PowerShell Exec MCP Server

generate_bigfix_script_pair

Create paired BigFix relevance and action scripts to deploy fixes, with relevance determining target computers and action implementing changes following IBM best practices.

Instructions

Generate a complete pair of BigFix relevance and action scripts for deployment.

This is the RECOMMENDED tool for BigFix fixlet creation as it creates both required scripts:
- Relevance script: Determines which computers need the action (TRUE/FALSE output)
- Action script: Performs the necessary changes with proper error handling

Both scripts follow IBM BigFix best practices:
- Proper BigFix output formats and exit codes
- BigFix client log integration for centralized monitoring
- System restore points before changes (action only)
- Comprehensive error handling and logging
- Event log integration for troubleshooting
- No user interaction (silent execution required)

IBM BigFix References:
- Fixlet Development: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_creating_fixlets.html
- Relevance Language: https://help.hcltechsw.com/bigfix/11.0/relevance/Relevance/c_relevance_language.html
- Action Scripts: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_creating_action_scripts.html
- Best Practices: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_best_practices_for_creating_fixlets.html
- Testing Guidelines: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_testing_fixlets.html

Args:
    description: Clear description of what the scripts should accomplish (e.g., 'Manage Chrome browser installation and updates')
    relevance_logic: PowerShell code that determines if action is needed. Use 'Complete-Relevance -Relevant $true/$false -Message "status"' to indicate result
    action_logic: PowerShell code that performs the remediation. Use 'Complete-Action -Result "Success/RetryableFailure/NonRetryableFailure" -Message "details"' to indicate completion
    output_dir: Optional directory to save both scripts. If not provided, returns script content in response
    timeout: Command timeout in seconds (1-300, default 60)
    
Returns:
    Dictionary containing both scripts: {"relevance_script": "content/path", "action_script": "content/path"}
    
Example:
    Generate scripts to manage Chrome browser installation:
    ```
    result = await generate_bigfix_script_pair(
        description="Manage Chrome browser installation with version 100.0.0.0 or higher",
        relevance_logic=''',
        try {
            $app = Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe" -ErrorAction Stop
            $version = (Get-Item $app.'(Default)').VersionInfo.FileVersion
            $needsAction = [version]$version -lt [version]"100.0.0.0"
            Complete-Relevance -Relevant $needsAction -Message "Chrome version: $version (Target: 100.0.0.0+)"
        } catch {
            Complete-Relevance -Relevant $true -Message "Chrome not found - installation needed"
        }
        ''',
        action_logic=''',
        try {
            $installer = "$env:TEMP\ChromeSetup.exe"
            Write-BigFixLog "Downloading Chrome installer..."
            Invoke-WebRequest -Uri "https://dl.google.com/chrome/install/latest/chrome_installer.exe" -OutFile $installer -UseBasicParsing
            Write-BigFixLog "Installing Chrome silently..."
            Start-Process -FilePath $installer -Args "/silent /install" -Wait
            Remove-Item $installer -Force
            Complete-Action -Result "Success" -Message "Chrome installation completed successfully"
        } catch {
            Complete-Action -Result "RetryableFailure" -Message "Chrome installation failed: $($_.Exception.Message)"
        }
        ''',
        output_dir="chrome_bigfix_scripts"
    )
    ```
    
Tips:
    - Always test both scripts in a controlled environment first
    - Ensure relevance logic matches the conditions that action script addresses
    - Use descriptive logging messages for easier troubleshooting
    - Consider the scope and impact of actions (test groups first)
    - Make sure relevance logic is efficient (evaluated frequently)
    - Ensure action logic is idempotent (safe to run multiple times)
    - Use Write-BigFixLog for detailed progress tracking
    - Test across different OS versions and configurations

Input Schema

TableJSON Schema

Name	Required	Description	Default
`description`	Yes
`relevance_logic`	Yes
`action_logic`	Yes
`output_dir`	No
`timeout`	No

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Implementation Reference

server.py:738-858 (handler)

The core handler function for the 'generate_bigfix_script_pair' MCP tool. Decorated with @mcp.tool(), it accepts description, relevance_logic, action_logic, optional output_dir and timeout, and returns a dictionary with generated relevance_script and action_script contents or paths. It delegates to helper functions generate_bigfix_relevance_script and generate_bigfix_action_script.

async def generate_bigfix_script_pair(
    description: str,
    relevance_logic: str,
    action_logic: str,
    output_dir: Optional[str] = None,
    timeout: Optional[int] = 60
) -> Dict[str, str]:
    """Generate a complete pair of BigFix relevance and action scripts for deployment.
    
    This is the RECOMMENDED tool for BigFix fixlet creation as it creates both required scripts:
    - Relevance script: Determines which computers need the action (TRUE/FALSE output)
    - Action script: Performs the necessary changes with proper error handling
    
    Both scripts follow IBM BigFix best practices:
    - Proper BigFix output formats and exit codes
    - BigFix client log integration for centralized monitoring
    - System restore points before changes (action only)
    - Comprehensive error handling and logging
    - Event log integration for troubleshooting
    - No user interaction (silent execution required)
    
    IBM BigFix References:
    - Fixlet Development: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_creating_fixlets.html
    - Relevance Language: https://help.hcltechsw.com/bigfix/11.0/relevance/Relevance/c_relevance_language.html
    - Action Scripts: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_creating_action_scripts.html
    - Best Practices: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_best_practices_for_creating_fixlets.html
    - Testing Guidelines: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_testing_fixlets.html
    
    Args:
        description: Clear description of what the scripts should accomplish (e.g., 'Manage Chrome browser installation and updates')
        relevance_logic: PowerShell code that determines if action is needed. Use 'Complete-Relevance -Relevant $true/$false -Message "status"' to indicate result
        action_logic: PowerShell code that performs the remediation. Use 'Complete-Action -Result "Success/RetryableFailure/NonRetryableFailure" -Message "details"' to indicate completion
        output_dir: Optional directory to save both scripts. If not provided, returns script content in response
        timeout: Command timeout in seconds (1-300, default 60)
        
    Returns:
        Dictionary containing both scripts: {"relevance_script": "content/path", "action_script": "content/path"}
        
    Example:
        Generate scripts to manage Chrome browser installation:
        ```
        result = await generate_bigfix_script_pair(
            description="Manage Chrome browser installation with version 100.0.0.0 or higher",
            relevance_logic=''',
            try {
                $app = Get-ItemProperty "HKLM:\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\chrome.exe" -ErrorAction Stop
                $version = (Get-Item $app.'(Default)').VersionInfo.FileVersion
                $needsAction = [version]$version -lt [version]"100.0.0.0"
                Complete-Relevance -Relevant $needsAction -Message "Chrome version: $version (Target: 100.0.0.0+)"
            } catch {
                Complete-Relevance -Relevant $true -Message "Chrome not found - installation needed"
            }
            ''',
            action_logic=''',
            try {
                $installer = "$env:TEMP\\ChromeSetup.exe"
                Write-BigFixLog "Downloading Chrome installer..."
                Invoke-WebRequest -Uri "https://dl.google.com/chrome/install/latest/chrome_installer.exe" -OutFile $installer -UseBasicParsing
                Write-BigFixLog "Installing Chrome silently..."
                Start-Process -FilePath $installer -Args "/silent /install" -Wait
                Remove-Item $installer -Force
                Complete-Action -Result "Success" -Message "Chrome installation completed successfully"
            } catch {
                Complete-Action -Result "RetryableFailure" -Message "Chrome installation failed: $($_.Exception.Message)"
            }
            ''',
            output_dir="chrome_bigfix_scripts"
        )
        ```
        
    Tips:
        - Always test both scripts in a controlled environment first
        - Ensure relevance logic matches the conditions that action script addresses
        - Use descriptive logging messages for easier troubleshooting
        - Consider the scope and impact of actions (test groups first)
        - Make sure relevance logic is efficient (evaluated frequently)
        - Ensure action logic is idempotent (safe to run multiple times)
        - Use Write-BigFixLog for detailed progress tracking
        - Test across different OS versions and configurations
    """
    if output_dir:
        # Create output directory in current working directory
        abs_output_dir = ensure_directory(output_dir)
        
        # Create full paths for scripts
        relevance_path = os.path.join(abs_output_dir, "relevance.ps1")
        action_path = os.path.join(abs_output_dir, "action.ps1")
        
        # Create parent directory if it doesn't exist
        os.makedirs(abs_output_dir, exist_ok=True)
        
        relevance_result = await generate_bigfix_relevance_script(
            description=description,
            relevance_logic=relevance_logic,
            output_path=relevance_path,
            timeout=timeout
        )        
        action_result = await generate_bigfix_action_script(
            description=description,
            action_logic=action_logic,
            output_path=action_path,
            timeout=timeout
        )
    else:
        relevance_result = await generate_bigfix_relevance_script(
            description=description,
            relevance_logic=relevance_logic,
            timeout=timeout
        )
        
        action_result = await generate_bigfix_action_script(
            description=description,
            action_logic=action_logic,
            timeout=timeout
        )
    
    return {
        "relevance_script": relevance_result,
        "action_script": action_result
    }

server.py:587-657 (helper)

Helper function that generates the BigFix relevance script from the 'bigfix_relevance.ps1' template, injecting parameters including the provided relevance_logic.

async def generate_bigfix_relevance_script(
    description: str,
    relevance_logic: str,
    output_path: Optional[str] = None,
    timeout: Optional[int] = 60
) -> str:
    """Generate a BigFix relevance script to determine if computers need action.
    
    Creates a PowerShell relevance script that follows IBM BigFix best practices:
    - Proper output format (TRUE/FALSE for BigFix consumption)
    - BigFix client log integration for monitoring
    - Event log integration for troubleshooting
    - Comprehensive error handling and logging
    - Fast execution optimized for frequent evaluations
    
    💡 TIP: For complete BigFix deployments, you need BOTH relevance and action scripts.
    Consider using 'generate_bigfix_script_pair' to create both scripts together with matching logic.
    
    IBM BigFix References:
    - Relevance Language Guide: https://help.hcltechsw.com/bigfix/11.0/relevance/Relevance/c_relevance_language.html
    - Action Scripts: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_creating_action_scripts.html
    - Best Practices: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_best_practices_for_creating_fixlets.html
    - Client Logging: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Installation/c_bes_client_logging.html
    
    Args:
        description: Clear description of what the script should check (e.g., 'Check if Chrome needs updating', 'Verify Windows patches are current')
        relevance_logic: PowerShell code that determines relevance. Use 'Complete-Relevance -Relevant $true/$false -Message "status"' to indicate result
        output_path: Optional file path where the script will be saved. If not provided, returns script content
        timeout: Command timeout in seconds (1-300, default 60)
        
    Returns:
        Generated script content or path where script was saved
        
    Example:
        Generate a script to check if Chrome needs updating:
        ```
        result = await generate_bigfix_relevance_script(
            description="Check if Chrome browser needs updating to version 100.0.0.0 or higher",
            relevance_logic=''',
            try {
                $app = Get-ItemProperty "HKLM:\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\chrome.exe" -ErrorAction Stop
                $version = (Get-Item $app.'(Default)').VersionInfo.FileVersion
                $needsUpdate = [version]$version -lt [version]"100.0.0.0"
                Complete-Relevance -Relevant $needsUpdate -Message "Chrome version: $version (Target: 100.0.0.0+)"
            } catch {
                Complete-Relevance -Relevant $true -Message "Chrome not found or inaccessible - installation needed"
            }
            ''',
            output_path="chrome_relevance.ps1"
        )
        ```
        
    Tips:
        - Keep relevance logic fast and efficient (evaluated frequently)
        - Return TRUE when action is needed, FALSE when compliant
        - Always use Complete-Relevance function for proper BigFix output format
        - Use try-catch blocks for robust error handling
        - Test relevance logic thoroughly across different environments
        - Use Write-BigFixLog for detailed progress tracking
    """
    params = {
        "SYNOPSIS": f"BigFix Relevance Script - {description}",
        "DESCRIPTION": description,
        "DATE": datetime.now().strftime('%Y-%m-%d'),
        "RELEVANCE_LOGIC": relevance_logic
    }
    
    if output_path:
        output_path = ensure_directory(output_path)
    
    return await generate_script_from_template("bigfix_relevance", params, output_path, timeout)

server.py:660-735 (helper)

Helper function that generates the BigFix action script from the 'bigfix_action.ps1' template, injecting parameters including the provided action_logic.

async def generate_bigfix_action_script(
    description: str,
    action_logic: str,
    output_path: Optional[str] = None,
    timeout: Optional[int] = 60
) -> str:
    """Generate a BigFix action script to perform remediation or configuration changes.
    
    Creates a PowerShell action script that follows IBM BigFix best practices:
    - Proper exit codes (0=success, 1=retryable failure, 2=non-retryable failure)
    - BigFix client log integration for monitoring
    - System restore point creation before changes
    - Comprehensive error handling and logging
    - Event log integration for troubleshooting
    
    ⚠️ IMPORTANT: For complete BigFix deployments, you need BOTH relevance and action scripts.
    Consider using 'generate_bigfix_script_pair' instead to create both scripts together.
    
    IBM BigFix References:
    - Action Scripts: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_creating_action_scripts.html
    - Exit Codes: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_action_script_exit_codes.html
    - Best Practices: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Console/c_best_practices_for_creating_fixlets.html
    - Client Logging: https://help.hcltechsw.com/bigfix/11.0/platform/Platform/Installation/c_bes_client_logging.html
    
    Args:
        description: Clear description of what the script should accomplish (e.g., 'Install Chrome browser', 'Configure Windows firewall')
        action_logic: PowerShell code that performs the action. Use 'Complete-Action -Result "Success/RetryableFailure/NonRetryableFailure" -Message "details"' to indicate completion
        output_path: Optional file path where the script will be saved. If not provided, returns script content
        timeout: Command timeout in seconds (1-300, default 60)
        
    Returns:
        Generated script content or path where script was saved
        
    Example:
        Generate a script to install Chrome:
        ```
        result = await generate_bigfix_action_script(
            description="Install Chrome browser to latest version",
            action_logic='''
            try {
                $installer = "$env:TEMP\\ChromeSetup.exe"
                Write-BigFixLog "Downloading Chrome installer..."
                Invoke-WebRequest -Uri "https://dl.google.com/chrome/install/latest/chrome_installer.exe" -OutFile $installer -UseBasicParsing
                Write-BigFixLog "Installing Chrome silently..."
                Start-Process -FilePath $installer -Args "/silent /install" -Wait
                Remove-Item $installer -Force
                Complete-Action -Result "Success" -Message "Chrome installation completed successfully"
            } catch {
                Complete-Action -Result "RetryableFailure" -Message "Chrome installation failed: $($_.Exception.Message)"
            }
            ''',
            output_path="chrome_action.ps1"
        )
        ```
        
    Tips:
        - Always use Complete-Action function to set proper exit codes
        - Use "Success" for completed actions
        - Use "RetryableFailure" for temporary issues (network, locks, etc.)
        - Use "NonRetryableFailure" for permanent issues (unsupported OS, etc.)
        - Test action logic in safe environments first
        - Consider creating system restore points for major changes
        - Use Write-BigFixLog for detailed logging and troubleshooting
        - Make actions idempotent (safe to run multiple times)
    """
    params = {
        "SYNOPSIS": f"BigFix Action Script - {description}",
        "DESCRIPTION": description,
        "DATE": datetime.now().strftime('%Y-%m-%d'),
        "ACTION_LOGIC": action_logic
    }
    
    if output_path:
        output_path = ensure_directory(output_path)
    
    return await generate_script_from_template("bigfix_action", params, output_path, timeout)

server.py:159-195 (helper)

Core helper utility that loads a .ps1 template file, performs parameter substitution, and returns or saves the generated script. Used by BigFix and Intune script generators.

async def generate_script_from_template(
    template_name: str,
    parameters: Dict[str, Any],
    output_path: Optional[str] = None,
    timeout: Optional[int] = 60
) -> str:
    """Generate a PowerShell script from a template.
    
    Args:
        template_name: Name of the template to use (without .ps1 extension)
        parameters: Dictionary of parameters to replace in the template
        output_path: Where to save the generated script (optional)
        timeout: Command timeout in seconds (1-300, default 60)
        
    Returns:
        Generated script content or path where script was saved
    """
    template_path = os.path.join(TEMPLATES_DIR, f"{template_name}.ps1")
    if not os.path.exists(template_path):
        raise ValueError(f"Template {template_name} not found")
        
    with open(template_path, 'r') as f:
        template_content = f.read()
        
    # Replace template variables
    script_content = template_content
    parameters['DATE'] = datetime.now().strftime('%Y-%m-%d')
    
    for key, value in parameters.items():
        script_content = script_content.replace(f"{{{{{key}}}}}", str(value))
        
    if output_path:
        with open(output_path, 'w') as f:
            f.write(script_content)
        return f"Script generated and saved to: {output_path}"
    
    return script_content

server.py:316-325 (helper)

Utility function to ensure output directories exist before writing generated scripts.

@mcp.tool()
def ensure_directory(path: str) -> str:
    """Ensure directory exists and return absolute path."""
    abs_path = normalize_path(path)
    if os.path.splitext(abs_path)[1]:  # If path has an extension
        dir_path = os.path.dirname(abs_path)
    else:
        dir_path = abs_path
    os.makedirs(dir_path, exist_ok=True)
    return abs_path

Tool Definition Quality

A4.7/5.0

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It thoroughly describes behavioral traits: it generates scripts following IBM BigFix best practices (e.g., proper output formats, log integration, system restore points, error handling, silent execution), includes references for development, and provides detailed tips on testing, scoping, and implementation considerations. This goes well beyond basic functionality.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness3/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately front-loaded with purpose and guidelines, but it's overly long with extensive reference links, tips, and a verbose example. While informative, some sections (like the full list of references) could be condensed or moved elsewhere, as not every sentence earns its place for core tool understanding. The structure is logical but not maximally concise.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (generating deployment scripts with best practices), no annotations, and an output schema that documents the return format, the description is highly complete. It covers purpose, usage, behavioral details, parameter semantics, examples, and tips, providing all necessary context for an AI agent to correctly invoke and understand the tool's scope and limitations.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, so the description must compensate. It adds significant meaning beyond the bare schema: it explains what each parameter represents (e.g., 'description: Clear description of what the scripts should accomplish'), provides formatting guidance (e.g., using specific functions like 'Complete-Relevance'), and includes an extensive example showing parameter usage. However, it doesn't explicitly detail all parameter constraints (e.g., timeout range 1-300 is mentioned but not emphasized).

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Generate a complete pair of BigFix relevance and action scripts for deployment.' It specifies the verb ('generate'), resource ('BigFix relevance and action scripts'), and distinguishes it from siblings by emphasizing it's the 'RECOMMENDED tool for BigFix fixlet creation' that creates both required scripts, unlike separate relevance or action script generators.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides explicit guidance on when to use this tool: 'This is the RECOMMENDED tool for BigFix fixlet creation as it creates both required scripts.' It distinguishes from alternatives by implying that for BigFix fixlets, this integrated pair generation is preferred over using separate sibling tools like 'generate_bigfix_action_script' or 'generate_bigfix_relevance_script' individually.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/DynamicEndpoints/PowerShell-Exec-MCP-Server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server