Tools reference
The server exposes three kinds of tool: read-only data, read-only scans, and operation requests that require human approval, plus a couple of polling helpers. Data and scan tools mirror exactly what the corresponding tab shows.
Read-only data
| Tool | Returns |
|---|---|
get_system_metrics | CPU, memory, disk and uptime snapshot for the machine |
list_processes | The live process list (as on the Processes tab) |
get_process | Full detail for one process by PID |
list_connections | Every network connection (as on All Connections) |
Read-only scans
Each mirrors the matching tab. They run the same collectors and return structured results.
| Tool | Mirrors |
|---|---|
scan_threats | Threats |
scan_disk_cleanup | Disk Cleanup |
scan_appdata | App Data |
scan_registry | Registry › Issues |
scan_broken_links | Broken Links |
Operation requests (human-in-the-loop)
These never act on their own. Each enqueues an approval request, raises a
system-tray notification, and returns {"status": "pending", "request_id": …}.
See Human-in-the-loop.
| Tool | Requests |
|---|---|
request_kill_process | Terminating a process by PID |
request_disk_cleanup | Clearing a disk-cleanup location |
request_registry_cleanup | Removing a flagged registry entry |
request_link_cleanup | Deleting a broken shortcut |
Mocked execution
When approved, operations currently run as a no-op that records what they would have done. The approval workflow is fully real; only the final effect is mocked.
Polling
| Tool | Purpose |
|---|---|
get_operation_status | Poll the outcome of a request_* by request_id |
list_pending_operations | List approval requests still awaiting a human decision |
Typical agent flow
- Call a data/scan tool to understand the system.
- Decide on an action and call the matching
request_*tool. - Receive
{"status": "pending", "request_id": …}. - Poll
get_operation_statusuntil the human approves or denies it in the app.