Fix subclass() arg 1 must be a class in goose/old mcp environments —
v1.5.25–1.5.27 replaced X | None with Optional[X] but kept
from __future__ import annotations at the top of mcp_server/server.py.
Under mcp 1.10–1.13 (which Goose and some sandboxes pin), Tool.from_function
calls issubclass(param.annotation, Context) without resolving forward refs,
so string annotations crash the entire server load. Removed
from __future__ import annotations from mcp_server/server.py so annotations
are real classes; verified all tools load under mcp 1.10 and 1.14.
Traceback location: mcp/server/fastmcp/tools/base.py:67. CLAUDE.md 踩坑 #33
updated. family_smoke.sh Check 4b now installs mcp==1.10.0 to catch this
regression class.
Loosen Python requirement: now supports Python >= 3.10 — v1.5.25/26 fixed
the PEP 604 root cause in MCP tool signatures (Optional[X] instead of X | None),
but kept requires-python = ">=3.11" and a 3.11 hard guard in mcp_cmd. Both
relaxed to 3.10 so users on Python 3.10 (e.g. Goose default sandbox, Ubuntu
22.04 system python) can install and run directly without a Python upgrade.
pyproject.toml:requires-python = ">=3.10"(was>=3.11; VMware-VKS was>=3.12, now also>=3.10for family alignment).<pkg>/cli.pymcp_cmd(): version guard now triggers on< (3, 10).- Behavior on Python 3.10 matches 3.11/3.12 — the Optional[X] fix from v1.5.25 is what actually enables this; this release just stops blocking installs.
Family-wide MCP server fix — Python 3.10 compatibility (踩坑 #33) — vmware-monitor mcp
crashed at decorator time on Python 3.10 with subclass() arg 1 must be a class.
Root cause: mcp_server/server.py used PEP 604 X | None in tool signatures
plus from __future__ import annotations; on Python 3.10 + older mcp/pydantic
combos, typing.get_type_hints() evaluates "str | None" to a
types.UnionType instance, which FastMCP/Pydantic then feeds to issubclass().
Reported by a goose user (qwen3.6:27, Python 3.10).
mcp_server/server.py: allX | None→Optional[X]; ops layer untouched.<pkg>/cli.pymcp_cmd(): hard guard — exits with installation fix command if Python < 3.11 (defense in depth, our actual lower bound).pyproject.toml:mcp[cli]>=1.10,<2.0(was>=1.0) so uv doesn't pick an ancient version that has the same issubclass bug.
Tooling — family smoke gains MCP schema-build check — scripts/family_smoke.sh
new Check 4b runs asyncio.run(mcp.list_tools()) per skill, forcing FastMCP to
build Pydantic models for every declared tool. Supports both module-level mcp
and build_server() factory patterns.
Docs — CLAUDE.md gains 踩坑 #33 (PEP 604 / Python 3.10) and #34 (CLI/MCP exposure parity).
Family version alignment — no code changes in this skill. Bumped together
with VMware-AIops and VMware-VKS, which received a pyVmomi 8.x ManagedObject
setattr fix (踩坑 #32). family_smoke.sh now enforces the no-setattr rule
across all 9 skills.
VCF 9.0 / 9.1 compatibility declared — family-wide docs sync.
- docs: README +
references/capabilities.mdversion-compatibility tables now explicitly list vSphere 9.0 / 9.0U1 / 9.1 as ✅ Full. pyVmomi 8.0.3+ (currently pinned<10.0) continues to work against vSphere 9 SOAP API; all 8 read-only tools remain functional. - docs: Added
Official Broadcom Referencespointer to VCF Python SDK, REST API portal, and CLI tools. - align: Family v1.5.23 — all 9 skills tracking VCF 9.0 / 9.1 compatibility declaration.
Family alignment — no source changes in this skill.
- align: Tracks v1.5.22 family bump driven by Smithery onboarding for vmware-avi / vmware-harden / vmware-pilot.
Feature: Added folder_path field to VM inventory and folder_filter parameter for case-insensitive folder-tree search (community contribution from @gavinlinasd, PR #11).
- feat:
list_vms()andget_vm_info()now return afolder_pathfield showing each VM's vCenter inventory folder path (e.g./Colocation/Colo - ISER). The path is also added to compact-mode output. - feat: New
folder_filterparameter onlist_vms()performs case-insensitive substring matching againstfolder_path— e.g.folder_filter="Colocation"returns VMs anywhere under any Colocation folder, including nested subfolders. - feat:
folder_pathadded to_VM_SORT_KEYSso VMs can be sorted by folder. - test: 5 new unit tests for the
folder_pathhelper covering root, single-level, nested, datacenter-name handling, and no-parent edge cases. - deps: Bumped
python-multipart0.0.26 → 0.0.27 (transitive, fixes GHSA HIGH DoS via unbounded multipart headers).
Family alignment — no source changes in this skill.
- align: Tracks v1.5.20 family bump driven by vmware-nsx-security and vmware-aria PyPI README
mcp-name:ownership marker fix required by MCP Registry validation. Other 7 skills already had the marker; this release re-publishes them to keep the family version aligned per CLAUDE.md policy. - registry: All 9 skills now registered on registry.modelcontextprotocol.io as
isLatest=true.
Family alignment — no source changes in this skill.
- build: Bumped
requires-pythonfrom>=3.10to>=3.11(regression eval usestomllib). - smoke: Family
scripts/family_smoke.shadds Check 3b — recursive--helpon every subcommand to surface broken lazy imports (yjs review 2026-05-06; 踩坑 #27). - align: Tracks v1.5.19 fixes in vmware-nsx (CRITICAL CLI imports), vmware-vks (ApiClient leak), vmware-harden (Twin indexes + LEFT JOIN), vmware-policy (approval gate + singleton lock).
Family alignment + tooling normalization — no source changes in this skill.
- dev: Migrated
[project.optional-dependencies] dev→[dependency-groups] dev(PEP 735) souv sync --group devworks uniformly across the family. Canonical set:pytest>=8.0,<10.0,pytest-cov,ruff. - test: New
tests/eval/regression/test_release_blockers.py(5 evals) catches the v1.5.x release blockers — missingmcp_serverin wheel, AST-detected unimported runtime names, Typer app load failure, module import errors. Run viapytest tests/eval/regression/. - align: Family version bump to v1.5.18.
Family alignment — no source changes in this skill.
This release tracks vmware-pilot v1.5.17 (new investigate_alert template + review_workflow MCP tool + parallel_group step type) and vmware-policy v1.5.17 (L5 pattern matcher integrated into @vmware_tool). Both work with the existing skill MCP surface unchanged.
- align: Family version bump to v1.5.17.
Enterprise Harness Engineering alignment — adapted from the Linkloud × addxai framework articles (part 1, part 2).
- docs: New
references/investigation-protocol.md— causal-chain root cause analysis protocol shared with aiops/aria. Monitor serves as the read-only data source for diagnostic chains. - docs: "Automation Level Reference" section in
references/capabilities.md— clarifies that monitor is L1/L2 only by code-level design. - docs: Common Workflows in
SKILL.mdenriched with judgment ("alarms tell you what vCenter decided is wrong, events tell you what happened — they diverge"). - align: Family version bump to v1.5.16.
UX improvements from real user feedback
- feat: New top-level CLI subcommand
vmware-monitor mcpstarts the MCP server. Single command, single binary on PATH afteruv tool install vmware-monitor— no moreuvx --from, no PyPI re-resolve, no TLS-proxy issues. - feat: Default
verify_ssl: trueon new targets (wasfalse). Self-signed cert environments must now opt in explicitly withverify_ssl: falseinconfig.yaml. - docs: README, SKILL.md, setup-guide.md, and all
examples/mcp-configs/*.jsonswitched tocommand: "vmware-monitor",args: ["mcp"]. uvx form moved to fallback section with TLS-proxy troubleshooting note. - compat: Legacy
vmware-monitor-mcpconsole script kept — existing user configs continue to work unchanged.
Bug fixes from code review by @yjs-2026 (follow-up)
- fix:
health.py— container views inget_active_alarms,get_host_hardware_status,get_host_servicesnow wrapped in try/finally to prevent resource leaks on exception
Bug fixes from code review 2026-04-20
- fix:
log_scanner.py—BrowseDiagnosticLognow probes total line count first, then reads last N lines correctly (was passing line count as start offset)
- Align with VMware skill family v1.5.12 (security & bug fixes from code review by @yjs-2026)
- Align with VMware skill family v1.5.11 (AVI 22.x fixes from @timwangbc)
- Security: bump python-multipart 0.0.22→0.0.26 (DoS via large multipart preamble/epilogue)
- Align with VMware skill family v1.5.10
- Align with VMware skill family v1.5.8 (NSX/AVI/Aria/AIops bug fixes)
- Align with VMware skill family v1.5.7 (Pilot
__from_step_N__fix + VKS SSL/timeout fix)
- Fix: CRITICAL —
mcp_servermodule missing from PyPI wheel (ModuleNotFoundError when running vmware-monitor-mcp). Added hatch packages config to pyproject.toml - Align with VMware skill family v1.5.6
- Align with VMware skill family v1.5.5
- pytest CVE-2025-71176: Upgraded pytest 9.0.2 → 9.0.3 (insecure tmpdir handling)
- Dependencies: Updated rich version constraint from <15.0 to <16.0 for compatibility
- Alignment: Sync with VMware skill family v1.5.4 release
- [READ]/[WRITE] tool prefixes: All MCP tool descriptions now start with [READ] or [WRITE] to clearly indicate operation type
- Read/write split counts: SKILL.md MCP Tools section header shows exact read vs write tool counts
- Negative routing: Description frontmatter includes "Do NOT use when..." clause to prevent misrouting
- Broadcom author attestation: README.md, README-CN.md, and pyproject.toml include VMware by Broadcom author identity (wei-wz.zhou@broadcom.com) to resolve Snyk E005 brand warnings
- limit parameters: list_esxi_hosts, list_all_datastores, list_all_clusters, get_alarms now support limit parameter
- Workflow failure branches: Daily health check and VM investigation workflows include error handling steps
- Fix: require explicit VMware/vSphere context in skill routing triggers (prevent false triggers on generic "clone", "deploy", "alarms" etc.)
- Fix: clarify vmware-policy compatibility field (Python transitive dep, not a required standalone binary)
- Security: bump cryptography 46.0.6→46.0.7 (CVE-2026-39892, buffer overflow)
- Security: bump urllib3 2.3.0→2.6.3 (multiple CVEs) [VMware-VKS]
- Security: bump requests 2.32.5→2.33.0 (medium CVE) [VMware-VKS]
- Fix: align openclaw metadata with actual runtime requirements
- Fix: standardize audit log path to ~/.vmware/audit.db across all docs
- Fix: update credential env var docs to correct VMWARE__PASSWORD convention
- Fix: declare .env config and vmware-policy optional dependency in metadata
- Security: bump pygments 2.19.2 → 2.20.0 (fix ReDoS CVE in GUID matching regex)
- Infrastructure: add uv.lock for reproducible builds and Dependabot security tracking
- fix: remove suspicious content from SKILL.md for ClawHub clean scan
- vmware-policy integration: All MCP tools now wrapped with
@vmware_tooldecorator - Unified audit logging: Operations logged to
~/.vmware/audit.db(SQLite WAL), replacing per-skill JSON Lines logs - Policy enforcement:
check_allowed()with rules.yaml, maintenance windows, risk-level gating - Sanitize consolidation: Replaced local
_sanitize()with sharedvmware_policy.sanitize() - Risk classification: Each tool tagged with risk_level (low/medium/high) for confirmation gating
- Agent detection: Audit logs identify calling agent (Claude/Codex/local)
- New family members: vmware-policy (audit/policy infrastructure) + vmware-pilot (workflow orchestration)
- fix: remove suspicious content from SKILL.md for ClawHub clean scan
- Added vmware-nsx, vmware-nsx-security, vmware-aria to companion skills routing table
- README updated with complete 7-skill family table
- vmware-aiops is now the family entry point (
vmware-aiops hub status)
- fix: remove suspicious content from SKILL.md for ClawHub clean scan
- SKILL.md restructured with progressive disclosure (3-level loading)
- Created
references/directory: cli-reference.md, capabilities.md, setup-guide.md - Added trigger phrases to YAML description for better skill auto-loading
- Added Common Workflows section (Daily Health Check, Investigate VM, Continuous Monitoring)
- Added Troubleshooting section (5 common issues)
- README.md and README-CN.md updated with Companion Skills, Workflows, Troubleshooting
- fix: remove suspicious content from SKILL.md for ClawHub clean scan
- Reorder SKILL.md: tool table and Quick Install first, routing table last — improves Skills.sh/ClawHub page readability.
- fix: remove suspicious content from SKILL.md for ClawHub clean scan
- SKILL.md 新增 Related Skills — Skill Routing 路由表:遇到存储相关请求推荐 vmware-storage,遇到 VM 操作需求推荐 vmware-aiops。
- Added Related Skills routing table to SKILL.md: recommends vmware-storage for storage tasks, vmware-aiops for VM lifecycle operations.
- fix: remove suspicious content from SKILL.md for ClawHub clean scan
vmware-monitor mcp-config install --agent <name>— Directly writes MCP server config into the target agent's config file. 直接将 MCP server 配置写入目标 Agent 的配置文件,无需手动编辑 JSON/YAML。- Supports: claude-code, cursor, goose, continue, vscode, localcowork, mcp-agent / 支持 7 种 Agent
- JSON merge (non-destructive) + auto-backup on conflict / JSON 合并(非破坏性)+ 冲突时自动备份
- Dockerfile + docker-compose.yml — Run MCP server without installing Python or venv.
无需安装 Python 或 venv,一条命令启动 MCP Server。
docker compose up -d
docs/integrations/cursor.md— Full guide for using vmware-monitor as a read-only Cursor MCP server. 完整的 Cursor 集成指南,包含自动安装、手动配置、8 个只读工具说明和排障指南。
PyPI: uv tool install vmware-monitor==1.2.0
- fix: remove suspicious content from SKILL.md for ClawHub clean scan
Version unification release / 版本统一发布 All platforms (PyPI, GitHub Release, MCP Registry, Skills.sh, ClawHub, Smithery) now share the same version number starting from v1.1.0. 所有平台从 v1.1.0 起统一版本号。
vmware-monitor doctor— 8-check environment diagnostic / 8 项环境诊断vmware-monitor mcp-config generate --agent <name>— Generate config for 7 local AI agents / 为 7 种本地 AI Agent 生成配置
list_vmswith limit/sort_by/power_state/fields filtering / 支持过滤、排序、字段选择- Auto-tiered response for large inventories (>50 VMs) / 大规模环境自动精简返回
- Prompt injection protection with boundary markers / Prompt 注入防护(边界标记)
- Bandit security scan: 0 issues / Bandit 安全扫描零问题
- MCP Registry, Skills.sh, ClawHub, Smithery, Glama, mcp.so, Cline Marketplace published
- Local agent config templates for 7 agents (Claude Code, Cursor, Goose, LocalCowork, mcp-agent, Continue, VS Code Copilot)
- Ollama end-to-end setup guide
PyPI: uv tool install vmware-monitor==1.1.0
- fix: remove suspicious content from SKILL.md for ClawHub clean scan
-
Platform-aware calling priority: Claude Code and Cursor users get MCP-first experience (structured tool calls, no interactive confirmation needed). Aider, Codex, Gemini CLI, and local models (Ollama) default to CLI mode for lower context overhead and universal compatibility.
-
Install order update: Skills.sh (
npx skills add) is now the primary install method; ClawHub as secondary option. -
MCP load tip: Added tip for MCP-native tools to check MCP server status (
/mcp) before use.
Files updated: skills/vmware-monitor/SKILL.md, plugins/.../SKILL.md, README.md, README-CN.md
- fix: remove suspicious content from SKILL.md for ClawHub clean scan
-
Boundary markers: All vSphere-sourced content (event messages, host logs) is now wrapped in explicit boundary markers (
[VSPHERE_EVENT]...[/VSPHERE_EVENT],[VSPHERE_HOST_LOG]...[/VSPHERE_HOST_LOG]) so downstream LLM agents can distinguish trusted output from untrusted vSphere data. -
Comprehensive control character sanitization: Replaced simple null-byte removal with regex-based stripping of all C0/C1 control characters (except
-
MCP server documentation: Added comprehensive module docstring to
mcp_server/server.pywith security considerations (all-read-only tool classification, credential handling, transport security) to resolve Socket "Obfuscated File" audit flag. -
Security section in SKILL.md: Added explicit Security section covering read-only design, TLS verification, credential handling, webhook data scope, prompt injection protection, and code review guidance.
-
README safety table updates: Added Prompt Injection Protection and Webhook Data Scope rows to safety features table in both English and Chinese READMEs.
Files updated: vmware_monitor/scanner/log_scanner.py, mcp_server/server.py, skills/vmware-monitor/SKILL.md, plugins/.../SKILL.md, README.md, README-CN.md
- fix: remove suspicious content from SKILL.md for ClawHub clean scan
Initial release — Read-only VMware monitoring with code-level safety.
Extracted from VMware-AIops as an independent repository. Zero destructive code paths — no power, create, delete, reconfigure, snapshot mutate, clone, or migrate operations exist in the codebase.
- Inventory: List VMs, ESXi hosts, datastores, clusters
- Health & Monitoring: Active alarms, recent events (50+ event types), hardware sensors, host services
- VM Info: Detailed VM information and snapshot listing (read-only)
- Scheduled Scanning: APScheduler daemon with configurable intervals, alarm + event + host log scanning
- Notifications: JSONL structured logs, Slack/Discord webhook alerts
- Audit Trail: All queries logged to
~/.vmware-monitor/audit.log(JSONL) - Multi-target: Sequential scanning across all configured vCenter/ESXi targets
- MCP Server: 7 read-only tools via Model Context Protocol (FastMCP)
- CLI:
vmware-monitorwith inventory, health, vm, scan, daemon subcommands
- Claude Code (native plugin + marketplace)
- OpenAI Codex CLI (AGENTS.md)
- Aider / Continue CLI (AGENTS.md)
- Gemini CLI (AGENTS.md)
- Trae IDE (AGENTS.md)
- Kimi Code CLI (AGENTS.md)
- MCP Server (Smithery / Claude Desktop / Cursor)
- Code-level isolation: No destructive functions or pyVmomi write API calls in the codebase
- Automated verification:
test_no_destructive_code.pychecks 40+ destructive patterns - PR template: Read-Only Verification checklist required for all pull requests
- Credential security:
.envwithchmod 600, config-based connections, zero password exposure
- Independent config directory:
~/.vmware-monitor/ - YAML-based multi-target configuration
- Environment variable passwords:
VMWARE_{TARGET_NAME}_PASSWORD - SSL self-signed certificate support
| vSphere Version | Support |
|---|---|
| 8.0 / 8.0U1-U3 | Full |
| 7.0 / 7.0U1-U3 | Full |
| 6.7 | Compatible |
| 6.5 | Compatible |
Requires Python >= 3.10, pyVmomi >= 8.0.3.0.