Type what you want to do. TucDesk translates it to a verified, auditable command.
Every natural language request moves through three deterministic stages before anything reaches an agent.
Parse
The intent parser extracts the action, target set, and arguments from your request — “restart nginx on all prod servers” becomes a structured plan with a confidence score. Low-confidence parses are rejected, never guessed.
Classify
The plan is scored against the risk model: LOW, MEDIUM, HIGH, or CRITICAL. Risk decides whether the command auto-executes, waits for confirmation, or requires a signed approval token.
Execute
Approved plans dispatch through the fleet executor with per-agent output, exit codes, and duration captured. Every run is bound to an access decision in the immutable audit log.
Risk classification is rule-based and auditable. The same tiers apply whether the request comes from an operator, the mobile app, or an AI client.
Auto-executes
Read-only and reversible commands run immediately after ACL evaluation. Results are still written to the audit log.
e.g. df -h, uptime, systemctl status
Needs confirm
Service-affecting commands pause for a one-tap confirmation from the requesting operator before dispatch.
e.g. systemctl restart, docker restart
Approval gate
Destructive commands require an explicit approval token bound to the exact command, target set, and expiry.
e.g. rm -rf, kill -9, database writes
Blocked by default
Fleet-endangering commands are refused unless an admin explicitly allowlists the pattern in policy.
e.g. mkfs, dd to block devices, shutdown of all agents
Natural language parsing is designed to run on hardware you control, with cloud inference as an explicit, optional fallback.
Ollama runs locally first
TucDesk routes NLC requests to a local Ollama model by default. Intent parsing for common operations never leaves your network — no tokens, no per-request pricing, no external dependency.
Cloud LLM is fallback
If the local model is unavailable or the request is too ambiguous, TucDesk can fall back to a configured cloud LLM. The fallback is opt-in, logged, and can be disabled entirely by policy.
History never trains models
Your command history is stored for audit and replay only. It is never used to train external models, and cloud fallback requests are sent with retention disabled.
Connect Claude, GPT, or any MCP client to the same governed fleet API. AI agents get bounded tools, not shell access.
- •list_agents — enumerate online machines with metadata
- •get_agent — fetch full agent record and security posture
- •connect_session — initiate an authenticated terminal session
- •run_command — execute a command with approval gate
- •list_sessions — recent session history with recordings
- •get_audit_log — tamper-evident action history
- •list_fleet_runs — parallel execution history
- •get_recording — retrieve session recording metadata
- •list_address_book — access controlled endpoint registry
- •get_security_posture — per-agent compliance snapshot
- •manage_acl — read/write access control policies
- •pair_agent — complete agent onboarding from MCP
{
"mcpServers": {
"tucdesk": {
"command": "npx",
"args": ["-y", "tucdesk-mcp"],
"env": {
"TUCDESK_API_URL": "https://api.tucdesk.app",
"TUCDESK_API_KEY": "tdk_..."
}
}
}
}█| Tool | Input parameters | Output shape | Scope |
|---|---|---|---|
list_agents | team_id, filters | agents[], online_count | agents:read |
get_agent | agent_id | agent, posture, tags | agents:read |
connect_session | agent_id, mode | session_id, consent_state | sessions:write |
run_command | agent_id/tag, command | run_id, risk, approval | fleet:execute |
list_sessions | cursor, limit | sessions[], next_cursor | sessions:read |
get_audit_log | actor, action, cursor | audit_entries[] | audit:read |
list_fleet_runs | tag, status | runs[] | fleet:read |
get_recording | recording_id | metadata, signed_url | recordings:read |
list_address_book | query | endpoints[] | address_book:read |
get_security_posture | agent_id | checks[], score | security:read |
manage_acl | policy_id, rule | policy, decision | acl:write |
pair_agent | pairing_key | agent_id, status | agents:write |
Every AI action is evaluated like a human operator action: identity → ACL → risk → approval → execution → audit. The model favors bounded tools, explicit target scope, and auditable decisions over autonomous shell access.
{
"mcpServers": {
"tucdesk": {
"command": "npx",
"args": ["-y", "tucdesk-mcp"],
"env": {
"TUCDESK_API_URL": "https://api.yourdomain.com",
"TUCDESK_API_KEY": "tdk_self_hosted_..."
}
}
}
}█The MCP Marketplace lets teams browse, enable, and configure integrations from a curated tool catalog. Custom tools can be published to an organization-private catalog with the same permission model as built-in tools.
Built-in tools
12 first-party tools covering agents, fleet, sessions, audit, ACL, and pairing.
Community catalog
Curated third-party integrations for monitoring platforms, ticketing systems, and CI/CD pipelines.
Private tools
Enterprise teams publish internal tools to their organization catalog — scoped, audited, and discoverable only within the workspace.
Give Claude control of your fleet — safely.
The TucDesk MCP server connects in minutes. Every AI action goes through the same ACL, approval gates, and audit chain as a human operator.
Works with Claude Desktop · GPT-4 · Any MCP client