Let AI agents use your computer through MCP.
Project description
Rigout
Let AI agents use your computer through MCP.
Rigout runs a Streamable HTTP MCP server on a device so an AI agent can control that device through MCP tools. Start Rigout on the machine, give the agent the generated MCP URL, and the agent can run commands, inspect the system, manage files, use Docker, and prepare development environments.
Use Rigout only on hardware, VMs, or containers you are willing to let an agent control.
Quick Start
Install from PyPI:
pip install rigout
Start a local MCP server:
rigout
This serves MCP at:
http://127.0.0.1:8765/mcp
It also writes ai_agent_connection.json. Give the agent the mcp.url and, if present, mcp.headers values from that file.
For a cloud agent, expose the server with a Cloudflare quick tunnel:
rigout --tunnel cloudflare
Public/tunnel mode automatically generates a bearer token and writes it into the connection file.
Source Checkout
From a cloned repo:
python -m pip install -e .
rigout --tunnel cloudflare
The shell helpers are optional:
./rigout.sh --background
./rigout.sh status
./rigout.sh stop
.\rigout.ps1 -Background
.\rigout.ps1 status
.\rigout.ps1 stop
MCP Tools
Rigout exposes:
execute_command: run shell commands with timeout, working directory, environment variables, and optional security bypass.file_operations: read, write, append, delete, copy, move, chmod, and chown files.bulk_file_transfer: upload, download, or sync content and paths.system_monitoring: inspect CPU, memory, disk, network, processes, and GPU where available.docker_operations: list, run, exec, stop, remove, build, pull, logs, and inspect containers.environment_setup: create Python, Node, Docker, or Conda workspaces.manage_tunnels: add, list, test, and fail over to SSH endpoints.connect_hardwareandget_hardware_info: verify available hardware.create_terminal_session,execute_in_terminal,list_terminal_sessions,close_terminal_session: persistent SSH-backed terminal sessions.
If no SSH endpoint is configured, Rigout uses a local-device endpoint. That makes a fresh one-command server immediately useful on the machine running Rigout.
Security Model
Rigout is powerful by design. Treat the MCP URL and bearer token like remote shell credentials.
Default controls:
- Public/tunnel mode generates bearer auth unless
--no-authis passed. - Localhost mode has no bearer auth unless
--auth-tokenis passed. - Command validation blocks common destructive patterns unless the caller explicitly uses
bypass_security. - Outputs are sanitized for common secret patterns before returning to the agent.
- Command activity and security events are written to
mcp-hardware-server.log. - Per-endpoint command rate limiting is enabled.
Do not expose Rigout publicly with --no-auth unless the network is private and trusted. For serious agent work, run Rigout inside an isolated VM or container.
Public URL Reliability
Cloudflare quick tunnels are useful for one-command setup and testing, but their public URLs are ephemeral. For long-running or production use, put Rigout behind a stable tunnel or gateway such as a named Cloudflare Tunnel, Tailscale, a reverse proxy, or a dedicated VM with explicit network controls.
Validation
Run the test suite:
python -m pytest -q
Run the readiness check:
python production_validation.py
Build the package:
python -m build
Check the package metadata:
python -m twine check dist/rigout-*
Development standards for future contributors and agents are in DEVELOPMENT_STANDARDS.md.
Project Layout
src/rigout/
server.py # MCP tool definitions and stdio transport
mcp_http_server.py # Streamable HTTP MCP server
mcp_url_launcher.py # one-command server/tunnel launcher
ssh_manager.py # SSH endpoints and local fallback execution
tools/ # command, file, Docker, environment, monitoring tools
tests/ # pytest unit and integration coverage
.github/workflows/ # CI and tagged release publishing
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file rigout-0.1.0.tar.gz.
File metadata
- Download URL: rigout-0.1.0.tar.gz
- Upload date:
- Size: 37.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d1125d512bfffd9e50c548f735a12b49f3029532cf716caacc26e27096cd52bd
|
|
| MD5 |
887921f5864eaea3828e7f7f66cbf90d
|
|
| BLAKE2b-256 |
cb8450d868f2ae041e18e397c0ae9e9439c216c1efdb87632ea3ae9c8b203e00
|
Provenance
The following attestation bundles were made for rigout-0.1.0.tar.gz:
Publisher:
release.yml on melbinjp/rigout
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
rigout-0.1.0.tar.gz -
Subject digest:
d1125d512bfffd9e50c548f735a12b49f3029532cf716caacc26e27096cd52bd - Sigstore transparency entry: 2039915978
- Sigstore integration time:
-
Permalink:
melbinjp/rigout@cd32678649e848310d89fcf584bb3143f21892c2 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/melbinjp
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@cd32678649e848310d89fcf584bb3143f21892c2 -
Trigger Event:
push
-
Statement type:
File details
Details for the file rigout-0.1.0-py3-none-any.whl.
File metadata
- Download URL: rigout-0.1.0-py3-none-any.whl
- Upload date:
- Size: 45.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4f80a72e6acd3a23cbf2b1e3e16adf54d6107176f91d57c4390c526fa033d8de
|
|
| MD5 |
8182b442cf9743071300a18944ad4745
|
|
| BLAKE2b-256 |
061d2faa9290265e53e3d8b4e8d8dea097da3e9d0463baab8d252fe26209ed30
|
Provenance
The following attestation bundles were made for rigout-0.1.0-py3-none-any.whl:
Publisher:
release.yml on melbinjp/rigout
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
rigout-0.1.0-py3-none-any.whl -
Subject digest:
4f80a72e6acd3a23cbf2b1e3e16adf54d6107176f91d57c4390c526fa033d8de - Sigstore transparency entry: 2039916252
- Sigstore integration time:
-
Permalink:
melbinjp/rigout@cd32678649e848310d89fcf584bb3143f21892c2 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/melbinjp
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@cd32678649e848310d89fcf584bb3143f21892c2 -
Trigger Event:
push
-
Statement type: