Skip to main content

Systems Manager will update your system and install/upgrade applications. Additionally, as allow AI to perform these activities as an MCP Server

Project description

Systems-Manager - A2A | AG-UI | MCP

PyPI - Version MCP Server PyPI - Downloads GitHub Repo stars GitHub forks GitHub contributors PyPI - License GitHub

GitHub last commit (by committer) GitHub pull requests GitHub closed pull requests GitHub issues

GitHub top language GitHub language count GitHub repo size GitHub repo file count (file type) PyPI - Wheel PyPI - Implementation

Version: 1.12.1

Overview

Systems-Manager is a powerful CLI and MCP server tool to manage your system across multiple operating systems. It supports updating, installing, and optimizing applications, managing Windows features, installing Nerd Fonts, and retrieving system and hardware statistics. It now supports Ubuntu, Debian, Red Hat, Oracle Linux, SLES, Arch, and Windows, with Snap fallback for Linux application installations.

This repository is actively maintained - Contributions are welcome!

Features

  • Multi-OS Support: Works on Windows, Ubuntu, Debian, Red Hat, Oracle Linux, SLES, and Arch.
  • Application Management: Install and update applications using native package managers (apt, dnf, zypper, pacman, winget) with automatic Snap fallback for Linux.
  • Font Installation: Install specific Nerd Fonts (default: Hack) or all available fonts from the latest release.
  • Windows Feature Management: List, enable, or disable Windows optional features (Windows only).
  • System Optimization: Clean and optimize system resources (e.g., trash/recycle bin, autoremove, defragmentation on Windows).
  • System and Hardware Stats: Retrieve detailed OS and hardware information using psutil.
  • Logging: Optional logging to a specified file or default systems_manager.log in the script directory.
  • FastMCP Server: Expose all functionality via a Model Context Protocol (MCP) server over stdio or HTTP for integration with AI or automation systems.

MCP

Available MCP Tools

This server utilizes dynamic Action-Routed tools to optimize token overhead and maximize IDE compatibility.

Tool Name Description
system_cron Consolidated Action-Routed tool for cron. Methods: add_cron_job, remove_cron_job, list_cron_jobs
system_disk Consolidated Action-Routed tool for disk. Methods: get_disk_usage, list_disks, get_disk_space_report
system_filesystem Consolidated Action-Routed tool for filesystem. Methods: search_files, manage_file, grep_files, list_files
system_firewall_management Consolidated Action-Routed tool for firewall_management. Methods: get_firewall_status, add_firewall_rule, list_firewall_rules, remove_firewall_rule
system_log Consolidated Action-Routed tool for log. Methods: get_logs, tail_log_file
system_network Consolidated Action-Routed tool for network. Methods: list_network_interfaces, list_open_ports, dns_lookup, ping_host
system_nodejs Consolidated Action-Routed tool for nodejs. Methods: use_node, install_node, install_nvm
system_process Consolidated Action-Routed tool for process. Methods: get_process_info, kill_process, list_processes
system_python Consolidated Action-Routed tool for python. Methods: install_python_package_uv, create_python_venv, install_uv
system_service Consolidated Action-Routed tool for service. Methods: restart_service, enable_service, get_service_status, disable_service, stop_service, start_service, list_services
system_shell Consolidated Action-Routed tool for shell. Methods: add_shell_alias
system_ssh_management Consolidated Action-Routed tool for ssh_management. Methods: add_authorized_key, list_ssh_keys, generate_ssh_key
system_system Consolidated Action-Routed tool for system. Methods: install_fonts, get_os_statistics, clean_package_cache, update, get_package_info, install_applications, list_env_vars, health_check, get_hardware_statistics, install_python_modules, clean_temp_files, get_uptime, list_upgradable_packages, clean, search_package, optimize, list_installed_packages, get_env_var
system_system_management Consolidated Action-Routed tool for system_management. Methods: run_command, disable_windows_features, install_local_package, add_repository, list_windows_features, enable_windows_features
system_text_editor Consolidated Action-Routed tool for text_editor. Methods: text_editor
system_user Consolidated Action-Routed tool for user. Methods: list_groups, list_users

A2A Agent

Architecture:

---
config:
  layout: dagre
---
flowchart TB
 subgraph subGraph0["Agent Capabilities"]
        C["Agent"]
        B["A2A Server - Uvicorn/FastAPI"]
        D["MCP Tools"]
        F["Agent Skills"]
  end
    C --> D & F
    A["User Query"] --> B
    B --> C
    D --> E["Platform API"]

     C:::agent
     B:::server
     A:::server
    classDef server fill:#f9f,stroke:#333
    classDef agent fill:#bbf,stroke:#333,stroke-width:2px
    style B stroke:#000000,fill:#FFD600
    style D stroke:#000000,fill:#BBDEFB
    style F fill:#BBDEFB
    style A fill:#C8E6C9
    style subGraph0 fill:#FFF9C4

Component Interaction Diagram

sequenceDiagram
    participant User
    participant Server as A2A Server
    participant Agent as Agent
    participant Skill as Agent Skills
    participant MCP as MCP Tools

    User->>Server: Send Query
    Server->>Agent: Invoke Agent
    Agent->>Skill: Analyze Skills Available
    Skill->>Agent: Provide Guidance on Next Steps
    Agent->>MCP: Invoke Tool
    MCP-->>Agent: Tool Response Returned
    Agent-->>Agent: Return Results Summarized
    Agent-->>Server: Final Response
    Server-->>User: Output

Graph Architecture

This agent uses pydantic-graph orchestration for intelligent routing and optimal context management.

---
title: Systems Manager Graph Agent
---
stateDiagram-v2
  [*] --> RouterNode: User Query
  RouterNode --> DomainNode: Classified Domain
  RouterNode --> [*]: Low confidence / Error
  DomainNode --> [*]: Domain Result
  • RouterNode: A fast, lightweight LLM (e.g., nvidia/nemotron-3-super) that classifies the user's query into one of the specialized domains.
  • DomainNode: The executor node. For the selected domain, it dynamically sets environment variables to temporarily enable ONLY the tools relevant to that domain, creating a highly focused sub-agent (e.g., gpt-4o) to complete the request. This preserves LLM context and prevents tool hallucination.

Usage

CLI

Short Flag Long Flag Description
-h --help See usage for script
-c --clean Clean Recycle/Trash bin
-e --enable-features Enable Windows features (comma-separated, Windows only)
-d --disable-features Disable Windows features (comma-separated, Windows only)
-l --list-features List all Windows features and their status (Windows only)
-f --fonts Install Nerd Fonts (comma-separated, e.g., Hack,Meslo or 'all'; default: Hack)
-i --install Install applications (comma-separated, e.g., python3,git)
-p --python Install Python modules (comma-separated)
-s --silent Suppress output to stdout
-u --update Update applications and Operating System
-o --optimize Optimize system (e.g., autoremove, clean cache, defrag)
--os-stats Print OS statistics (e.g., system, release, version)
--hw-stats Print hardware statistics (e.g., CPU, memory, disk)
--log-file Log to specified file (default: systems_manager.log)
systems-manager --fonts Hack,Meslo --update --clean --python geniusbot --install python3,git --enable-features Microsoft-Hyper-V-All,Containers --log-file /path/to/log.log

MCP CLI

Short Flag Long Flag Description
--mcp-url MCP Server URL to connect to http://systems-manager-mcp.arpa/mcp
--allowed-tools List of allowed MCP tools system_management
--web Enable Pydantic AI Web UI False (Env: ENABLE_WEB_UI)
-t --transport Transport method: 'stdio', 'http', or 'sse' [legacy] (default: stdio)
-s --host Host address for HTTP transport (default: 0.0.0.0)
-p --port Port number for HTTP transport (default: 8000)
--auth-type Authentication type: 'none', 'static', 'jwt', 'oauth-proxy', 'oidc-proxy', 'remote-oauth' (default: none)
--token-jwks-uri JWKS URI for JWT verification
--token-issuer Issuer for JWT verification
--token-audience Audience for JWT verification
--oauth-upstream-auth-endpoint Upstream authorization endpoint for OAuth Proxy
--oauth-upstream-token-endpoint Upstream token endpoint for OAuth Proxy
--oauth-upstream-client-id Upstream client ID for OAuth Proxy
--oauth-upstream-client-secret Upstream client secret for OAuth Proxy
--oauth-base-url Base URL for OAuth Proxy
--oidc-config-url OIDC configuration URL
--oidc-client-id OIDC client ID
--oidc-client-secret OIDC client secret
--oidc-base-url Base URL for OIDC Proxy
--remote-auth-servers Comma-separated list of authorization servers for Remote OAuth
--remote-base-url Base URL for Remote OAuth
--allowed-client-redirect-uris Comma-separated list of allowed client redirect URIs
--eunomia-type Eunomia authorization type: 'none', 'embedded', 'remote' (default: none)
--eunomia-policy-file Policy file for embedded Eunomia (default: mcp_policies.json)
--eunomia-remote-url URL for remote Eunomia server

Using as an MCP Server

The MCP Server can be run in two modes: stdio (for local testing) or http (for networked access). To start the server, use the following commands:

Run in stdio mode (default):

systems-manager-mcp --transport "stdio"

Run in HTTP mode:

systems-manager-mcp --transport "http"  --host "0.0.0.0"  --port "8000"

Dependencies

The following Python packages are automatically installed if missing:

  • distro: For Linux distribution detection.
  • psutil: For system and hardware statistics.
  • requests: For downloading Nerd Fonts.
  • fastmcp: For MCP server functionality (required for systems-manager-mcp).

Agent-to-Agent (A2A) Server

This package includes an Agent utilizing pydantic-ai that can be deployed as an A2A server.

Endpoints

  • Web UI: http://localhost:8000/ (if enabled)
  • A2A: http://localhost:8000/a2a (Discovery: /a2a/.well-known/agent.json)
  • AG-UI: http://localhost:8000/ag-ui (POST)

A2A CLI

Long Flag Description Default
--host Host to bind the server to 0.0.0.0
--port Port to bind the server to 9000
--reload Enable auto-reload False
--provider LLM Provider (openai, anthropic, google, etc) openai
--model-id LLM Model ID nvidia/nemotron-3-super
--base-url LLM Base URL (for OpenAI compatible providers) http://host.docker.internal:1234/v1
--api-key LLM API Key ollama
--mcp-url MCP Server URL to connect to None
--mcp-config MCP Server Config ...
--skills-directory Directory containing agent skills ...
--web Enable Pydantic AI Web UI False (Env: ENABLE_WEB_UI)

Run A2A Server

systems-manager-agent --provider openai --model-id nvidia/nemotron-3-super

Deploy MCP Server as a Service

The MCP server can be deployed using Docker, with configurable authentication, middleware, and Eunomia authorization.

Using Docker Run

docker pull knucklessg1/systems-manager:latest

docker run -d \
  --name systems-manager-mcp \
  -p 8004:8004 \
  -e HOST=0.0.0.0 \
  -e PORT=8004 \
  -e TRANSPORT=http \
  -e AUTH_TYPE=none \
  -e EUNOMIA_TYPE=none \
  knucklessg1/systems-manager:latest

For advanced authentication (e.g., JWT, OAuth Proxy, OIDC Proxy, Remote OAuth) or Eunomia, add the relevant environment variables:

docker run -d \
  --name systems-manager-mcp \
  -p 8004:8004 \
  -e HOST=0.0.0.0 \
  -e PORT=8004 \
  -e TRANSPORT=http \
  -e AUTH_TYPE=oidc-proxy \
  -e OIDC_CONFIG_URL=https://provider.com/.well-known/openid-configuration \
  -e OIDC_CLIENT_ID=your-client-id \
  -e OIDC_CLIENT_SECRET=your-client-secret \
  -e OIDC_BASE_URL=https://your-server.com \
  -e ALLOWED_CLIENT_REDIRECT_URIS=http://localhost:*,https://*.example.com/* \
  -e EUNOMIA_TYPE=embedded \
  -e EUNOMIA_POLICY_FILE=/app/mcp_policies.json \
  knucklessg1/systems-manager:latest

Using Docker Compose

Create a docker-compose.yml file:

services:
  systems-manager-mcp:
    image: knucklessg1/systems-manager:latest
    environment:
      - HOST=0.0.0.0
      - PORT=8004
      - TRANSPORT=http
      - AUTH_TYPE=none
      - EUNOMIA_TYPE=none
    ports:
      - 8004:8004

For advanced setups with authentication and Eunomia:

services:
  systems-manager-mcp:
    image: knucklessg1/systems-manager:latest
    environment:
      - HOST=0.0.0.0
      - PORT=8004
      - TRANSPORT=http
      - AUTH_TYPE=oidc-proxy
      - OIDC_CONFIG_URL=https://provider.com/.well-known/openid-configuration
      - OIDC_CLIENT_ID=your-client-id
      - OIDC_CLIENT_SECRET=your-client-secret
      - OIDC_BASE_URL=https://your-server.com
      - ALLOWED_CLIENT_REDIRECT_URIS=http://localhost:*,https://*.example.com/*
      - EUNOMIA_TYPE=embedded
      - EUNOMIA_POLICY_FILE=/app/mcp_policies.json
    ports:
      - 8004:8004
    volumes:
      - ./mcp_policies.json:/app/mcp_policies.json

Run the service:

docker-compose up -d

Configure mcp.json for AI Integration

{
  "mcpServers": {
    "systems_manager": {
      "command": "uv",
      "args": [
        "run",
        "--with",
        "systems-manager",
        "systems-manager-mcp"
      ],
      "env": {
        "SYSTEMS_MANAGER_SILENT": "False",
        "SYSTEMS_MANAGER_LOG_FILE": "~/Documents/systems_manager_mcp.log"
      },
      "timeout": 200000
    }
  }
}

Security & Governance

This project is built on agent-utilities, inheriting enterprise-grade security and governance features.

Authentication & Authorization

Feature Description
OIDC Token Delegation RFC 8693 token exchange for user-context propagation from A2A → MCP
Eunomia Policies Fine-grained, policy-driven tool authorization (none, embedded, remote)
Scoped Credentials Tools execute with the caller's scoped identity where possible
3LO / OAuth / API Token Multiple auth strategies with graceful fallback

Eunomia Policy Enforcement

Eunomia provides a policy enforcement point for all tool calls:

  • Embedded mode: Load local mcp_policies.json for role-based access, sensitivity gating, and audit logging
  • Remote mode: Forward authorization decisions to a central Eunomia policy server for multi-agent governance
  • Enable via CLI: --eunomia-type embedded --eunomia-policy-file mcp_policies.json

Runtime Protections

Protection Description
Tool Guard Sensitivity detection with human-in-the-loop approval gating
Prompt Injection Defense Input scanning and repetition/loop guards
Content Filtering Output schema enforcement and cost budget controls
Stuck Loop Detection Automatic detection and recovery from agent loops
Context Limit Warnings Proactive alerts before context window exhaustion

Graph Agent Architecture

The A2A agent uses pydantic-graph orchestration with:

  • RouterNode: Lightweight classifier that routes queries to specialized domains
  • DomainNode: Focused executor with only relevant tools loaded, preventing tool hallucination
  • Approval Gates: Policy-driven approval workflows before sensitive operations
  • Usage Guards: Budget and rate limiting enforcement

Production Recommendation: Enable --eunomia-type embedded (or remote) + OIDC delegation + containerized deployment. See agent-utilities documentation for full policy configuration.

Install Python Package

python -m pip install systems-manager

or

uv pip install --upgrade systems-manager

Repository Owners

GitHub followers GitHub User's stars

MCP Configuration Examples

stdio (recommended for local development)

{
  "mcpServers": {
    "systems-manager": {
      "command": ".venv/bin/systems-manager-mcp",
      "args": [],
      "env": {}
    }
  }
}

Streamable HTTP (recommended for production)

{
  "mcpServers": {
    "systems-manager": {
      "url": "http://localhost:8080/systems-manager-mcp/mcp"
    }
  }
}

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

systems_manager-1.12.1.tar.gz (49.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

systems_manager-1.12.1-py3-none-any.whl (47.3 kB view details)

Uploaded Python 3

File details

Details for the file systems_manager-1.12.1.tar.gz.

File metadata

  • Download URL: systems_manager-1.12.1.tar.gz
  • Upload date:
  • Size: 49.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for systems_manager-1.12.1.tar.gz
Algorithm Hash digest
SHA256 7bd74cb525eaf0ba28b5b01ccbcc7ae72e817c7b3b57d6494168b8976897789c
MD5 0b95443a32d5a003d982689a0eb1a57a
BLAKE2b-256 3b9ffc95c015c91772f658a1f39f5576bdc4bf99c20543d21464715a5643c3f0

See more details on using hashes here.

File details

Details for the file systems_manager-1.12.1-py3-none-any.whl.

File metadata

File hashes

Hashes for systems_manager-1.12.1-py3-none-any.whl
Algorithm Hash digest
SHA256 ceacd037e267a45c3b0e3d25ac8f839add740301cb454efe1b09d1d461816ca8
MD5 a758a9ae4399ac86feca7f535f70b073
BLAKE2b-256 435b6ee1e678ce92f3b8803baddb869e1ffe372119cd8445fd1486e65c4cf5eb

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page