PSKit
Neural-safe PowerShell automation server for AI agents, enabling file management, git workflows, system inspection, and command execution with a 5-tier safety pipeline.
README
PSKit
Neural-safe PowerShell automation for AI agents
PSKit is a Model Context Protocol server that gives AI agents 38 PowerShell tools backed by a 5-tier neural safety pipeline. Every command passes through a KAN (Kolmogorov-Arnold Network) neural scorer before execution — catching dangerous patterns in under 1 millisecond.
Works on Windows, Linux, and macOS with any MCP-compatible client: Claude Desktop, Claude Code, Cursor, Windsurf, Continue.dev, and more.
Install
Recommended — no virtual environment needed
uvx pskit-mcp
With pip
pip install pskit-mcp
With HTTP transport (for shared/remote use)
pip install "pskit-mcp[http]"
pskit serve --http --port 8000
Platform support
| OS | Install PowerShell 7 | Notes |
|---|---|---|
| Windows 10/11 | ships pre-installed or winget install Microsoft.PowerShell |
full feature set |
| Ubuntu / Debian | Microsoft apt repo → sudo apt-get install powershell |
✅ |
| Fedora / RHEL | sudo dnf install powershell (after MS repo setup) |
✅ |
| Arch Linux | yay -S powershell-bin |
✅ |
| macOS | brew install --cask powershell |
✅ |
On Linux and macOS the system-info tools use native POSIX sources:
/proc/meminfo (Linux) or sysctl+vm_stat (macOS) for memory,
df for disks, ss -tlnp (Linux) or lsof (macOS) for open ports.
Package installer auto-detects apt, dnf, pacman, and brew alongside
pip, npm, cargo, and winget.
Quick Start
Claude Desktop
Add to %APPDATA%\Claude\claude_desktop_config.json (Windows),
~/Library/Application Support/Claude/claude_desktop_config.json (macOS),
or ~/.config/Claude/claude_desktop_config.json (Linux):
{
"mcpServers": {
"pskit": {
"command": "uvx",
"args": ["pskit-mcp"],
"env": {
"PSKIT_ALLOWED_ROOT": "/home/you/projects"
}
}
}
}
Replace PSKIT_ALLOWED_ROOT with your project root:
C:\Your\Projects on Windows, /home/you/projects on Linux,
/Users/you/projects on macOS.
Claude Code
claude mcp add pskit -- uvx pskit-mcp
Verify it works
pskit doctor
PSKit Doctor
+---------------------------+------+------------------------------------------+
| PowerShell (pwsh) | OK | PowerShell 7.5.0 |
| git | OK | git version 2.47.1 |
| ripgrep (rg) | OK | ripgrep 14.1.0 -- fast search active |
| nvidia-smi | WARN | not found -- gpu_status returns error |
| Ollama | OK | running at localhost:11434 |
| Allowed root | OK | /home/you/projects/myapp (or C:\... on Windows) |
| KAN model | WARN | no trained weights -- heuristic active |
+---------------------------+------+------------------------------------------+
What AI Agents Can Do
Once connected, an agent can autonomously work across your entire project:
# Map the project structure
find_files("*.py", max_results=50)
list_directory("src/")
# Read, search, and edit files precisely
read_file("src/auth.py")
search_code("TODO", include="*.py", context=3)
edit_file("src/auth.py",
old_text="def login(user):",
new_text="def login(user: str) -> bool:")
# Full git workflow
git_status() # branch, changes, ahead/behind
git_diff(staged=True)
git_commit("feat: add type hints to auth module")
git_push()
# Run builds and tests with structured results
result = build_project()
# { success: true, exit_code: 0, stdout: "...", duration_ms: 4821 }
result = test_project(filter_expr="test_auth")
# { success: true, passed: 12, failed: 0, skipped: 2, duration_ms: 1203 }
# System and network inspection
disk_usage() # { drive: "C", free_gb: 142.3, total_gb: 476.9 }
port_status("8080,11434,5432") # which services are listening
http_request("http://localhost:8000/health") # localhost only
# Check and install dependencies
which("rg") # { found: true, version: "14.1.0" }
install_package("requests", manager="pip")
Safety Pipeline
Every command passes through 5 tiers before execution:
Command Input
|
v
+---------------------------------------------+
| Tier 1 . Result Cache |
| SHA-256 keyed . 30s TTL . 128 LRU entries |
| Read-only hits served instantly |
+--------------------+------------------------+
| miss
v
+---------------------------------------------+
| Tier 2 . KAN Neural Scorer |
| 24 features . Kolmogorov-Arnold Network |
| Sub-millisecond risk classification |
+--------------------+------------------------+
|
v
+---------------------------------------------+
| Tier 3 . Dangerous Command Blocklist |
| Hard-blocks: Format-Volume, rm -rf, |
| mass deletion, privilege escalation |
+--------------------+------------------------+
|
v
+---------------------------------------------+
| Tier 4 . Path Safety Check |
| Enforces PSKIT_ALLOWED_ROOT boundary |
| Blocks writes outside project root |
+--------------------+------------------------+
| elevated only
v
+---------------------------------------------+
| Tier 5 . Gemma LLM Review (optional) |
| Ollama-backed . Fail-open if offline |
| Deep semantic analysis of intent |
+--------------------+------------------------+
|
v
Execute
KAN Neural Safety
PSKit uses a Kolmogorov-Arnold Network to score every command across 24 structural features before execution:
| Feature Group | What It Detects |
|---|---|
| Structure | command length, pipe depth, semicolons, nesting |
| Dangerous patterns | Invoke-Expression, deletion flags, --force --recurse |
| Network | outbound requests, drive mappings, mail |
| Credentials | Get-Credential, SecureString, -Password parameters |
| Obfuscation | base64 encoding, variable expansion, string interpolation |
| Persistence | registry writes, scheduled task creation, service installs |
| Output | redirection, file output, compression |
Unlike rule-based filters, KAN learns non-linear risk combinations. Scores 0.0 (safe) to 1.0 (dangerous) in under 1ms, acting as an always-on pre-filter before the optional Ollama LLM review.
Built-In Agent Workflows
PSKit ships 6 ready-to-use MCP prompts accessible from Claude's prompt library:
| Prompt | What It Does |
|---|---|
| Audit Project | Full sweep: git state, structure, build, tests, system health |
| Review Changes | Pre-commit diff review with commit message suggestion |
| Diagnose Build | Systematic failure investigation with specific code fix |
| Orient to Project | First-session orientation before starting any work |
| Refactor File | Targeted single-file cleanup with stash safety net |
| Write Tests For | Generate tests following existing project conventions |
Plus a pskit://guide resource Claude can read anytime for the complete tool reference, and a pskit://status resource for live server health.
Tools (38 total)
| Category | Tools |
|---|---|
| File | read_file, read_file_range, write_file, edit_file, move_file, delete_file, create_directory, list_directory, diff_files |
| Search | search_code (ripgrep + context lines), find_files |
| Shell | run_command (safety-gated arbitrary PS with progress) |
| Environment | get_env_vars, which, install_package |
| Git | git_status, git_diff, git_log, git_commit, git_branch, git_checkout, git_push, git_blame, git_stash, git_stash_pop |
| System | gpu_status, disk_usage, memory_usage |
| Network | port_status, process_info, http_request (private IPs only) |
| Build | build_project, test_project (structured results with pass/fail counts) |
All 38 tools return typed structured output with auto-generated JSON schemas. Annotated with readOnly, destructive, and idempotent hints so clients auto-approve safe operations and warn on destructive ones.
CLI
pskit serve # Start MCP server on stdio (default)
pskit serve --http # Start on streamable HTTP (port 8000)
pskit doctor # System health check
pskit audit # View recent command audit log with KAN scores
pskit version # Print version
Configuration
| Variable | Default | Description |
|---|---|---|
PSKIT_ALLOWED_ROOT |
Current directory | File writes sandboxed to this path |
PSKIT_POOL_SIZE |
3 |
Pre-warmed PowerShell session count |
PSKIT_SAFETY_MODEL |
gemma4:e2b |
Ollama model for Tier 5 review |
OLLAMA_BASE_URL |
http://localhost:11434 |
Ollama endpoint |
Or use pskit.config.toml in your project root:
[pskit]
allowed_root = "."
pool_size = 5
safety_model = "gemma3:4b"
Audit Log
Every command is logged to .pskit/audit.jsonl with KAN score, safety verdict, and duration:
pskit audit
PSKit Audit (last 50)
+---------------------+----------+-------+------+-------------------------------------+
| Time | Verdict | KAN | ms | Command |
+---------------------+----------+-------+------+-------------------------------------+
| 2026-04-06 15:42:11 | safe | 0.023 | 18 | Get-PSKitGitStatus |
| 2026-04-06 15:42:14 | safe | 0.031 | 247 | Read-PSKitFile 'src/auth.py' |
| 2026-04-06 15:42:19 | caution | 0.441 | 892 | Invoke-PSKitHttpRequest 'localhost' |
+---------------------+----------+-------+------+-------------------------------------+
Total: 47 Blocked: 0 Avg KAN: 0.089 Avg ms: 124
Requirements
- Python 3.11+
- PowerShell 7.0+ —
pwshon PATH (download) - PyTorch 2.0+ — for the KAN neural scorer
- ripgrep (optional) — faster file search when
rgis on PATH - Ollama (optional) — enables Tier 5 Gemma LLM safety review
Powered by Loom
PSKit was extracted from Loom, a multi-agent orchestration platform. Loom uses PSKit as its PowerShell execution layer.
Contributing
git clone https://github.com/Nickalus12/pskit
pip install -e ".[dev]"
python -m pytest tests/ -q # 38 tests, no live PS session required
ruff check src/ # lint
See CLAUDE.md for architecture docs and the guide to adding new tools.
License
MIT (c) 2025-2026 Nickalus Brewer
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.