Action packs

Apache version, modules, mod_status snapshot, config syntax check, vhost dump, error/access log tails, plus narrow mutators (graceful reload, graceful stop). Full restart not included — use systemd for that.

Metric + alarm + log group + log stream + log query introspection. Read-only. Auth via AWS_PROFILE.

Read-only AWS spend introspection — month-to-date by service, by account, forecast. Auth via AWS_PROFILE with ce:* permissions. Cost Explorer must be enabled.

EC2 instance inventory + state introspection plus narrow mutators (stop, start, reboot, terminate). Auth via AWS_PROFILE + AWS_REGION on the runner host.

IAM introspection — users, roles, policies, attached policies, access keys — plus incident-response mutators: deactivate access key, delete access key, detach user policy. Auth via AWS_PROFILE. Routine IAM changes belong in IaC; these actions are for emergency lockout.

RDS instance + cluster inventory, parameter groups, snapshots, plus narrow operator actions (reboot, create-snapshot). Auth via AWS_PROFILE. Does NOT include delete-instance/delete-cluster.

Read-only S3 introspection — bucket inventory, per-bucket versioning/policy/encryption/lifecycle, object listing + metadata. Excludes every mutator (no put-bucket-*, no delete-*). Object-level changes belong in IaC. Auth via AWS_PROFILE.

Authoritative/recursive BIND ops: rndc status + stats, zone validation, cache inspection, local resolution probes, plus narrow operator actions (rndc reload, zone freeze/thaw). Requires rndc key on the runner host.

Inspect Linux network bonding / LACP: list bond interfaces, read a bond's full status from /proc/net/bonding (mode, LACP actor/partner state, per-slave link status), and show link-layer details. Read-only.

Caddy v2 ops via its admin API (default http://127.0.0.1:2019) and CLI. Config dump, upstream health, PKI inventory, config validation, plus reload (live config swap). Set CADDY_ADMIN env var if not on default.

Deep Cassandra ops via nodetool + cqlsh: topology (status, ring, gossip, describering, failure detector), health (tpstats, netstats, proxy + table histograms, compaction stats + history, throughput), schema introspection, maintenance mutators (snapshot, flush, cleanup, verify, compact, stop, throughput, cache invalidation), repair workflows, node lifecycle (drain, decommission, assassinate, removenode, rebuild), and logging level control. JMX on 127.0.0.1:7199.

ClickHouse server + table introspection plus narrow mutators (OPTIMIZE, KILL QUERY, SYSTEM RELOAD CONFIG). Auth via CH_HOST + CH_USER + CH_PASSWORD env vars on the runner host. Uses clickhouse-client with --query to keep arg surface minimal.

cloud-init introspection + boot diagnostics + stage re-runs. Use when an EC2/GCE/Azure VM finishes booting but the workload didn't come up the way it should: check overall status, blame slow modules, dump user-data / cloud-config / vendor-data as the instance actually saw them, tail the cloud-init logs, and (with operator approval) re-run individual modules or the full init pipeline.

Read-only zone, DNS record, cache, firewall, and analytics introspection plus narrow mutators (purge cache, enable/disable dev mode). Auth via CF_API_TOKEN env var.

Deep Consul ops — agent self/metrics/host introspection, operator raft + autopilot + reload, catalog (services + nodes + datacenters), health (passing/warning/critical) with force-pass/fail/warn check mutators, KV (get/list/recursive), ACL tokens/policies/roles, Connect mesh (CA roots, intentions), sessions, prepared queries, snapshots (save/inspect/restore), and narrow operator actions (deregister, maintenance, raft remove-peer). Auth via CONSUL_HTTP_ADDR + CONSUL_HTTP_TOKEN env vars.

Operator pack for Debian/Ubuntu hosts. Read-only inventory and patching diagnostics, plus narrow apt install/remove actions for a single named package. Designed for production hosts where a human approver must see the package name before a write happens.

General-purpose Linux diagnostics + low-level remediation: process and memory tops, vmstat/iostat snapshots, socket inventories, per-PID inspection, kernel-state checks, network reachability, plus fix-it actions (drop_caches, kill_pid by signal, sysctl_set). Use as the first-touch pack when something is wrong.

Counterpart to the `debian` pack for RHEL/CentOS/Fedora/Alma/Rocky: rpm inventory, dnf check-update, narrow install/remove actions for a single named package. Equivalent risk model to the apt counterpart.

Operator pack for Docker hosts: read-only inventory and per-container introspection, plus narrow mutators (restart, stop, kill, prune). Includes docker-compose support. The runner uid must be in the docker group; this pack does NOT escalate.

Cluster + index introspection plus narrow mutators (cache_clear, force_merge, flush_synced, close_index). Auth via ELASTIC_USER + ELASTIC_PASSWORD env vars on the runner host. Does NOT include delete_index — too easy to misuse.

Envoy admin-API ops: cluster + listener + runtime + config + cert inventory, server info, logging level read/write, plus traffic-shifting mutators (drain listeners, healthcheck fail/ok, reset counters) for planned failovers and incident response. Default admin URL http://127.0.0.1:9901; override via ENVOY_ADMIN env.

fail2ban inventory + per-jail banned-IP listings plus operator mutators for incident response: ban an IP into a jail, unban a false positive, reload jail filters from disk.

iptables, nftables, conntrack, and traffic-control inspection plus narrow operator actions for incident response (block IP, unblock IP, flush chain). Rule edits are not persisted across iptables service reload — use IaC for permanent rules.

Query the local FRRouting daemons via vtysh — BGP summary + neighbors, BFD peers, IP route summary, and interface state. Read-only `show` commands.

Generic filesystem operations an LLM-driven runner needs constantly: bounded find, recursive grep, file head/tail/hash, du, ls -la, stat. All read-only. Paths are validated against simple patterns; the runner's symlink-containment + audit redaction layers still apply on top.

Read-only git operations against a checkout living on the runner host (e.g. /opt/myapp). For remote-GitHub-API work, see the `github-cli` pack. The repo directory must live at GIT_REPO env var on the runner host.

GitHub introspection — PRs, issues, repos, workflow runs, releases, commit checks, search — plus operator actions: merge PR, close PR, rerun workflow, dispatch workflow. Authenticates via the runner host's `gh auth status` token (i.e. ~/.config/gh).

Grafana admin-API ops — datasource health, dashboard listings, alert state, user list, version, settings. Read-only. Auth via GRAFANA_URL + GRAFANA_TOKEN env vars on the runner host.

Stats, server state, frontends/backends, session inventory, plus narrow mutators to enable/disable backend servers. Talks to the HAProxy admin socket. Set HAPROXY_SOCK env var on the runner host.

Inspect the host's iSCSI initiator (open-iscsi): active sessions, per-session detail (targets, connections, negotiated parameters), configured target nodes, and initiator interfaces. Read-only.

JVM diagnostics via jcmd/jstack/jmap/jstat/JFR. Requires runner uid to match the JVM process owner (or CAP_SYS_PTRACE) — actions return a permission error cleanly when uid doesn't match.

Topic introspection, consumer-group lag, broker config, ACLs, and narrow mutators (reset_offsets, alter_topic_retention, delete_consumer_group, preferred_leader_election). Auth via KAFKA_BOOTSTRAP env var on the runner host plus optional KAFKA_COMMAND_CONFIG (jaas / SASL / SSL).

Operator pack for Kubernetes clusters: discovery (pods, nodes, services, deployments), deep introspection (describe, logs, events), rollouts (status, history, restart, undo), and narrow node/pod mutators (cordon, drain, delete). Cluster targeting via KUBECONFIG env var on the runner host; context selectable per call.

Read-only Linux diagnostics plus narrow service control. Disk, mem, uptime, journalctl, log grep + tail, users/auth introspection, cron audit, network state, kernel info, and systemctl control. The front-line pack every Linux host gets.

Read-only memcached introspection via the `stats` ASCII protocol — general stats, slab usage, item counts, sizes. Plus FLUSH_ALL as a critical mutator. Target host/port via MEMCACHED_HOST + MEMCACHED_PORT env vars on the runner host (default 127.0.0.1:11211).

Cluster + bucket + user introspection plus operator surface (user enable/disable, bucket heal, cluster service restart). Talks to mc CLI configured via MC_HOST_<alias> env var on the runner host.

Replica-set + shard-cluster introspection, slow-query identification, collection stats, plus remediation surface (killOp, replSet stepDown, collection compact, dropIndex). Authenticates via MONGO_URI env var on the runner host.

Inspect device-mapper multipath: the multipath topology (multipath -ll), the effective config (multipath -t), and live path + map state queried from the running multipathd. Read-only.

Read-only MySQL diagnostics plus narrow operator actions for killing queries, flushing logs, and analyzing tables. Authenticates via ~/.my.cnf or MYSQL_PWD env var on the runner host — never via per-call credentials over the wire.

DNS lookups, reachability probes, TLS certificate inspection, and HTTP timing tests. All read-only. Use for "is X reachable?" and "what's the cert expiry on Y?" questions.

Inspect a host's NFS exports, mounted shares, RPC state, active client connections. Plus one narrow operator action (exportfs -r). Read-only except the re-export.

Operator pack for nginx — read-only status + access-log analysis, TLS cert probes, and narrow operator actions (test_config, reload, graceful quit, stop). Full restart is intentionally not included; use systemd for that.

Inspect physical network interface cards via ethtool: driver and firmware versions across every NIC (the "what firmware is my i40e fleet running?" check), plus per-interface link settings, hardware counters, offload features, and ring-buffer sizes. Read-only — no ethtool SET operations.

PM2 process inventory + logs + per-app introspection, plus narrow mutators (restart, reload, stop, scale). Requires the runner to be the same uid as the PM2 daemon (or set PM2_HOME).

Deep Nomad operations — full job lifecycle (inspect, history, scale, dispatch, revert, promote, stop), allocation introspection + restart + signal + stop, node fleet management (drain, eligibility, purge), evaluation + deployment status, operator raft + autopilot, CSI + host volumes, ACL policies + tokens, namespaces + quotas. Authenticates via NOMAD_ADDR + NOMAD_TOKEN on the runner host.

Operate a pfSense firewall over its REST API: read firewall rules, NAT, aliases, interface / gateway / service / VPN status, DHCP leases, routes, ARP, CARP, and logs, plus a few gated mutators (apply filter, flush states, restart a service, reboot). Uses the community pfSense-pkg-RESTAPI package (/api/v2), which runs on the firewall and works across CE and Plus.

PHP runtime + FPM pool introspection — version, modules, ini, pool status (via fpm_status endpoint), error + slow logs, OPcache state, Composer manifest. Read-only. Set PHP_FPM_STATUS_URL env to point to the FPM status endpoint.

Read-only inventory + per-container introspection plus narrow mutators (restart, stop, kill, prune). Drop-in alternative for Docker on RHEL / Fedora hosts. Rootless mode supported as long as the runner uid matches the user that owns the containers.

Queue inspection, config dump, log tailing, plus narrow operator actions (flush, requeue, delete-by-queue-id). These mutators are high- or critical-risk; the reversible hold/release pause is medium. All are audited. Postfix uid must own the runner OR runner must be in the postdrop group.

Deep Postgres operations — activity introspection, session/lock diagnostics, table + index analytics (bloat, dead tuples, unused indexes), WAL + replication state, progress views, EXPLAIN, and a curated set of operator-tier mutators (cancel/terminate backend, ANALYZE, VACUUM, REINDEX CONCURRENTLY). Authenticates via PG* env vars on the runner host.

Deep per-process diagnostics for "why is this process stuck / slow / leaking?" — strace (HIGH RISK; slows the target), pid memory maps, per-thread state, /proc walking, gdb backtrace, full lsof, syscall summary. Read-only — but strace and gdb attach via ptrace and WILL slow the target.

Server status, target health, alertmanager linkage, instant + range queries, rule listing, TSDB stats, plus admin-API actions for remediation: reload config, take snapshot, clean tombstones, delete series. Admin endpoints require --web.enable-admin-api + --web.enable-lifecycle.

Read-only access to a Pure Storage FlashArray over its Purity//FA REST API 2.x: array identity / capacity / performance, alerts, controller and hardware / drive health, volumes and per-volume space, the host -> volume -> LUN connection map, host and target-port identities, per-controller network interface state, and replication / array-connection status. Drives a remote array via curl; every call is a GET.

Inspect a Python deployment — interpreter + venv state, pip inventory + freeze, dependency conflicts, outdated packages, sys.path. Read-only. Most actions act on the venv at PY_VENV env var (default /opt/app/venv).

Cluster, queue, exchange, binding, connection, channel, and consumer inventory plus narrow operator actions (purge_queue, set_policy, force_close_connection). Uses rabbitmqctl + rabbitmqadmin on the runner host.

Deep Redis ops — INFO + memory accounting, slowlog + per-event latency, command stats, client list/kill/pause, keyspace introspection (SCAN, TYPE, TTL, OBJECT encoding/refcount/idle/freq, MEMORY USAGE), config get/set/rewrite/resetstat, ACL list/whoami/getuser, cluster topology (info, nodes, slots, slot-count, check), cluster operators (failover, forget, replicaof), persistence (lastsave, bgsave, bgrewriteaof, memory purge/doctor), streams + pub/sub introspection, script cache flush, and tier-critical actions (flush_db, flushall, swapdb, shutdown_nosave). Authenticates via REDISCLI_AUTH / REDIS_* env vars on the runner host — never via per-call credentials.

Synthetic pack that demonstrates every action-schema feature in one place: all arg types, every validation, both parsers, both kinds, opts envelope bounds, and per-action redaction rules. Not a production pack — use it as a reference when authoring real ones.

Inspect TLS certificates and keys on the local filesystem — find PEMs under a path, dump x509 details, check chain, verify private-key match, inspect PKCS#12. Read-only. Pair with `network-tls` for the remote-side view.

Deeper systemd state than linux-core: failed units, list-units, timers, cgroup tree, journal disk usage, systemd-analyze for boot diagnosis, plus full operator surface (daemon-reload, start/stop/ restart/reload, kill -s signal, mask/unmask, reset-failed) for remediating runtime issues.

Inspect the host's Tailscale node via the tailscale CLI: tailnet status and peer/online map, network connectivity (netcheck DERP latency, port-mapping), ping to peers, whois lookups, this node's tailnet IPs, version, available exit nodes, MagicDNS/DNS config, and the current prefs (advertised routes, configured exit node). Read-only.

Read-only Terraform CLI actions for inspecting a workspace. NO apply, NO destroy, NO state mutation — those should happen in CI, not via a runner. Operates in the directory given by TF_DIR env var.

Clock-sync state: chrony tracking + sources, NTP peer status, current time, drift estimate, timezone, plus fix actions (chronyc makestep, enable/disable NTP). Use when a host's clock is drifting (a common cause of TLS / auth / log-correlation bugs).

Read-only visibility into a Traefik (v2/v3) edge router over its HTTP API: the overview, entrypoints, and the full HTTP/TCP/UDP router + service + middleware inventory (each carrying its status and error list, so you can see which router is broken), the raw dynamic-config dump, version, liveness ping, and Prometheus metrics. ACME/Let's Encrypt certificate state is read from the on-disk acme.json (no API exposes it), and access-log 4xx/5xx tails mirror the nginx pack. Default API at http://127.0.0.1:8080 (api.insecure mode); override via TRAEFIK_URL.

Read-only diagnostics for a Typesense search node over its HTTP API: health and node/raft state, per-endpoint request stats and system metrics, the collection catalog and individual schemas, API-key metadata, and a tail of slow requests from the server log. One admin API key, streamed over curl stdin, unlocks the stats/metrics/debug endpoints a search-only key cannot read.

Vault status, seal state, auth/audit/secret backends, mount listing, token & lease introspection, plus operator surface for incident response: revoke lease, revoke leases by prefix, operator step-down, emergency seal. Auth via VAULT_ADDR + VAULT_TOKEN on the runner host. Does NOT include unseal — that requires quorum and shouldn't be automated through a runner.

Read-only ops for a Vector (vector.dev) pipeline running on the runner host: version + compiled-component inventory, offline config validation, the configured topology as Graphviz DOT, a bounded live event tap, plus health and per-component throughput reads over the local API. CLI subcommands talk to the local binary; the API reads hit 127.0.0.1:8686.

Read-only LogsQL access to VictoriaLogs over its HTTP API: search log entries, hit histograms over time, stats aggregations (instant + range), and field / stream discovery. Express time ranges inside the LogsQL query via the _time filter. One base URL serves single-node and vmauth-fronted deployments; multitenancy via optional headers.

Read-only PromQL / MetricsQL access to VictoriaMetrics over its HTTP API: instant and range queries, series and label discovery, and the VM-specific status endpoints (TSDB cardinality, active queries, top queries). One base URL serves single-node, cluster (vmselect), and vmauth-fronted deployments.

WireGuard state — interfaces, peers, transfer counts, last handshakes — plus operator actions: bring iface up/down via wg-quick, remove a peer from a live iface. Use to debug connectivity or evict a compromised peer.

Pool status, dataset inventory, snapshot listing, scrub status, ARC stats, plus operator surface for storage incident response: scrub start/stop, clear pool errors, take/destroy snapshots, dataset rollback.

Cluster + 4lw command + watch + session introspection. Read-only. Set ZK_SERVERS env var (host:port,host:port,…). All four-letter words need to be in zoo.cfg's `4lw.commands.whitelist`.

Read-only inspection of a zot OCI registry over its HTTP API: the OCI distribution endpoints (version check, catalog, tags, manifests) plus the zot extensions — registry config/health (mgmt), Prometheus metrics, and a GraphQL search query that returns per-repo size and a newest-image vulnerability summary. Optional basic-auth credentials are streamed over curl stdin; many zot deployments allow anonymous read.