Skip to main content

Neural-safe cross-platform PowerShell automation for AI agents via MCP (Windows / Linux / macOS)

Project description

PSKit

Neural-safe PowerShell automation for AI agents

CI PyPI Python 3.11+ License: MIT

PSKit is a Model Context Protocol server that gives AI agents 38 PowerShell tools backed by a 5-tier neural safety pipeline. Every command passes through a KAN (Kolmogorov-Arnold Network) neural scorer before execution — catching dangerous patterns in under 1 millisecond.

Works on Windows, Linux, and macOS with any MCP-compatible client: Claude Desktop, Claude Code, Cursor, Windsurf, Continue.dev, and more.


Install

Recommended — no virtual environment needed

uvx pskit-mcp

With pip

pip install pskit-mcp

With HTTP transport (for shared/remote use)

pip install "pskit-mcp[http]"
pskit serve --http --port 8000

Platform support

OS Install PowerShell 7 Notes
Windows 10/11 ships pre-installed or winget install Microsoft.PowerShell full feature set
Ubuntu / Debian Microsoft apt reposudo apt-get install powershell
Fedora / RHEL sudo dnf install powershell (after MS repo setup)
Arch Linux yay -S powershell-bin
macOS brew install --cask powershell

On Linux and macOS the system-info tools use native POSIX sources: /proc/meminfo (Linux) or sysctl+vm_stat (macOS) for memory, df for disks, ss -tlnp (Linux) or lsof (macOS) for open ports. Package installer auto-detects apt, dnf, pacman, and brew alongside pip, npm, cargo, and winget.


Quick Start

Claude Desktop

Add to %APPDATA%\Claude\claude_desktop_config.json (Windows), ~/Library/Application Support/Claude/claude_desktop_config.json (macOS), or ~/.config/Claude/claude_desktop_config.json (Linux):

{
  "mcpServers": {
    "pskit": {
      "command": "uvx",
      "args": ["pskit-mcp"],
      "env": {
        "PSKIT_ALLOWED_ROOT": "/home/you/projects"
      }
    }
  }
}

Replace PSKIT_ALLOWED_ROOT with your project root: C:\Your\Projects on Windows, /home/you/projects on Linux, /Users/you/projects on macOS.

Claude Code

claude mcp add pskit -- uvx pskit-mcp

Verify it works

pskit doctor
PSKit Doctor
+---------------------------+------+------------------------------------------+
| PowerShell (pwsh)         |  OK  | PowerShell 7.5.0                         |
| git                       |  OK  | git version 2.47.1                       |
| ripgrep (rg)              |  OK  | ripgrep 14.1.0 -- fast search active     |
| nvidia-smi                | WARN | not found -- gpu_status returns error    |
| Ollama                    |  OK  | running at localhost:11434               |
| Allowed root              |  OK  | /home/you/projects/myapp  (or C:\... on Windows)  |
| KAN model                 | WARN | no trained weights -- heuristic active  |
+---------------------------+------+------------------------------------------+

What AI Agents Can Do

Once connected, an agent can autonomously work across your entire project:

# Map the project structure
find_files("*.py", max_results=50)
list_directory("src/")

# Read, search, and edit files precisely
read_file("src/auth.py")
search_code("TODO", include="*.py", context=3)
edit_file("src/auth.py",
    old_text="def login(user):",
    new_text="def login(user: str) -> bool:")

# Full git workflow
git_status()               # branch, changes, ahead/behind
git_diff(staged=True)
git_commit("feat: add type hints to auth module")
git_push()

# Run builds and tests with structured results
result = build_project()
# { success: true, exit_code: 0, stdout: "...", duration_ms: 4821 }

result = test_project(filter_expr="test_auth")
# { success: true, passed: 12, failed: 0, skipped: 2, duration_ms: 1203 }

# System and network inspection
disk_usage()               # { drive: "C", free_gb: 142.3, total_gb: 476.9 }
port_status("8080,11434,5432")          # which services are listening
http_request("http://localhost:8000/health")  # localhost only

# Check and install dependencies
which("rg")                # { found: true, version: "14.1.0" }
install_package("requests", manager="pip")

Safety Pipeline

Every command passes through 5 tiers before execution:

 Command Input
      |
      v
+---------------------------------------------+
|  Tier 1 . Result Cache                      |
|  SHA-256 keyed . 30s TTL . 128 LRU entries  |
|  Read-only hits served instantly            |
+--------------------+------------------------+
                     | miss
                     v
+---------------------------------------------+
|  Tier 2 . KAN Neural Scorer                 |
|  24 features . Kolmogorov-Arnold Network    |
|  Sub-millisecond risk classification        |
+--------------------+------------------------+
                     |
                     v
+---------------------------------------------+
|  Tier 3 . Dangerous Command Blocklist       |
|  Hard-blocks: Format-Volume, rm -rf,        |
|  mass deletion, privilege escalation        |
+--------------------+------------------------+
                     |
                     v
+---------------------------------------------+
|  Tier 4 . Path Safety Check                 |
|  Enforces PSKIT_ALLOWED_ROOT boundary       |
|  Blocks writes outside project root         |
+--------------------+------------------------+
                     | elevated only
                     v
+---------------------------------------------+
|  Tier 5 . Gemma LLM Review (optional)       |
|  Ollama-backed . Fail-open if offline       |
|  Deep semantic analysis of intent           |
+--------------------+------------------------+
                     |
                     v
                Execute

KAN Neural Safety

PSKit uses a Kolmogorov-Arnold Network to score every command across 24 structural features before execution:

Feature Group What It Detects
Structure command length, pipe depth, semicolons, nesting
Dangerous patterns Invoke-Expression, deletion flags, --force --recurse
Network outbound requests, drive mappings, mail
Credentials Get-Credential, SecureString, -Password parameters
Obfuscation base64 encoding, variable expansion, string interpolation
Persistence registry writes, scheduled task creation, service installs
Output redirection, file output, compression

Unlike rule-based filters, KAN learns non-linear risk combinations. Scores 0.0 (safe) to 1.0 (dangerous) in under 1ms, acting as an always-on pre-filter before the optional Ollama LLM review.


Built-In Agent Workflows

PSKit ships 6 ready-to-use MCP prompts accessible from Claude's prompt library:

Prompt What It Does
Audit Project Full sweep: git state, structure, build, tests, system health
Review Changes Pre-commit diff review with commit message suggestion
Diagnose Build Systematic failure investigation with specific code fix
Orient to Project First-session orientation before starting any work
Refactor File Targeted single-file cleanup with stash safety net
Write Tests For Generate tests following existing project conventions

Plus a pskit://guide resource Claude can read anytime for the complete tool reference, and a pskit://status resource for live server health.


Tools (38 total)

Category Tools
File read_file, read_file_range, write_file, edit_file, move_file, delete_file, create_directory, list_directory, diff_files
Search search_code (ripgrep + context lines), find_files
Shell run_command (safety-gated arbitrary PS with progress)
Environment get_env_vars, which, install_package
Git git_status, git_diff, git_log, git_commit, git_branch, git_checkout, git_push, git_blame, git_stash, git_stash_pop
System gpu_status, disk_usage, memory_usage
Network port_status, process_info, http_request (private IPs only)
Build build_project, test_project (structured results with pass/fail counts)

All 38 tools return typed structured output with auto-generated JSON schemas. Annotated with readOnly, destructive, and idempotent hints so clients auto-approve safe operations and warn on destructive ones.


CLI

pskit serve           # Start MCP server on stdio (default)
pskit serve --http    # Start on streamable HTTP (port 8000)
pskit doctor          # System health check
pskit audit           # View recent command audit log with KAN scores
pskit version         # Print version

Configuration

Variable Default Description
PSKIT_ALLOWED_ROOT Current directory File writes sandboxed to this path
PSKIT_POOL_SIZE 3 Pre-warmed PowerShell session count
PSKIT_SAFETY_MODEL gemma4:e2b Ollama model for Tier 5 review
OLLAMA_BASE_URL http://localhost:11434 Ollama endpoint

Or use pskit.config.toml in your project root:

[pskit]
allowed_root = "."
pool_size = 5
safety_model = "gemma3:4b"

Audit Log

Every command is logged to .pskit/audit.jsonl with KAN score, safety verdict, and duration:

pskit audit
PSKit Audit (last 50)
+---------------------+----------+-------+------+-------------------------------------+
| Time                | Verdict  |  KAN  |  ms  | Command                             |
+---------------------+----------+-------+------+-------------------------------------+
| 2026-04-06 15:42:11 | safe     | 0.023 |   18 | Get-PSKitGitStatus                  |
| 2026-04-06 15:42:14 | safe     | 0.031 |  247 | Read-PSKitFile 'src/auth.py'        |
| 2026-04-06 15:42:19 | caution  | 0.441 |  892 | Invoke-PSKitHttpRequest 'localhost' |
+---------------------+----------+-------+------+-------------------------------------+

  Total: 47  Blocked: 0  Avg KAN: 0.089  Avg ms: 124

Requirements

  • Python 3.11+
  • PowerShell 7.0+pwsh on PATH (download)
  • PyTorch 2.0+ — for the KAN neural scorer
  • ripgrep (optional) — faster file search when rg is on PATH
  • Ollama (optional) — enables Tier 5 Gemma LLM safety review

Powered by Loom

PSKit was extracted from Loom, a multi-agent orchestration platform. Loom uses PSKit as its PowerShell execution layer.


Contributing

git clone https://github.com/Nickalus12/pskit
pip install -e ".[dev]"
python -m pytest tests/ -q    # 38 tests, no live PS session required
ruff check src/               # lint

See CLAUDE.md for architecture docs and the guide to adding new tools.


License

MIT (c) 2025-2026 Nickalus Brewer

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pskit_mcp-0.3.0.tar.gz (96.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pskit_mcp-0.3.0-py3-none-any.whl (69.8 kB view details)

Uploaded Python 3

File details

Details for the file pskit_mcp-0.3.0.tar.gz.

File metadata

  • Download URL: pskit_mcp-0.3.0.tar.gz
  • Upload date:
  • Size: 96.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for pskit_mcp-0.3.0.tar.gz
Algorithm Hash digest
SHA256 e5a27d0b2444edf389d2f8706042dfda5a6be5a4d526edc8fd1b336a7d3fcb1e
MD5 5c7ad40443ffab4852a796c63d0bec4a
BLAKE2b-256 e61c8db4979c17555326cfdcd261b56e066f90eb177351d588f0d8ddeb7fec4e

See more details on using hashes here.

Provenance

The following attestation bundles were made for pskit_mcp-0.3.0.tar.gz:

Publisher: release.yml on Nickalus12/pskit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pskit_mcp-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: pskit_mcp-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 69.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for pskit_mcp-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 3587d6716ccdb3f2b2cc861f2a05a6b56f5523dabb9d1104fb361f36f6bca8c2
MD5 7eab470f960e06692c709a1ab6844d29
BLAKE2b-256 3b05c2d9386ba9e8a2f560df42f249bdd7373a276a0baeb725502f781428019a

See more details on using hashes here.

Provenance

The following attestation bundles were made for pskit_mcp-0.3.0-py3-none-any.whl:

Publisher: release.yml on Nickalus12/pskit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page