Skip to main content

Governed AI-ops for managed-endpoint fleets (thin clients / VDI): login-storm & drift analysis with a built-in governance harness (audit, budget, undo, risk tiers)

Project description

Endpoint AIops (preview)

Disclaimer: Community-maintained open-source project. Not affiliated with, endorsed by, or sponsored by any endpoint-management vendor. Product and trademark names belong to their owners. MIT licensed.

Governed AI-ops for managed-endpoint fleets — thin clients, VDI endpoints, and other centrally-managed devices — with a built-in governance harness: unified audit log, policy engine, token/runaway budget guard, undo-token recording, and graduated-autonomy risk tiers. Vendor-neutral: it talks to an endpoint-management server's REST API (Bearer auth). Self-contained: no dependencies beyond httpx and the MCP SDK. Preview — mock-validated only, not yet verified against a live management server.

What it does

Two signature analyses, plus the guarded reads and writes around them:

  • Login-storm analysis — during a "everyone logs in at 9am" incident, detect the storm (bursts of concurrent logins in a sliding window) and rank the endpoints/users dragging login and boot times. Every flag is reported with its number, not a black-box verdict.
  • Patch / config drift — find endpoints that have drifted from the fleet (outdated patch level, stray agent version, divergent OS build or config profile). With no declared baseline it derives one by fleet majority, so it works before a gold image exists.

What works

  • CLI (endpoint-aiops ...): init, overview, endpoint list/get/assign-profile/reboot, session list/storm, drift report/patch, secret set/list/rm/migrate/rotate-password, doctor, mcp.
  • MCP server (endpoint-aiops mcp or endpoint-aiops-mcp): 9 tools (7 read, 2 write), every one wrapped with the bundled @governed_tool harness.
  • Encrypted credentials: the management-server API key lives in an encrypted store ~/.endpoint-aiops/secrets.enc (Fernet + scrypt) — never plaintext on disk. Unlock with a master password from ENDPOINT_AIOPS_MASTER_PASSWORD (MCP/CI) or an interactive prompt (CLI).
  • Reversibility: endpoint_assign_profile (high risk) captures the prior profile and records an inverse "reassign the prior profile" undo descriptor. endpoint_reboot (medium risk) captures the prior online state for the audit record but declares no undo (a reboot has no safe inverse).
  • Safety: state-changing CLI ops (endpoint assign-profile, endpoint reboot) require double confirmation and support --dry-run.

Capability matrix (9 MCP tools)

Category Tools Count R/W
Overview overview 1 read
Inventory endpoint_list, endpoint_get 2 read
Sessions session_list, login_storm_analysis 2 read
Drift drift_report, patch_status 2 read
Remediation endpoint_assign_profile 1 write (high)
endpoint_reboot 1 write (medium)

The analysis tools (login_storm_analysis, drift_report, patch_status) accept injected records for pure/offline analysis, or pull live from a configured target.

Quick start

uv tool install endpoint-aiops          # or: pipx install endpoint-aiops
endpoint-aiops init                     # wizard: add a target + store its API key (encrypted)
endpoint-aiops doctor                   # verify config, secrets, connectivity
endpoint-aiops overview                 # one-shot fleet health
endpoint-aiops session storm            # detect a login storm + slow contributors
endpoint-aiops drift report             # endpoints drifted from the fleet baseline

Run as an MCP server (stdio):

export ENDPOINT_AIOPS_MASTER_PASSWORD=...   # unlock secrets non-interactively
endpoint-aiops-mcp

Governance

Every MCP tool passes through the bundled @governed_tool harness:

  • Audit — every call (params, result, status, duration, risk tier, approver, rationale) is logged to ~/.endpoint-aiops/audit.db (relocatable via ENDPOINT_AIOPS_HOME).
  • Budget / runaway guard — token and call budgets trip a circuit breaker.
  • Risk tiers — graduated autonomy; high-risk ops can require a named approver (ENDPOINT_AUDIT_APPROVED_BY / ENDPOINT_AUDIT_RATIONALE).
  • Undo recording — reversible writes record an inverse descriptor.

Scope

This is the IT-endpoint member of the AIops-tools family (governed AI-ops with audit + budget + undo + risk tiers). For OT / industrial edge (Modbus, OPC-UA, PROFINET, …) see the separate industrial-aiops line.

Status

Preview — mock-validated only. The endpoint-management REST paths are modelled generically (/endpoints, /sessions, /version) and need live verification against a real server. Missing a capability or a server dialect? Open an issue or PR — contributions welcome.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

endpoint_aiops-0.1.0.tar.gz (61.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

endpoint_aiops-0.1.0-py3-none-any.whl (68.3 kB view details)

Uploaded Python 3

File details

Details for the file endpoint_aiops-0.1.0.tar.gz.

File metadata

  • Download URL: endpoint_aiops-0.1.0.tar.gz
  • Upload date:
  • Size: 61.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for endpoint_aiops-0.1.0.tar.gz
Algorithm Hash digest
SHA256 088c2f2b75663a46b4a47235c10993c65a37102e3952c8063e115bb2e2e67720
MD5 578210b9e415a47649441562dcac4439
BLAKE2b-256 e8a5651f8f9fca864f52010654c20bfbe160420e6552e8f271eb018f108092cd

See more details on using hashes here.

File details

Details for the file endpoint_aiops-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: endpoint_aiops-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 68.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for endpoint_aiops-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 27c78d0637ecdd666f3a6841b8478002ae8b6f638233d61ddacbe9bab319eade
MD5 aa16e141affbca2a3d2d08b8b1b85d35
BLAKE2b-256 31d92f2f745414842d89cbdbd35abc0b69d886d11a1a4e912eb4d01307cc18e9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page