vmware-harden
VMware vSphere compliance and hardening — read-only baseline scanning plus drift detection across CIS, DISA STIG, vSphere SCG, China DJCP 2.0, and PCI-DSS frameworks. Includes LLM-powered remediation suggestions; apply-side gated through the vmware-pilot approval workflow.
README
vmware-harden
<!-- mcp-name: io.github.zw008/vmware-harden -->
Disclaimer: Community-maintained open-source project. Not affiliated with, endorsed by, or sponsored by VMware, Inc. or Broadcom Inc. "VMware", "vSphere", "ESXi", and "NSX" are trademarks of Broadcom. Source code is publicly auditable at github.com/zw008/VMware-Harden under the MIT license.
AI-native VMware compliance and baseline enforcement. Sibling to the vmware-* skill family.
v1.5.18 — GA family member
Production-ready compliance platform with 6 built-in baselines (CIS ESXi, vSphere SCG v8, 等保 2.0 三级, PCI-DSS 4.0, EU NIS2, BSI IT-Grundschutz), 87 rules, multi-vCenter Twin, drift detection, LLM Remediation Advisor, MCP server with 6 audited tools, web dashboard, and vmware-harden doctor environment diagnostics.
Quickstart
uv tool install vmware-harden
# List built-in baselines
vmware-harden baseline list
# Run a scan
vmware-harden scan --target <vcenter-name> --baseline cis-vmware-esxi-8.0-subset
# Or use 等保 2.0 三级 (国内合规独家)
vmware-harden scan --target <vc> --baseline dengbao-2.0-level3-vmware
# View results
vmware-harden report
vmware-harden drift
# Generate remediation suggestions
export ANTHROPIC_API_KEY=... # optional; falls back to mock without
vmware-harden advise --all-critical
# Web dashboard
vmware-harden web --port 8080 # → http://127.0.0.1:8080
Built-in baselines
| Baseline | Rules | Applies to | Source |
|---|---|---|---|
cis-vmware-esxi-8.0-subset |
20 | host | CIS Benchmark v1.0 |
vsphere-scg-v8-subset |
15 | host, vm | VMware vcf-security-and-compliance-guidelines |
dengbao-2.0-level3-vmware |
20 | host, vm, datastore, dfw_rule | GB/T 22239-2019 三级 |
pci-dss-4.0-vmware |
10 | host, dfw_rule | PCI-DSS v4.0 |
eu-nis2-vmware |
12 | host, dfw_rule | EU NIS2 Directive (Articles 21/23, Annex I) |
bsi-itgs-basisabsicherung-vmware |
10 | host | BSI IT-Grundschutz (OPS.1.1.4 + SYS.1.1) |
Custom baselines
vmware-harden baseline validate ./my-strict.yaml
vmware-harden baseline import ./my-strict.yaml --name my-strict-cis
vmware-harden scan --target <vc> --baseline my-strict-cis
YAML supports extends: for inheriting from a built-in baseline. See skills/vmware-harden/references/cli-reference.md.
MCP server
vmware-harden-mcp # stdio MCP server
Configure your MCP client with one of examples/mcp-configs/*.json. 6 read-only tools: list_baselines, list_violations, get_remediation, list_drift_events, get_baseline_rules, scan_target.
Architecture
- Estate Digital Twin — DuckDB single file at
~/.vmware-harden/twin.duckdb. Multi-target safe via target prefix on all node IDs. - Collectors — lazy-import sibling vmware-* skills (no spawn overhead). All scans are READ; writes deferred to vmware-pilot.
- Baseline schema — Pydantic v2, strict (
extra="forbid"),extends:inheritance, user-dir override. - Drift — pure diff function with optional persistence; auto-runs after every scan.
- Advisor — LLM-driven Suggestion generation; Anthropic provider with prompt caching; mock fallback for tests / no-API-key environments.
- Audit — every MCP tool wrapped with
@vmware_toolfrom family vmware-policy. - Web — FastAPI + Jinja2 + Tailwind/HTMX/ECharts CDN.
Lab regression
export VMWARE_HARDEN_LAB_TARGET=<your-vc>
pytest tests/eval/regression -v -m lab
Family
- vmware-aiops — host inventory + ops (used by harden's HostCollector)
- vmware-monitor — read-only counterpart
- vmware-storage — datastore inventory
- vmware-nsx-security — DFW inventory
- vmware-pilot — execute remediations (writes; out of scope for harden)
- vmware-policy —
@vmware_toolaudit decorator
Acceptance criteria for v1.5.18
- 221 tests passing
- Bandit: 0 issues at any severity
- All 6 MCP tools audited
- SKILL.md ≤ 3000 words, family-convention compliant
- SECURITY.md with 6 elements + Broadcom disclaimer
- 6 built-in baselines (87 rules)
vmware-harden doctorfor environment diagnostics- GA member of vmware-* family (version-aligned at 1.5.18)
References
- Design: parent monorepo
docs/plans/2026-05-03-vmware-harden-design.md - M1/M2/M3 plans:
docs/plans/2026-05-04-vmware-harden-{m1,m2,m3}-plan.md - Family CLAUDE.md:
/Users/zw/testany/myskills/CLAUDE.md
License
MIT
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.