Skip to main content

Tools reference

The server exposes three kinds of tool: read-only data, read-only scans, and operation requests that require human approval, plus a couple of polling helpers. Data and scan tools mirror exactly what the corresponding tab shows.

Read-only data

ToolReturns
get_system_metricsCPU, memory, disk and uptime snapshot for the machine
list_processesThe live process list (as on the Processes tab)
get_processFull detail for one process by PID
list_connectionsEvery network connection (as on All Connections)

Read-only scans

Each mirrors the matching tab. They run the same collectors and return structured results.

ToolMirrors
scan_threatsThreats
scan_disk_cleanupDisk Cleanup
scan_appdataApp Data
scan_registryRegistry › Issues
scan_broken_linksBroken Links

Operation requests (human-in-the-loop)

These never act on their own. Each enqueues an approval request, raises a system-tray notification, and returns {"status": "pending", "request_id": …}. See Human-in-the-loop.

ToolRequests
request_kill_processTerminating a process by PID
request_disk_cleanupClearing a disk-cleanup location
request_registry_cleanupRemoving a flagged registry entry
request_link_cleanupDeleting a broken shortcut
Mocked execution

When approved, operations currently run as a no-op that records what they would have done. The approval workflow is fully real; only the final effect is mocked.

Polling

ToolPurpose
get_operation_statusPoll the outcome of a request_* by request_id
list_pending_operationsList approval requests still awaiting a human decision

Typical agent flow

  1. Call a data/scan tool to understand the system.
  2. Decide on an action and call the matching request_* tool.
  3. Receive {"status": "pending", "request_id": …}.
  4. Poll get_operation_status until the human approves or denies it in the app.