7.7 KiB
7.7 KiB
Nexus MCP - Tool inventory
A complete reference of every service and tool currently registered in the Nexus MCP server. Sorted alphabetically by service, then by tool name within each service.
Active Directory
Shard: identity | Status: 🟢 Green (NEXUS-017)
| Tool | Description |
|---|---|
ad_get_disabled_accounts |
Returns all disabled user accounts in Active Directory. |
ad_get_group_members |
Returns all members of an AD group by its distinguished name. |
ad_get_stale_accounts |
Returns active AD accounts with no recorded login activity within a configurable number of days (default: 90). |
ad_get_user |
Looks up a single AD user by their sAMAccountName (login name) and returns a normalized user object. |
ad_get_user_by_email |
Looks up a single AD user by their email address and returns a normalized user object. |
ad_list_groups |
Lists all security and distribution groups in Active Directory. |
ad_search_users |
Searches AD users by display name or sAMAccountName fragment and returns a list of normalized user objects. |
Audit (cross-system)
Shard: audit + main.py | Status: 🟢 Green
| Tool | Description |
|---|---|
nexus_audit_recent |
Returns the last n entries from the Nexus-MCP SOC 2 structured audit log. Each entry includes tool name, shard, action category, redacted argument summary, status, and latency. |
nexus_audit_stats |
Returns aggregate statistics over the entire audit log, including total call count, status breakdown, shard breakdown, top-10 tools by call volume, and recent errors. |
scan_department_mismatches |
Detects workers whose department in Workday differs from their department attribute in Active Directory. Severity: MEDIUM. |
scan_job_title_drift |
Detects workers whose job title in Workday differs from their title attribute in Active Directory. Severity: MEDIUM. |
scan_name_variance_mismatches |
Detects AD display names that do not align with the legal or preferred name stored in Workday. Severity: LOW. |
scan_status_reconciliation |
Detects workers who are terminated in Workday but still have an enabled account in Active Directory. Severity: HIGH. |
BMC Helix (ITSM)
Shard: itsm | Status: 🔴 Red (Planned)
| Tool | Description |
|---|---|
helix_get_incident |
Retrieves full details for a single Helix incident ticket by its Entry ID (e.g. INC0001234). |
helix_get_problem |
Retrieves a Helix problem investigation record by its problem ID (e.g. PRB0000456). |
helix_list_changes |
Lists change requests from BMC Helix with optional status filter (e.g. Draft, Scheduled, In Progress). |
helix_list_cmdb_assets |
Lists hardware assets registered in the BMC Helix CMDB. |
helix_list_incidents |
Lists incidents from BMC Helix ITSM with optional filters for status and assignee. |
helix_search_cmdb |
Searches the BMC Helix CMDB for configuration items (CIs) matching a name fragment. |
FedEx
Shard: logistics | Status: 🔴 Red (Planned — credentials pending)
| Tool | Description |
|---|---|
fedex_get_rates |
Returns available FedEx shipping service options and rates between two postal codes for a given package weight. |
fedex_get_shipment_events |
Returns the full ordered list of scan events (location, timestamp, description) for a single FedEx tracking number. |
fedex_track_multiple |
Tracks up to 30 FedEx shipments in a single API call and returns tracking results for each. |
fedex_track_shipment |
Tracks a single FedEx shipment by tracking number and returns full tracking details including current status and estimated delivery. |
fedex_validate_address |
Validates a shipping address against the FedEx Address Validation API and returns the classification and resolved address. |
Microsoft Entra ID
Shard: identity | Status: 🟢 Green (NEXUS-017)
| Tool | Description |
|---|---|
entra_get_conditional_access_policies |
Lists all Conditional Access policies configured in the Entra ID tenant. |
entra_get_group_members |
Lists members of an Entra ID group by its object ID. |
entra_get_risky_users |
Lists users currently flagged as risky by Entra ID Identity Protection. Requires IdentityRiskyUser.Read.All Graph permission. |
entra_get_signin_logs |
Retrieves recent sign-in log entries from Entra ID, ordered by most recent. Requires AuditLog.Read.All Graph permission. |
entra_get_user |
Retrieves a single Entra ID user by object ID or UPN and returns a normalized user object. |
entra_list_groups |
Lists all groups in the Microsoft Entra ID tenant. |
entra_list_service_principals |
Lists service principals (app registrations and enterprise applications) registered in Entra ID. |
entra_list_users |
Lists users in Microsoft Entra ID and returns normalized user objects. |
Microsoft Intune
Shard: assets | Status: 🔴 Red (Planned)
| Tool | Description |
|---|---|
intune_get_autopilot_devices |
Lists all Windows Autopilot device registrations in Intune. |
intune_get_managed_device |
Retrieves full details for a single Intune managed device by its device ID or device name. |
intune_get_noncompliant_devices |
Returns all Intune-managed devices currently in a non-compliant state. |
intune_list_apps |
Lists managed applications deployed through Intune mobile app management. |
intune_list_compliance_policies |
Lists the device compliance policies configured in Intune. |
intune_list_configuration_profiles |
Lists the device configuration profiles configured in Intune. |
intune_list_managed_devices |
Lists all devices enrolled in Microsoft Intune with key health and compliance attributes. |
Lansweeper
Shard: assets | Status: 🔴 Red (Planned)
| Tool | Description |
|---|---|
lansweeper_get_asset |
Retrieves full inventory details for a single Lansweeper asset by its asset ID. |
lansweeper_get_software |
Lists all installed software (name, version, publisher) on a given Lansweeper asset. |
lansweeper_list_assets |
Lists assets from Lansweeper with optional filtering by asset type (e.g. Windows, Linux, Network Device). |
lansweeper_search_assets |
Searches Lansweeper assets by name, IP address, or serial number fragment and returns matching records. |
Workday
Shard: workday | Status: 🟡 Yellow (NEXUS-009)
| Tool | Description |
|---|---|
workday_find_worker_by_email |
Finds a Workday worker record by their primary work email address. |
workday_get_compensation |
Retrieves compensation details (grade, salary band) for a worker by their Workday ID. |
workday_get_worker |
Retrieves full details for a single Workday worker by their Workday worker ID. |
workday_list_organizations |
Lists supervisory organisations in the Workday tenant. |
workday_list_positions |
Lists open and filled positions in Workday HCM. |
workday_list_workers |
Lists workers from Workday HCM with support for pagination via limit and offset. |
workday_run_raas_report |
Executes a Workday Report-as-a-Service (RaaS) custom report by path and returns the result rows. |
Summary
| Service | Shard | Status | Tool count |
|---|---|---|---|
| Active Directory | identity |
🟢 Green | 7 |
| Audit (cross-system) | audit / main.py |
🟢 Green | 6 |
| BMC Helix (ITSM) | itsm |
🔴 Planned | 6 |
| FedEx | logistics |
🔴 Planned | 5 |
| Microsoft Entra ID | identity |
🟢 Green | 8 |
| Microsoft Intune | assets |
🔴 Planned | 7 |
| Lansweeper | assets |
🔴 Planned | 4 |
| Workday | workday |
🟡 In progress | 7 |
| Total | 50 |
Generated: 2026-04-14 | Source: nexus-mcp/src/shards/ + nexus-mcp/src/main.py