Execute Windows commands with reliable output capture and agentic sampling.

RATIONALE: Consolidates PowerShell and CMD execution into a single async portmanteau. Uses asyncio.to_thread() to ensure the MCP event loop is never blocked. Integrates with FastMCP 3.2 Context for real-time telemetry and sampling.

PATTERNS:

• Non-blocking: Subprocess runs in a thread pool.

• Security: Argument validation for length (shlex not fully applicable for Windows non-shell).

• Feedback: ctx.info and ctx.report_progress for industrial observability.

Args: action: Execution environment ("powershell" or "cmd"). command: The command string to execute. working_directory: Optional CWD for the command. timeout_seconds: Hard timeout (1-300s, default: 30). max_output_size: Truncation limit for high-volume logs. ctx: FastMCP Context for telemetry and sampling (injected).

Examples: - command_execution(action="powershell", command="Get-Service | Where-Object Status -eq 'Running'") - command_execution(action="cmd", command="dir /s /b *.log")

Perform Windows archive management operations with agentic telemetry.

RATIONALE: Standardizes archive handling for automation and forensics. Provides specialized support for Windows-native CAB (.cab) files via expand.exe.

Args: action: The archive operation to perform. path: Path to the archive file. target_dir: Directory to extract to (for "extract" and "expand_cab"). source_files: List of files to compress (for "create" and "add_file"). archive_type: Format to use for creation. ctx: FastMCP Context for telemetry and sampling.

Perform specialized JSON data operations with agentic telemetry.

RATIONALE: Agents often need to "patch" existing configs or extract JSON from unstructured logs. This portmanteau provides the specialized logic required for high-level data surgery.

Args: action: The JSON operation to perform. path: File path for read/write/patch operations. data: Data to write or merge (for "write"/"patch"). text: Raw text to extract JSON from (for "extract_from_text"). indent: Indentation for formatting. ctx: FastMCP Context for telemetry and sampling.

Perform process management operations with comprehensive monitoring and agentic telemetry. Returns: Union[Dict, ToolResult] depending on action and availability of prefab-ui.

Perform Windows service operations with comprehensive error handling and agentic telemetry. Returns: Union[Dict, ToolResult] depending on action and availability of prefab-ui.

Perform system management operations with comprehensive error handling and agentic telemetry.

RATIONALE: Consolidates system info, health checks, and network connectivity into a single portmanteau. Integrates with FastMCP 3.2 Context for real-time progress reporting and LLM-in-the-loop diagnostics.

Args: action: The system operation to perform. detailed: Include additional technical details (default: False). host: Target hostname for port testing. port: Target port for connectivity verification. timeout_seconds: Connection timeout (default: 5s). category: Help category filter. ctx: FastMCP Context for telemetry and sampling (injected).

Examples: - system_management(action="health", detailed=True) - system_management(action="test_port", host="8.8.8.8", port=53)

Perform Windows Event Log operations with comprehensive error handling and agentic telemetry.

RATIONALE: Consolidates querying, clearing, and exporting logs into a single async portmanteau. Uses asyncio.to_thread for blocking pywin32 calls to maintain MCP responsiveness.

Args: action: The log operation to perform. log_name: Name of the event log (Application, System, Security, etc.). max_events: Maximum events to return (for "query"). time_range_hours: Lookback window (for "query"). event_id: Filter by specific Event ID. output_path: Destination for exported logs (for "export"). ctx: FastMCP Context for telemetry and sampling.

Perform Windows Performance monitoring with comprehensive error handling and agentic telemetry.

RATIONALE: Consolidates system-wide, process-specific, and low-level counter monitoring into a single portmanteau. Integrates with FastMCP 3.2 Context for real-time progress reporting and LLM-in-the-loop diagnostics.

Args: action: The performance operation to perform. pid: Specific process ID to monitor (for "process"). include_network: Include network I/O stats. duration_seconds: Interval for CPU sampling (default: 1s). ctx: FastMCP Context for telemetry and sampling.

Perform Windows Permission (ACL) operations with comprehensive error handling and agentic telemetry.

RATIONALE: Consolidates ACL viewing, granting, revoking, and inheritance management into a single portmanteau. Uses 'icacls.exe' for industrial reliability on Windows.

Args: action: The permission operation to perform. path: Target file or directory path. user: Target user or group (required for grant/revoke). permission: Permission level (F=Full, M=Modify, RX=Read/Exec, R=Read, W=Write). enable_inheritance: Whether to enable or disable inheritance (for "inheritance"). ctx: FastMCP Context for telemetry and sampling.

Perform Windows local account and group management with agentic telemetry.

RATIONALE: Enables autonomous identity and access management (IAM) on local Windows systems. Uses 'net.exe' for industrial reliability and broad OS compatibility.

Args: action: The account operation to perform. user: Target username. password: New password (for add_user or set_password). group: Target local group name. group_action: Action to perform on the group (target user is 'user'). ctx: FastMCP Context for telemetry and sampling.

Perform Windows Automation operations: Scheduled Tasks and WMI Queries.

RATIONALE: Enables autonomous system orchestration and deep environment forensics. Uses 'schtasks.exe' and 'wmic.exe' for industrial reliability.

Args: action: The automation operation to perform. task_name: Unique name for the scheduled task. task_path: Executable path for the scheduled task (for "create_task"). schedule: Task frequency. start_time: Task start time (format HH:mm). wmi_class: Target WMI class (e.g., 'Win32_Processor', 'Win32_BIOS'). wmi_namespace: WMI namespace for the query. ctx: FastMCP Context for telemetry and sampling.

Perform Windows networking and firewall operations with specialized orchestration.

RATIONALE: Consolidates complex 'netsh' and PowerShell networking commands into a single portmanteau. Enables autonomous security auditing and perimeter hardening.

Args: action: The networking operation to perform. rule_name: Name of the firewall rule. rule_dir: Direction of the traffic (in/out). rule_action: Action (allow/block). rule_program: Path to the executable (for firewall_add). rule_port: Local port number (for firewall_add). ctx: FastMCP Context for telemetry and sampling.

Manage modern Windows AppX and Store packages with PowerShell orchestration.

RATIONALE: Modern Windows applications (AppX) cannot be managed via traditional 'net.exe' or basic registry surgery. This tool uses PowerShell to enable autonomous bloatware removal and package auditing.

Args: action: The apps operation to perform. name_filter: Filter for listing (e.g. 'Xbox', 'Bing'). package_name: Exact package name to uninstall. all_users: Perform action for all users (requires elevation). ctx: FastMCP Context for telemetry and sampling.

Execute an autonomous system hardening mission with SEP-1577 Sampling.

RATIONALE: This orchestrator coordinates multiple specialized tools to reach a security baseline. It uses 'Reasoning-First' sampling to identify vulnerabilities before action.

Args: target: The subsystem to harden. dry_run: If True, only audit and recommend (default: True). ctx: FastMCP Context for telemetry and sampling.

Diagnose WHY a Windows operation failed (Permissions vs Process vs Registry).

Uses a 3-phase approach:

1. Scan recent Event Log errors

2. Check running processes for blockers

3. Sample for probable root cause and remediation steps

Args: operation_failure: Description of the failure to investigate. ctx: FastMCP Context for telemetry and sampling (required).

Display a rich system health card with CPU, memory, and disk IO stats. Returns a Prefab UI card in capable MCP hosts; plain text fallback otherwise.

Display a rich card listing running processes, optionally filtered by name. Returns a Prefab UI card in capable MCP hosts; plain text fallback otherwise.