endpoint-aiops-mcp
This MCP server provides governed AI-ops capabilities for managed-endpoint fleets (thin clients, VDI, etc.), enabling fleet health monitoring, login storm detection, patch/config drift analysis, and controlled remediation actions — all wrapped in an audit/governance harness.
Read Capabilities
overview— One-shot fleet health summary (online/offline counts, stale endpoints, version spread).endpoint_list— List all managed endpoints with hostname, OS, agent version, patch level, and online status.endpoint_get— Retrieve detailed information for a specific endpoint by ID.session_list— Fetch recent login/boot session records within a configurable look-back window (up to 720 hours).login_storm_analysis— Detect concurrent login bursts and rank slowest login/boot contributors; works with live or injected session records.drift_report— Identify endpoints that have drifted from the fleet baseline (patch level, agent version, OS build, config profile); derives majority baseline automatically if none is declared.patch_status— Show patch-level distribution and identify endpoints behind the target patch level.patch_compliance— Analyze patch compliance using injected endpoint records (offline/pure analysis).endpoint_health_score— Compute health scores for endpoints using injected records (offline/pure analysis).
Write Capabilities
endpoint_assign_profile(high risk, reversible) — Assign a configuration profile to an endpoint; captures prior profile for undo recording and audit trail.endpoint_reboot(medium risk, no undo) — Request a reboot of a specific endpoint.
Governance Features (applied to all tools)
Every tool call is audited (params, result, status, duration, risk tier, approval details).
Token/call budget circuit breakers prevent runaway operations.
High-risk write operations support named approver and rationale fields.
Reversible writes record undo descriptors for rollback to prior state.
Supports dry-run and double confirmation for state-changing operations.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@endpoint-aiops-mcpCheck for patch drift in the fleet"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Endpoint AIops (preview)
Disclaimer: Community-maintained open-source project. Not affiliated with, endorsed by, or sponsored by any endpoint-management vendor. Product and trademark names belong to their owners. MIT licensed.
Governed AI-ops for managed-endpoint fleets — thin clients, VDI endpoints,
and other centrally-managed devices — with a built-in governance harness:
unified audit log, policy engine, token/runaway budget guard, undo-token
recording, and graduated-autonomy risk tiers. Vendor-neutral: it talks to an
endpoint-management server's REST API (Bearer auth). Self-contained: no
dependencies beyond httpx and the MCP SDK. Preview — mock-validated only,
not yet verified against a live management server.
What it does
Two signature analyses, plus the guarded reads and writes around them:
Login-storm analysis — during a "everyone logs in at 9am" incident, detect the storm (bursts of concurrent logins in a sliding window) and rank the endpoints/users dragging login and boot times. Every flag is reported with its number, not a black-box verdict.
Patch / config drift — find endpoints that have drifted from the fleet (outdated patch level, stray agent version, divergent OS build or config profile). With no declared baseline it derives one by fleet majority, so it works before a gold image exists.
Related MCP server: aiops-mcp
What works
CLI (
endpoint-aiops ...):init,overview,endpoint list/get/assign-profile/reboot,session list/storm,drift report/patch,secret set/list/rm/migrate/rotate-password,doctor,mcp.MCP server (
endpoint-aiops mcporendpoint-aiops-mcp): 11 tools (9 read, 2 write), every one wrapped with the bundled@governed_toolharness.Encrypted credentials: the management-server API key lives in an encrypted store
~/.endpoint-aiops/secrets.enc(Fernet + scrypt) — never plaintext on disk. Unlock with a master password fromENDPOINT_AIOPS_MASTER_PASSWORD(MCP/CI) or an interactive prompt (CLI).Reversibility:
endpoint_assign_profile(highrisk) captures the prior profile and records an inverse "reassign the prior profile" undo descriptor.endpoint_reboot(mediumrisk) captures the prior online state for the audit record but declares no undo (a reboot has no safe inverse).Safety: state-changing CLI ops (
endpoint assign-profile,endpoint reboot) require double confirmation and support--dry-run.
Capability matrix (11 MCP tools)
Category | Tools | Count | R/W |
Overview |
| 1 | read |
Inventory |
| 3 | read |
Sessions |
| 2 | read |
Drift |
| 3 | read |
Remediation |
| 1 | write (high) |
| 1 | write (medium) |
The analysis tools (login_storm_analysis, drift_report, patch_status,
patch_compliance, endpoint_health_score) accept injected records for
pure/offline analysis; endpoint_health_score and patch_compliance are
injected-only, the others also pull live from a configured target.
Quick start
uv tool install endpoint-aiops # or: pipx install endpoint-aiops
endpoint-aiops init # wizard: add a target + store its API key (encrypted)
endpoint-aiops doctor # verify config, secrets, connectivity
endpoint-aiops overview # one-shot fleet health
endpoint-aiops session storm # detect a login storm + slow contributors
endpoint-aiops drift report # endpoints drifted from the fleet baselineRun as an MCP server (stdio):
export ENDPOINT_AIOPS_MASTER_PASSWORD=... # unlock secrets non-interactively
endpoint-aiops-mcpGovernance
Every MCP tool passes through the bundled @governed_tool harness:
Audit — every call (params, result, status, duration, risk tier, approver, rationale) is logged to
~/.endpoint-aiops/audit.db(relocatable viaENDPOINT_AIOPS_HOME).Budget / runaway guard — token and call budgets trip a circuit breaker.
Risk tiers — graduated autonomy; high-risk ops can require a named approver (
ENDPOINT_AUDIT_APPROVED_BY/ENDPOINT_AUDIT_RATIONALE).Undo recording — reversible writes record an inverse descriptor.
Scope
This is the IT-endpoint member of the AIops-tools family (governed AI-ops
with audit + budget + undo + risk tiers). For OT / industrial edge
(Modbus, OPC-UA, PROFINET, …) see the separate industrial-aiops line.
Status
Preview — mock-validated only. The endpoint-management REST paths are
modelled generically (/endpoints, /sessions, /version) and need live
verification against a real server. Missing a capability or a server dialect?
Open an issue or PR — contributions welcome.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/AIops-tools/Endpoint-AIops'
If you have feedback or need assistance with the MCP directory API, please join our Discord server