Available Tools
Reference of tools available to the nctl ai agent.
The following tools are available to nctl ai. The agent selects the appropriate tool based on your request.
Tools by category
| Category | Tool | Description |
|---|---|---|
| Command execution | bash | Execute a bash command. Use when you need to run a shell command. |
| Command execution | kubectl | Command-line tool for interacting with Kubernetes clusters. |
| Policy | generate_policy | Generate a Kyverno policy. |
| Policy | generate_kyverno_tests | Generate Kyverno CLI tests for a policy. Returns filenames and contents for kyverno-test.yaml, resources.yaml, and optionally variables.yaml. |
| Policy | generate_chainsaw_tests | Generate or update Chainsaw tests for Kyverno policies. |
| Policy | run_kyverno_tests | Test Kyverno policies using the Kyverno CLI test command. |
| Security | remediate | Fix policy violations for a resource. |
| Security | scan_kubernetes_resources | Scan Kubernetes resource files against policies and return results. |
| Security | scan_kubernetes_cluster | Scan Kubernetes resources in a cluster against policies and return results. |
| Security | scan_terraform | Scan Terraform resources against policies and return results. |
| Security | scan_prompt | Scan LLM prompts against security policies for injection attacks, jailbreak patterns, PII leakage, credential exposure, and other risks. Accepts inline content, file paths, or directories. Returns policy evaluation results with a risk score. |
| Security | skills_scan | Scan a skill (folder or artifact) against policies and return a signed/hashed receipt with decision and findings. Normalizes the skill directory, applies Kyverno ValidatingPolicies, computes a trust score and decision (Allow/Review/Deny), and produces a receipt for later verification. |
| Communication | email | Send an email via Nirmata Control Hub (NCH). |
| Communication | list_slack_channels | List all Slack channels the user has access to. |
| Communication | send_slack_message | Send a message to a Slack channel via NCH. |
| File system | read_file | Read the complete contents of a file. |
| File system | read_multiple_files | Read the contents of multiple files in a single operation. |
| File system | write_file | Create a new file or overwrite an existing file with new content. |
| File system | modify_file | Update a file by finding and replacing text. Pattern matching without needing exact character positions. |
| File system | copy_file | Copy files and directories. |
| File system | move_file | Move or rename files and directories. |
| File system | delete_file | Delete a file or directory from the file system. |
| File system | create_directory | Create a new directory or ensure a directory exists. |
| File system | list_directory | Get a detailed listing of all files and directories in a specified path. |
| File system | tree | Return a hierarchical JSON representation of a directory structure. |
| File system | get_file_info | Retrieve detailed metadata about a file or directory. |
| File system | search_files | Recursively search for files and directories matching a pattern. |
| File system | search_within_files | Search for text within file contents. Scans text files for matching substrings; binary files are excluded. Reports file paths and line numbers. |
| File system | list_allowed_directories | Return the list of directories the server is allowed to access. |
| File system | add_allowed_directory | Add a directory to the allowed list for filesystem operations. Use when you get errors about directories being outside allowed directories. |
| Utility | todo | Manage a todo list (add, remove, update, list items). Automatically prevents duplicate items. |
| Utility | worker | Manage background workers for concurrent task processing. |
Slack integration
Slack tools (list_slack_channels, send_slack_message) require Slack integration configured in Nirmata Control Hub. No additional environment variables are needed once configured in NCH.
Extending with MCP
You can add more tools by connecting MCP servers. See the main nctl ai page for configuration.