://dl.google.com/chrome/install/latest/chrome_installer.exe" -OutFile $installer -UseBasicParsing
                  Write-BigFixLog "Installing Chrome silently..."
                  Start-Process -FilePath $installer -Args "/silent /install" -Wait
                  Remove-Item $installer -Force
                  Complete-Action -Result "Success" -Message "Chrome installation completed successfully"
              } catch {
                  Complete-Action -Result "RetryableFailure" -Message "Chrome installation failed: $($_.Exception.Message)"
              }
              ''',
              output_path="chrome_action.ps1"
          )
          ```
          
      Tips:
          - Always use Complete-Action function to set proper exit codes
          - Use "Success" for completed actions
          - Use "RetryableFailure" for temporary issues (network, locks, etc.)
          - Use "NonRetryableFailure" for permanent issues (unsupported OS, etc.)
          - Test action logic in safe environments first
          - Consider creating system restore points for major changes
          - Use Write-BigFixLog for detailed logging and troubleshooting
          - Make actions idempotent (safe to run multiple times)
      """
      params = {
          "SYNOPSIS": f"BigFix Action Script - {description}",
          "DESCRIPTION": description,
          "DATE": datetime.now().strftime('%Y-%m-%d'),
          "ACTION_LOGIC": action_logic
      }
      
      if output_path:
          output_path = ensure_directory(output_path)
      
      return await generate_script_from_template("bigfix_action", params, output_path, timeout)

• server.py:159-195 (helper)

  Core helper function used by generate_bigfix_action_script to load and populate the 'bigfix_action.ps1' template file with dynamic parameters.

  async def generate_script_from_template(
      template_name: str,
      parameters: Dict[str, Any],
      output_path: Optional[str] = None,
      timeout: Optional[int] = 60
  ) -> str:
      """Generate a PowerShell script from a template.
      
      Args:
          template_name: Name of the template to use (without .ps1 extension)
          parameters: Dictionary of parameters to replace in the template
          output_path: Where to save the generated script (optional)
          timeout: Command timeout in seconds (1-300, default 60)
          
      Returns:
          Generated script content or path where script was saved
      """
      template_path = os.path.join(TEMPLATES_DIR, f"{template_name}.ps1")
      if not os.path.exists(template_path):
          raise ValueError(f"Template {template_name} not found")
          
      with open(template_path, 'r') as f:
          template_content = f.read()
          
      # Replace template variables
      script_content = template_content
      parameters['DATE'] = datetime.now().strftime('%Y-%m-%d')
      
      for key, value in parameters.items():
          script_content = script_content.replace(f"{{{{{key}}}}}", str(value))
          
      if output_path:
          with open(output_path, 'w') as f:
              f.write(script_content)
          return f"Script generated and saved to: {output_path}"
      
      return script_content

• server.py:316-325 (helper)

  Helper utility called by generate_bigfix_action_script to ensure output directory exists before writing generated script.

  @mcp.tool()
  def ensure_directory(path: str) -> str:
      """Ensure directory exists and return absolute path."""
      abs_path = normalize_path(path)
      if os.path.splitext(abs_path)[1]:  # If path has an extension
          dir_path = os.path.dirname(abs_path)
      else:
          dir_path = abs_path
      os.makedirs(dir_path, exist_ok=True)
      return abs_path

• server.py:659-659 (registration)

  MCP tool registration decorator for generate_bigfix_action_script, which also auto-generates input schema from function signature and docstring.

  @mcp.tool()