{
  "schema_version": "mcp-tools/1.0",
  "server": {
    "name": "iTechSmart UAIO MCP Server",
    "version": "2.0.0",
    "description": "Governed autonomous IT operations with cryptographic proof",
    "governance": "Arbiter Constitutional Governance Engine",
    "public_ledger": "https://verify.itechsmart.dev",
    "contact": "enterprise@itechsmart.dev"
  },
  "tools": [
    {
      "name": "verify_prooflink_receipt",
      "display_name": "Verify ProofLink Receipt",
      "description": "Verify the cryptographic integrity of a ProofLink receipt. Checks hash validity, chain linkage to previous receipt, and schema completeness against the canonical production ledger. Returns NOT FOUND for unknown IDs \u2014 never synthesizes a result.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "AU-9",
        "AU-10",
        "SI-7"
      ],
      "input_schema": {
        "type": "object",
        "required": [
          "receipt_id"
        ],
        "properties": {
          "receipt_id": {
            "type": "string",
            "description": "SHA-256 receipt ID or first 16 hex chars of the receipt hash",
            "example": "e34f57c0dcdc5699"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "found": {
            "type": "boolean"
          },
          "verification_result": {
            "type": "string",
            "enum": [
              "VERIFIED",
              "TAMPERED",
              "RECEIPT_NOT_FOUND"
            ]
          },
          "receipt_id": {
            "type": "string"
          },
          "timestamp": {
            "type": "string",
            "format": "date-time"
          },
          "category": {
            "type": "string"
          },
          "actor": {
            "type": "string"
          },
          "subject": {
            "type": "string"
          },
          "hash_sha256": {
            "type": "string"
          },
          "prev_hash": {
            "type": "string"
          },
          "chain_intact": {
            "type": "boolean"
          },
          "tamper_detected": {
            "type": "boolean"
          },
          "auto_resolved": {
            "type": "boolean"
          },
          "human_intervention": {
            "type": "boolean"
          },
          "recovery_time_seconds": {
            "type": "number"
          },
          "nist_controls": {
            "type": "array",
            "items": {
              "type": "string"
            }
          },
          "verify_url": {
            "type": "string",
            "format": "uri"
          }
        }
      }
    },
    {
      "name": "get_receipt_chain",
      "display_name": "Get Receipt Chain",
      "description": "Fetch and verify the complete ProofLink receipt chain from the canonical production ledger. Returns real receipt count, chain break count, and the N most recent entries with full cryptographic metadata.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "AU-9",
        "AU-10"
      ],
      "input_schema": {
        "type": "object",
        "properties": {
          "limit": {
            "type": "integer",
            "description": "Number of recent receipts to return",
            "default": 10,
            "minimum": 1,
            "maximum": 50
          },
          "category": {
            "type": "string",
            "description": "Filter by receipt category",
            "enum": [
              "self_healing",
              "platform_fix",
              "wazuh_alert",
              "platform_health_check",
              "all"
            ]
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "total_receipts": {
            "type": "integer"
          },
          "chain_valid": {
            "type": "boolean"
          },
          "chain_breaks": {
            "type": "integer"
          },
          "chain_start": {
            "type": "string",
            "format": "date-time"
          },
          "latest_timestamp": {
            "type": "string",
            "format": "date-time"
          },
          "status": {
            "type": "string"
          },
          "receipts": {
            "type": "array"
          }
        }
      }
    },
    {
      "name": "query_uaio_status",
      "display_name": "Query UAIO Platform Status",
      "description": "Real-time platform health metrics. Container count via live docker ps, receipt count from canonical ledger, NIST CSF and HIPAA compliance scores. No hardcoded values.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "CA-7",
        "SI-4"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "containers": {
            "type": "object",
            "properties": {
              "healthy": {
                "type": "integer"
              },
              "total": {
                "type": "integer"
              },
              "health_pct": {
                "type": "number"
              }
            }
          },
          "prooflink": {
            "type": "object",
            "properties": {
              "receipts_generated": {
                "type": "integer"
              },
              "chain_breaks": {
                "type": "integer"
              },
              "chain_status": {
                "type": "string"
              },
              "last_receipt_timestamp": {
                "type": "string"
              }
            }
          },
          "compliance": {
            "type": "object",
            "properties": {
              "nist_csf_score": {
                "type": "number"
              },
              "hipaa_compliant": {
                "type": "boolean"
              },
              "fedramp_pathway": {
                "type": "string"
              }
            }
          }
        }
      }
    },
    {
      "name": "get_incident_details",
      "display_name": "Get Incident Details",
      "description": "Fetch details of a specific autonomous remediation incident from the canonical ProofLink ledger. Returns the actual ledger entry with before/after state, remediation actions, timing, and receipt ID. Returns NOT FOUND for unknown IDs.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "IR-4",
        "IR-5",
        "AU-9"
      ],
      "input_schema": {
        "type": "object",
        "required": [
          "incident_id"
        ],
        "properties": {
          "incident_id": {
            "type": "string",
            "description": "ProofLink receipt ID, ledger entry ID, or ITSM ticket ID"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "found": {
            "type": "boolean"
          },
          "incident_id": {
            "type": "string"
          },
          "timestamp": {
            "type": "string",
            "format": "date-time"
          },
          "category": {
            "type": "string"
          },
          "subject": {
            "type": "string"
          },
          "action": {
            "type": "string"
          },
          "outcome": {
            "type": "string"
          },
          "detection_time_seconds": {
            "type": "number"
          },
          "recovery_time_seconds": {
            "type": "number"
          },
          "auto_resolved": {
            "type": "boolean"
          },
          "human_intervention": {
            "type": "boolean"
          },
          "playbook": {
            "type": "string"
          },
          "prooflink_receipt_id": {
            "type": "string"
          },
          "verify_url": {
            "type": "string"
          },
          "nist_controls": {
            "type": "array"
          }
        }
      }
    },
    {
      "name": "list_recent_incidents",
      "display_name": "List Recent Incidents",
      "description": "Returns chronological list of recent autonomous remediation incidents from the canonical ProofLink ledger. All entries are real \u2014 no generated or synthetic data.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "IR-5",
        "AU-6"
      ],
      "input_schema": {
        "type": "object",
        "properties": {
          "limit": {
            "type": "integer",
            "default": 10,
            "minimum": 1,
            "maximum": 50
          },
          "category": {
            "type": "string",
            "enum": [
              "self_healing",
              "platform_fix",
              "wazuh_alert",
              "all"
            ],
            "default": "all"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "total": {
            "type": "integer"
          },
          "incidents": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "incident_id": {
                  "type": "string"
                },
                "timestamp": {
                  "type": "string"
                },
                "category": {
                  "type": "string"
                },
                "subject": {
                  "type": "string"
                },
                "action": {
                  "type": "string"
                },
                "outcome": {
                  "type": "string"
                },
                "auto_resolved": {
                  "type": "boolean"
                },
                "detection_time_seconds": {
                  "type": "number"
                },
                "recovery_time_seconds": {
                  "type": "number"
                },
                "prooflink_receipt_id": {
                  "type": "string"
                },
                "verify_url": {
                  "type": "string"
                }
              }
            }
          }
        }
      }
    },
    {
      "name": "simulate_infrastructure_attack",
      "display_name": "Simulate Infrastructure Attack",
      "description": "Trigger a real infrastructure attack simulation against an isolated sandbox container via the Break-It API. The platform autonomously detects, remediates, and generates a real ProofLink receipt from the canonical ledger. Returns actual timing and receipt \u2014 nothing is synthesized.",
      "required_scopes": [
        "execute:limited"
      ],
      "tier": "remediation",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "CA-8",
        "CP-4",
        "SI-6",
        "IR-3"
      ],
      "rate_limit": "10 per hour per caller",
      "arbiter_required": true,
      "digital_twin_required": true,
      "input_schema": {
        "type": "object",
        "properties": {
          "attack_type": {
            "type": "string",
            "description": "Type of attack to simulate",
            "enum": [
              "oomkilled",
              "crashloopbackoff",
              "network_timeout",
              "disk_pressure"
            ],
            "default": "oomkilled"
          },
          "target": {
            "type": "string",
            "description": "Target container (must be in the isolated sandbox pool)",
            "default": "break-it-sandbox"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "run_id": {
            "type": "string"
          },
          "status": {
            "type": "string"
          },
          "real_execution": {
            "type": "boolean"
          },
          "detection_time_seconds": {
            "type": "number"
          },
          "recovery_time_seconds": {
            "type": "number"
          },
          "auto_resolved": {
            "type": "boolean"
          },
          "human_intervention": {
            "type": "boolean"
          },
          "receipt_id": {
            "type": "string"
          },
          "verify_url": {
            "type": "string"
          },
          "chain_position": {
            "type": "integer"
          },
          "message": {
            "type": "string"
          }
        }
      }
    },
    {
      "name": "get_platform_briefing",
      "display_name": "Get Platform Briefing",
      "description": "Full real-time health snapshot of the iTechSmart platform: 18 service statuses (systemd + Docker), SIE security queue totals, disk usage, uptime, receipts count, gate state, and next SIE scan time.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "SI-4",
        "CA-7"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "services": {
            "type": "object",
            "description": "Map of service name to status"
          },
          "docker_containers": {
            "type": "number"
          },
          "queue": {
            "type": "object"
          },
          "disk": {
            "type": "object"
          },
          "uptime": {
            "type": "string"
          },
          "receipts": {
            "type": "object"
          },
          "gate_live": {
            "type": "boolean"
          }
        }
      }
    },
    {
      "name": "get_sie_queue",
      "display_name": "Get SIE Security Queue",
      "description": "Retrieve pending SIE security findings awaiting approval. Filterable by detector type, fix class, and severity.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "SI-2",
        "CA-5",
        "RA-5"
      ],
      "input_schema": {
        "type": "object",
        "properties": {
          "detector": {
            "type": "string"
          },
          "fix_class": {
            "type": "string",
            "enum": [
              "safe_auto",
              "needs_approval",
              "flag_only"
            ]
          },
          "severity_max": {
            "type": "number"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "total_in_queue": {
            "type": "number"
          },
          "filtered_count": {
            "type": "number"
          },
          "items": {
            "type": "array"
          }
        }
      }
    },
    {
      "name": "get_compliance_status",
      "display_name": "Get Compliance Status",
      "description": "Live compliance scores: NIST CSF, HIPAA, SOC 2 Type II with per-control evidence and gap analysis.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "CA-2",
        "CA-7",
        "AU-6"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "scores": {
            "type": "object"
          }
        }
      }
    },
    {
      "name": "dispatch_ag2_incident",
      "display_name": "Dispatch AG2 Incident",
      "description": "Send an IT incident to the 6-agent AG2 GroupChat for autonomous diagnosis and remediation planning. SEMI_AUTO mode: plan returned for human review before execution.",
      "required_scopes": [
        "invoke"
      ],
      "tier": "execute",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "IR-4",
        "IR-5",
        "IR-6",
        "AU-10"
      ],
      "input_schema": {
        "type": "object",
        "required": [
          "description",
          "service"
        ],
        "properties": {
          "description": {
            "type": "string"
          },
          "service": {
            "type": "string"
          },
          "severity": {
            "type": "string",
            "enum": [
              "critical",
              "high",
              "medium",
              "low"
            ]
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "incident_id": {
            "type": "string"
          },
          "status": {
            "type": "string"
          },
          "mttr_seconds": {
            "type": "number"
          },
          "agents_participated": {
            "type": "array"
          },
          "receipts": {
            "type": "array"
          },
          "summary": {
            "type": "string"
          }
        }
      }
    },
    {
      "name": "search_platform_logs",
      "display_name": "Search Platform Logs",
      "description": "Search live journalctl logs for any iTechSmart systemd service by service name and optional grep/regex pattern.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "AU-2",
        "AU-3",
        "AU-12"
      ],
      "input_schema": {
        "type": "object",
        "required": [
          "service"
        ],
        "properties": {
          "service": {
            "type": "string"
          },
          "pattern": {
            "type": "string"
          },
          "lines": {
            "type": "number"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "service": {
            "type": "string"
          },
          "total_fetched": {
            "type": "number"
          },
          "matched": {
            "type": "number"
          },
          "lines": {
            "type": "array",
            "items": {
              "type": "string"
            }
          }
        }
      }
    },
    {
      "name": "approve_sie_finding",
      "display_name": "Approve SIE Finding",
      "description": "Approve a specific SIE security finding by queue index. Applies the fixer, seals a ProofLink receipt, removes item from queue. EXECUTE \u2014 modifies files on disk.",
      "required_scopes": [
        "write"
      ],
      "tier": "execute",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "CM-3",
        "CM-6",
        "AU-10",
        "SI-2"
      ],
      "input_schema": {
        "type": "object",
        "required": [
          "index"
        ],
        "properties": {
          "index": {
            "type": "number",
            "description": "Queue index from get_sie_queue"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "fix_result": {
            "type": "object"
          },
          "receipt_id": {
            "type": "string"
          },
          "remaining": {
            "type": "number"
          }
        }
      }
    },
    {
      "name": "trigger_sie_scan",
      "display_name": "Trigger SIE Scan",
      "description": "Kick off a fresh SIE platform scan. dry-run detects only; apply fixes safe_auto items and seals receipts. Background job \u2014 check get_platform_briefing ~2 min later.",
      "required_scopes": [
        "invoke"
      ],
      "tier": "execute",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "CA-7",
        "RA-5",
        "SI-2",
        "SI-4"
      ],
      "input_schema": {
        "type": "object",
        "properties": {
          "mode": {
            "type": "string",
            "enum": [
              "dry-run",
              "apply"
            ],
            "description": "Scan mode (default: dry-run)"
          },
          "use_llm": {
            "type": "boolean",
            "description": "Use Nemotron for ranking (default: true)"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "started": {
            "type": "boolean"
          },
          "mode": {
            "type": "string"
          },
          "note": {
            "type": "string"
          }
        }
      }
    },
    {
      "name": "get_iself_journal",
      "display_name": "Get iSELF Healing Journal",
      "description": "Retrieve iSELF self-healing history: what failed, root cause diagnosis, patch applied (systemctl restart / config fix), success/failure, and confidence score per event.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "AU-2",
        "AU-3",
        "IR-4",
        "SI-4"
      ],
      "input_schema": {
        "type": "object",
        "properties": {
          "limit": {
            "type": "number",
            "description": "Most-recent entries to return (default 20, max 100)"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "total": {
            "type": "number"
          },
          "entries": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "ts": {
                  "type": "number"
                },
                "service": {
                  "type": "string"
                },
                "action": {
                  "type": "string"
                },
                "root_cause": {
                  "type": "string"
                },
                "patch_applied": {
                  "type": "string"
                },
                "patch_success": {
                  "type": "boolean"
                },
                "confidence": {
                  "type": "number"
                }
              }
            }
          }
        }
      }
    },
    {
      "name": "brain_query",
      "display_name": "Query Agent Brain",
      "description": "Search the iTechSmart 5-layer Agent Brain (L1 .md files, L2 Wiki, L3 Letta vector, L4 Knowledge Graph). Returns context, related agents, and knowledge graph connections.",
      "parameters": {
        "type": "object",
        "properties": {
          "query": {
            "type": "string",
            "description": "Search query"
          },
          "layers": {
            "type": "string",
            "description": "Comma-separated layers to search: md,wiki,vector,graph (default: all)"
          },
          "limit": {
            "type": "integer",
            "description": "Max results per layer (default: 10)"
          }
        },
        "required": [
          "query"
        ]
      }
    },
    {
      "name": "cluster_status",
      "display_name": "Get Cluster Status",
      "description": "Returns the current multi-regional cluster topology \u2014 registered sites, heartbeat timestamps, and inter-site latency. Use this to check cluster health before cross-site operations.",
      "parameters": {
        "type": "object",
        "properties": {
          "include_peers": {
            "type": "boolean",
            "description": "Include peer site details (default: true)"
          }
        }
      }
    },
    {
      "name": "port_registry",
      "display_name": "Query Port Registry",
      "description": "Query or check the iTechSmart port registry to avoid port conflicts. Lists all registered ports with service name and owner. Use before assigning a new port.",
      "parameters": {
        "type": "object",
        "properties": {
          "action": {
            "type": "string",
            "description": "Action: list, check, or register (default: list)"
          },
          "port": {
            "type": "integer",
            "description": "Port number to check or register"
          },
          "service": {
            "type": "string",
            "description": "Service name when registering a port"
          }
        }
      }
    },
    {
      "name": "integration_status",
      "display_name": "Integration Status Sweep",
      "description": "Parallel health check across all wired third-party integrations: Langfuse LLM observability, RAGflow RAG platform, Shuffle SOAR, Tactical RMM, MeshCentral device management, and Probo compliance. Returns ok:true/false and service-specific metadata for each.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "CA-7",
        "SI-4"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "ok": {
            "type": "boolean"
          },
          "integrations": {
            "type": "object",
            "description": "Map of service name to health result"
          }
        }
      }
    },
    {
      "name": "langfuse_health",
      "display_name": "Langfuse Health",
      "description": "Check Langfuse LLM observability platform health. Returns ok status and organisation name.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "AU-2",
        "AU-12",
        "CA-7"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "ok": {
            "type": "boolean"
          },
          "org": {
            "type": "string"
          },
          "error": {
            "type": "string"
          }
        }
      }
    },
    {
      "name": "langfuse_trace",
      "display_name": "Create Langfuse Trace",
      "description": "Create a Langfuse trace to log an LLM interaction. Captures name, input, output, model, userId, tags, and arbitrary metadata. Returns the trace ID on success.",
      "required_scopes": [
        "invoke"
      ],
      "tier": "execute",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "AU-2",
        "AU-3",
        "AU-12"
      ],
      "input_schema": {
        "type": "object",
        "required": [
          "name"
        ],
        "properties": {
          "name": {
            "type": "string",
            "description": "Trace name / operation label"
          },
          "input": {
            "description": "Input payload (any JSON value)"
          },
          "output": {
            "description": "Output payload (any JSON value)"
          },
          "model": {
            "type": "string",
            "description": "Model ID (e.g. claude-sonnet-4-6)"
          },
          "userId": {
            "type": "string",
            "description": "End-user identifier"
          },
          "tags": {
            "type": "array",
            "items": {
              "type": "string"
            },
            "description": "Trace tags"
          },
          "metadata": {
            "description": "Arbitrary metadata object"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "ok": {
            "type": "boolean"
          },
          "id": {
            "type": "string",
            "description": "Langfuse trace ID"
          }
        }
      }
    },
    {
      "name": "ragflow_health",
      "display_name": "RAGflow Health",
      "description": "Check RAGflow RAG platform health. Returns ok status and total dataset count.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "CA-7",
        "SI-4"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "ok": {
            "type": "boolean"
          },
          "datasetCount": {
            "type": "integer"
          },
          "error": {
            "type": "string"
          }
        }
      }
    },
    {
      "name": "ragflow_query",
      "display_name": "RAGflow Knowledge Query",
      "description": "Query the RAGflow knowledge base with a natural-language question. Searches across uploaded documents and returns the answer with source citations. Optionally filter to specific dataset IDs.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "AU-2",
        "SI-4"
      ],
      "input_schema": {
        "type": "object",
        "required": [
          "question"
        ],
        "properties": {
          "question": {
            "type": "string",
            "description": "Natural-language question (max 2000 chars)"
          },
          "dataset_ids": {
            "type": "array",
            "items": {
              "type": "string"
            },
            "description": "Optional dataset ID filter"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "ok": {
            "type": "boolean"
          },
          "answer": {
            "type": "string"
          },
          "sources": {
            "type": "array"
          },
          "error": {
            "type": "string"
          }
        }
      }
    },
    {
      "name": "shuffle_health",
      "display_name": "Shuffle SOAR Health",
      "description": "Check Shuffle SOAR platform health. Returns ok status, authenticated user, and active workflow count.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "CA-7",
        "IR-4"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "ok": {
            "type": "boolean"
          },
          "user": {
            "type": "string"
          },
          "workflowCount": {
            "type": "integer"
          },
          "error": {
            "type": "string"
          }
        }
      }
    },
    {
      "name": "shuffle_trigger",
      "display_name": "Trigger Shuffle Workflow",
      "description": "Trigger a Shuffle SOAR workflow by workflow UUID. Optionally pass a JSON body to the workflow execution trigger. Returns execution result and status.",
      "required_scopes": [
        "invoke"
      ],
      "tier": "execute",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "IR-4",
        "IR-5",
        "CA-7"
      ],
      "input_schema": {
        "type": "object",
        "required": [
          "workflow_id"
        ],
        "properties": {
          "workflow_id": {
            "type": "string",
            "description": "Shuffle workflow UUID"
          },
          "body": {
            "description": "Optional JSON body passed to the workflow trigger"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "ok": {
            "type": "boolean"
          },
          "execution_id": {
            "type": "string"
          },
          "error": {
            "type": "string"
          }
        }
      }
    },
    {
      "name": "trmm_health",
      "display_name": "Tactical RMM Health",
      "description": "Check Tactical RMM platform health. Returns ok status and total enrolled agent count.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "CA-7",
        "CM-8"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "ok": {
            "type": "boolean"
          },
          "agentCount": {
            "type": "integer"
          },
          "error": {
            "type": "string"
          }
        }
      }
    },
    {
      "name": "trmm_agents",
      "display_name": "List TRMM Agents",
      "description": "List all Tactical RMM managed agents. Returns hostname, OS platform, status (online/offline/overdue), site name, client name, and last-seen timestamp per agent.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "CM-8",
        "CM-6",
        "SI-4"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "id": {
              "type": "integer"
            },
            "hostname": {
              "type": "string"
            },
            "plat": {
              "type": "string"
            },
            "status": {
              "type": "string",
              "enum": [
                "online",
                "offline",
                "overdue"
              ]
            },
            "site_name": {
              "type": "string"
            },
            "client_name": {
              "type": "string"
            },
            "last_seen": {
              "type": "string",
              "format": "date-time"
            },
            "monitoring_type": {
              "type": "string"
            }
          }
        }
      }
    },
    {
      "name": "trmm_summary",
      "display_name": "TRMM Agent Summary",
      "description": "Get Tactical RMM agent summary: total count, online, offline, overdue, and list of distinct site names.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "CA-7",
        "CM-8"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "total": {
            "type": "integer"
          },
          "online": {
            "type": "integer"
          },
          "offline": {
            "type": "integer"
          },
          "overdue": {
            "type": "integer"
          },
          "sites": {
            "type": "array",
            "items": {
              "type": "string"
            }
          }
        }
      }
    },
    {
      "name": "trmm_run_script",
      "display_name": "TRMM Run Script on Agent",
      "description": "Run a saved Tactical RMM script on a specific managed agent by agent ID and script ID. Returns job ID on success. EXECUTE \u2014 triggers real remote script execution.",
      "required_scopes": [
        "invoke"
      ],
      "tier": "execute",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "CM-6",
        "AU-10",
        "IR-4"
      ],
      "input_schema": {
        "type": "object",
        "required": [
          "agent_id",
          "script_id"
        ],
        "properties": {
          "agent_id": {
            "type": "string",
            "description": "TRMM agent ID or agent_id string"
          },
          "script_id": {
            "type": "integer",
            "description": "TRMM saved script ID (integer)"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "ok": {
            "type": "boolean"
          },
          "job_id": {
            "type": "integer"
          },
          "error": {
            "type": "string"
          }
        }
      }
    },
    {
      "name": "mesh_health",
      "display_name": "MeshCentral Health",
      "description": "Check MeshCentral remote device management health via meshctrl CLI. Returns ok status, admin username, and enrolled device count.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "CA-7",
        "CM-8"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "ok": {
            "type": "boolean"
          },
          "user": {
            "type": "string"
          },
          "deviceCount": {
            "type": "integer"
          },
          "error": {
            "type": "string"
          }
        }
      }
    },
    {
      "name": "mesh_devices",
      "display_name": "List MeshCentral Devices",
      "description": "List all devices enrolled in MeshCentral remote management. Returns device name, hostname, OS description, connectivity status, power state, IP address, and mesh group per device.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "CM-8",
        "CM-6",
        "SI-4"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "id": {
              "type": "string"
            },
            "name": {
              "type": "string"
            },
            "hostname": {
              "type": "string"
            },
            "os": {
              "type": "string"
            },
            "conn": {
              "type": "integer",
              "description": "Connectivity bitmask"
            },
            "pwr": {
              "type": "integer",
              "description": "Power state"
            },
            "ip": {
              "type": "string"
            },
            "group": {
              "type": "string",
              "description": "Mesh group ID"
            }
          }
        }
      }
    },
    {
      "name": "probo_health",
      "display_name": "Probo Compliance Health",
      "description": "Check Probo compliance platform health (SOC2 / EU AI Act control tracking). Returns ok status and total control count.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "CA-2",
        "CA-7"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "ok": {
            "type": "boolean"
          },
          "controlCount": {
            "type": "integer"
          },
          "error": {
            "type": "string"
          }
        }
      }
    },
    {
      "name": "probo_controls",
      "display_name": "List Probo Controls",
      "description": "List all Probo compliance controls with status, category, and description. Covers SOC 2 Type II and EU AI Act control frameworks.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "CA-2",
        "CA-7",
        "AU-6"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "id": {
              "type": "string"
            },
            "name": {
              "type": "string"
            },
            "status": {
              "type": "string"
            },
            "category": {
              "type": "string"
            },
            "description": {
              "type": "string"
            }
          }
        }
      }
    },
    {
      "name": "probo_risks",
      "display_name": "List Probo Risks",
      "description": "List all Probo compliance risks with severity level and status. Use with probo_summary for a full compliance picture.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "RA-3",
        "CA-7"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "id": {
              "type": "string"
            },
            "name": {
              "type": "string"
            },
            "level": {
              "type": "string",
              "enum": [
                "high",
                "medium",
                "low"
              ]
            },
            "status": {
              "type": "string"
            }
          }
        }
      }
    },
    {
      "name": "probo_summary",
      "display_name": "Probo Compliance Summary",
      "description": "Get Probo compliance aggregate summary: control pass/fail/not-started counts, risk high/medium/low breakdown, and task open/done totals.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "CA-2",
        "CA-7",
        "RA-3",
        "AU-6"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "controls": {
            "type": "object",
            "properties": {
              "total": {
                "type": "integer"
              },
              "passed": {
                "type": "integer"
              },
              "failed": {
                "type": "integer"
              },
              "notStarted": {
                "type": "integer"
              }
            }
          },
          "risks": {
            "type": "object",
            "properties": {
              "total": {
                "type": "integer"
              },
              "high": {
                "type": "integer"
              },
              "medium": {
                "type": "integer"
              },
              "low": {
                "type": "integer"
              }
            }
          },
          "tasks": {
            "type": "object",
            "properties": {
              "total": {
                "type": "integer"
              },
              "open": {
                "type": "integer"
              },
              "done": {
                "type": "integer"
              }
            }
          }
        }
      }
    },
    {
      "name": "get_learning_queue",
      "display_name": "Learning Arbiter \u2014 Review Queue",
      "description": "Get patterns pending human approval from the Learning Arbiter. These are Tier 2 items (score 50-85) that require human sign-off before promotion to the Mega Brain.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "AT-2",
        "CA-7",
        "SI-7"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "pending_count": {
            "type": "integer"
          },
          "shadow_queue_count": {
            "type": "integer"
          },
          "items": {
            "type": "array"
          },
          "known_patterns": {
            "type": "integer"
          }
        }
      }
    },
    {
      "name": "approve_learning_item",
      "display_name": "Learning Arbiter \u2014 Approve Pattern",
      "description": "Approve a Tier 2 learning pattern for promotion to Agent Brain + Weaviate. Provide the pattern_id from get_learning_queue.",
      "required_scopes": [
        "write"
      ],
      "tier": "governance",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "AT-2",
        "CA-7",
        "SI-12"
      ],
      "input_schema": {
        "type": "object",
        "properties": {
          "pattern_id": {
            "type": "string",
            "description": "Pattern ID from get_learning_queue (e.g. pat-abc123456789)"
          }
        },
        "required": [
          "pattern_id"
        ]
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "approved": {
            "type": "boolean"
          },
          "pattern_id": {
            "type": "string"
          },
          "message": {
            "type": "string"
          }
        }
      }
    },
    {
      "name": "get_learning_metrics",
      "display_name": "Learning Arbiter \u2014 Metrics",
      "description": "Get Learning Arbiter cycle metrics: patterns processed, tier distribution, promotion counts, and known pattern library size.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": false,
      "nist_controls": [
        "AU-6",
        "CA-7",
        "PM-6"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "object",
        "properties": {
          "last_run": {
            "type": "string"
          },
          "total_processed": {
            "type": "integer"
          },
          "total_promoted": {
            "type": "integer"
          },
          "total_rejected": {
            "type": "integer"
          },
          "known_patterns": {
            "type": "integer"
          },
          "pending_review": {
            "type": "integer"
          },
          "shadow_queue": {
            "type": "integer"
          }
        }
      }
    },
    {
      "name": "prooflink.verify_chain",
      "display_name": "ProofLink \u2014 Verify Chain",
      "description": "Read-only audit scope for verifying the ProofLink receipt chain. Alias of get_receipt_chain.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "AU-2",
        "AU-6",
        "AU-12"
      ],
      "input_schema": {
        "type": "object",
        "properties": {
          "limit": {
            "type": "integer"
          },
          "container": {
            "type": "string"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {}
      }
    },
    {
      "name": "prooflink.verify_receipt",
      "display_name": "ProofLink \u2014 Verify Receipt",
      "description": "Read-only audit scope for verifying a single ProofLink receipt by ID. Alias of verify_prooflink_receipt.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "AU-2",
        "AU-6",
        "AU-12"
      ],
      "input_schema": {
        "type": "object",
        "properties": {
          "receipt_id": {
            "type": "string"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {}
      }
    },
    {
      "name": "prooflink.search_receipts",
      "display_name": "ProofLink \u2014 Search Receipts",
      "description": "Read-only audit scope for searching recent ProofLink receipts for post-hoc reconstruction.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "AU-2",
        "AU-6",
        "AU-12"
      ],
      "input_schema": {
        "type": "object",
        "properties": {
          "limit": {
            "type": "integer"
          },
          "container": {
            "type": "string"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {}
      }
    },
    {
      "name": "mission.list_incidents",
      "display_name": "Mission \u2014 List Incidents",
      "description": "Read-only mission scope for recent autonomous IT incidents.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "AU-2",
        "AU-6",
        "AU-12"
      ],
      "input_schema": {
        "type": "object",
        "properties": {
          "limit": {
            "type": "integer"
          },
          "since": {
            "type": "string"
          }
        }
      },
      "output_schema": {
        "type": "object",
        "properties": {}
      }
    },
    {
      "name": "mission.cluster_health",
      "display_name": "Mission \u2014 Cluster Health",
      "description": "Read-only mission scope for cluster health.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "AU-2",
        "AU-6",
        "AU-12"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "object",
        "properties": {}
      }
    },
    {
      "name": "compliance.audit_summary",
      "display_name": "Compliance \u2014 Audit Summary",
      "description": "Read-only compliance scope for CISO and auditor review.",
      "required_scopes": [
        "read"
      ],
      "tier": "read_only",
      "prooflink_receipt_generated": true,
      "nist_controls": [
        "AU-2",
        "AU-6",
        "AU-12"
      ],
      "input_schema": {
        "type": "object",
        "properties": {}
      },
      "output_schema": {
        "type": "object",
        "properties": {}
      }
    }
  ]
}
