VMware Monitor
English | 中文
Read-only VMware vCenter/ESXi monitoring tool. Code-level enforced safety — no destructive operations exist in this codebase.
Why a separate repository? VMware Monitor is fully independent from VMware-AIops. Safety is enforced at the code level: no power off, delete, create, reconfigure, snapshot-create/revert/delete, clone, or migrate functions exist in this codebase. Not just prompt constraints — zero destructive code paths.
Quick Install (Recommended)
Works with Claude Code, Cursor, Codex, Gemini CLI, Trae, and 30+ AI agents:
# Via Skills.sh
npx skills add zw008/VMware-Monitor
# Via ClawHub
clawhub install vmware-monitor
Claude Code Plugin Install
# Add marketplace
/plugin marketplace add zw008/VMware-Monitor
# Install plugin
/plugin install vmware-monitor
# Use the skill
/vmware-monitor:vmware-monitor
Capabilities (Read-Only)
Architecture
User (Natural Language)
↓
AI CLI Tool (Claude Code / Gemini / Codex / Aider / Continue / Trae / Kimi)
↓ Reads SKILL.md / AGENTS.md / rules
↓
vmware-monitor CLI (read-only)
↓ pyVmomi (vSphere SOAP API)
↓
vCenter Server ──→ ESXi Clusters ──→ VMs
or
ESXi Standalone ──→ VMs
Version Compatibility
| vSphere Version | Support | Notes |
|---|---|---|
| 8.0 / 8.0U1-U3 | ✅ Full | pyVmomi 8.0.3+ |
| 7.0 / 7.0U1-U3 | ✅ Full | All read-only APIs supported |
| 6.7 | ✅ Compatible | Backward-compatible, tested |
| 6.5 | ✅ Compatible | Backward-compatible, tested |
1. Inventory
| Feature | vCenter | ESXi | Details |
|---|---|---|---|
| List VMs | ✅ | ✅ | Name, power state, CPU, memory, guest OS, IP |
| List Hosts | ✅ | ⚠️ Self only | CPU cores, memory, ESXi version, VM count, uptime |
| List Datastores | ✅ | ✅ | Capacity, free/used, type (VMFS/NFS), usage % |
| List Clusters | ✅ | ❌ | Host count, DRS/HA status |
| List Networks | ✅ | ✅ | Network name, associated VM count |
2. Health & Monitoring
| Feature | vCenter | ESXi | Details |
|---|---|---|---|
| Active Alarms | ✅ | ✅ | Severity, alarm name, entity, timestamp |
| Event/Log Query | ✅ | ✅ | Filter by time range, severity; 50+ event types |
| Hardware Sensors | ✅ | ✅ | Temperature, voltage, fan status |
| Host Services | ✅ | ✅ | hostd, vpxa running/stopped status |
Monitored Event Types:
| Category | Events |
|---|---|
| VM Failures | VmFailedToPowerOnEvent, VmDiskFailedEvent, VmFailoverFailed |
| Host Issues | HostConnectionLostEvent, HostShutdownEvent, HostIpChangedEvent |
| Storage | DatastoreCapacityIncreasedEvent, SCSI high latency |
| HA/DRS | DasHostFailedEvent, DrsVmMigratedEvent, DrsSoftRuleViolationEvent |
| Auth | UserLoginSessionEvent, BadUsernameSessionEvent |
3. VM Info & Snapshot List (Read-Only)
| Feature | Details |
|---|---|
| VM Info | Name, power state, guest OS, CPU, memory, IP, VMware Tools, disks, NICs |
| Snapshot List | List existing snapshots with name and creation time (no create/revert/delete) |
4. Scheduled Scanning & Notifications
| Feature | Details |
|---|---|
| Daemon | APScheduler-based, configurable interval (default 15 min) |
| Multi-target Scan | Sequentially scan all configured vCenter/ESXi targets |
| Scan Content | Alarms + Events + Host logs (hostd, vmkernel, vpxd) |
| Log Analysis | Regex pattern matching: error, fail, critical, panic, timeout |
| Structured Log | JSONL output to ~/.vmware-monitor/scan.log |
| Webhook | Slack, Discord, or any HTTP endpoint |
| Daemon Management | daemon start/stop/status, PID file, graceful shutdown |
5. Safety Features
| Feature | Details |
|---|---|
| Code-Level Isolation | Independent repository — zero destructive functions in codebase |
| Audit Trail | All queries logged to ~/.vmware-monitor/audit.log (JSONL) |
| Password Protection | .env file loading with permission check (warn if not 600) |
| SSL Self-signed Support | disableSslCertValidation — only for ESXi with self-signed certs in isolated labs; production should use CA-signed certificates |
| Prompt Injection Protection | vSphere event messages and host logs are truncated, sanitized, and wrapped in boundary markers |
| Webhook Data Scope | Sends monitoring summaries to user-configured URLs only — no third-party services by default |
| Production Recommended | AI agents can misinterpret context and execute unintended destructive operations — real-world incidents have shown AI-driven tools deleting production databases and entire environments. VMware-Monitor eliminates this risk: no destructive code paths exist. Use VMware-AIops only in dev/lab environments |
What's NOT Included (By Design)
These operations do not exist in this repository:
- ❌ Power on/off, reset, suspend VMs
- ❌ Create, delete, reconfigure VMs
- ❌ Create, revert, delete snapshots
- ❌ Clone or migrate VMs
- ❌
_double_confirm,_show_state_preview,_validate_vm_params
For these operations, use the full VMware-AIops repository.
Supported AI Platforms
| Platform | Status | Config File | AI Model |
|---|---|---|---|
| Claude Code | ✅ Native Skill | skills/vmware-monitor/SKILL.md | Anthropic Claude |
| Gemini CLI | ✅ Extension | gemini-extension/GEMINI.md | Google Gemini |
| OpenAI Codex CLI | ✅ Skill + AGENTS.md | codex-skill/AGENTS.md | OpenAI GPT |
| Aider | ✅ Conventions | codex-skill/AGENTS.md | Any (cloud + local) |
| Continue CLI | ✅ Rules | codex-skill/AGENTS.md | Any (cloud + local) |
| Trae IDE | ✅ Rules | trae-rules/project_rules.md | Claude/DeepSeek/GPT-4o |
| Kimi Code CLI | ✅ Skill | kimi-skill/SKILL.md | Moonshot Kimi |
| MCP Server | ✅ MCP Protocol | mcp_server/ | Any MCP client |
| Python CLI | ✅ Standalone | N/A | N/A |
Platform Comparison
| Feature | Claude Code | Gemini CLI | Codex CLI | Aider | Continue | Trae IDE | Kimi CLI |
|---|---|---|---|---|---|---|---|
| Cloud AI | Anthropic | OpenAI | Any | Any | Multi | Moonshot | |
| Local models | — | — | — | Ollama | Ollama | — | — |
| Skill system | SKILL.md | Extension | SKILL.md | — | Rules | Rules | SKILL.md |
| MCP support | Native | Native | Via Skills | Third-party | Native | — | — |
| Free tier | — | 60 req/min | — | Self-hosted | Self-hosted | — | — |
MCP Server Integrations
The vmware-monitor MCP server works with any MCP-compatible agent or tool. Ready-to-use configuration templates are in examples/mcp-configs/. All 8 tools are read-only — code-level enforced safety.
| Agent / Tool | Local Model Support | Config Template |
|---|---|---|
| Goose | ✅ Ollama, LM Studio | goose.json |
| LocalCowork | ✅ Fully offline | localcowork.json |
| mcp-agent | ✅ Ollama, vLLM | mcp-agent.yaml |
| VS Code Copilot | — | .vscode/mcp.json |
| Cursor | — | cursor.json |
| Continue | ✅ Ollama | continue.yaml |
| Claude Code | — | claude-code.json |
Fully local operation (no cloud API required):
# Aider + Ollama + vmware-monitor (via AGENTS.md)
aider --conventions codex-skill/AGENTS.md --model ollama/qwen2.5-coder:32b
# Any MCP agent + local model + vmware-monitor MCP server
# See examples/mcp-configs/ for your agent's config format
Installation
Step 0: Prerequisites
# Python 3.10+ required
python3 --version
# Node.js 18+ required for Gemini CLI and Codex CLI
node --version
Step 1: Clone & Install Python Backend
git clone https://github.com/zw008/VMware-Monitor.git
cd VMware-Monitor
python3 -m venv .venv
source .venv/bin/activate
pip install -e .
Step 2: Configure
mkdir -p ~/.vmware-monitor
cp config.example.yaml ~/.vmware-monitor/config.yaml
# Edit config.yaml with your vCenter/ESXi targets
Set passwords via .env file (recommended):
cp .env.example ~/.vmware-monitor/.env
chmod 600 ~/.vmware-monitor/.env
# Edit and fill in your passwords
Security note: Prefer
.envfile over command-lineexportto avoid passwords appearing in shell history.config.yamlstores only hostnames, ports, and a reference to the.envfile — it does not contain passwords or tokens. All secrets are stored exclusively in.env(chmod 600). Webhook notifications are disabled by default; when enabled, payloads contain no credentials, IPs, or PII — only aggregated alert metadata sent to user-configured URLs only. We recommend using a least-privilege read-only vCenter service account.
Password environment variable naming convention:
VMWARE_{TARGET_NAME_UPPER}_PASSWORD
# Replace hyphens with underscores, UPPERCASE
# Example: target "home-esxi" → VMWARE_HOME_ESXI_PASSWORD
# Example: target "prod-vcenter" → VMWARE_PROD_VCENTER_PASSWORD
Step 3: Connect Your AI Tool
Choose one (or more) of the following:
Option A: Claude Code (Marketplace)
Method 1: Marketplace (recommended)
In Claude Code, run:
/plugin marketplace add zw008/VMware-Monitor
/plugin install vmware-monitor
Then use:
/vmware-monitor:vmware-monitor
> Show me all VMs on esxi-lab.example.com
Method 2: Local install
# Clone and symlink
git clone https://github.com/zw008/VMware-Monitor.git
ln -sf $(pwd)/VMware-Monitor ~/.claude/plugins/marketplaces/vmware-monitor
# Register marketplace
python3 -c "
import json, pathlib
f = pathlib.Path.home() / '.claude/plugins/known_marketplaces.json'
d = json.loads(f.read_text()) if f.exists() else {}
d['vmware-monitor'] = {
'source': {'source': 'github', 'repo': 'zw008/VMware-Monitor'},
'installLocation': str(pathlib.Path.home() / '.claude/plugins/marketplaces/vmware-monitor')
}
f.write_text(json.dumps(d, indent=2))
"
# Enable plugin
python3 -c "
import json, pathlib
f = pathlib.Path.home() / '.claude/settings.json'
d = json.loads(f.read_text()) if f.exists() else {}
d.setdefault('enabledPlugins', {})['vmware-monitor@vmware-monitor'] = True
f.write_text(json.dumps(d, indent=2))
"
Restart Claude Code, then:
/vmware-monitor:vmware-monitor
Option B: Gemini CLI
# Install Gemini CLI
npm install -g @google/gemini-cli
# Install the extension from the cloned repo
gemini extensions install ./gemini-extension
# Or install directly from GitHub
# gemini extensions install https://github.com/zw008/VMware-Monitor
Then start Gemini CLI:
gemini
> Show me all VMs on my ESXi host
Option C: OpenAI Codex CLI
# Install Codex CLI
npm i -g @openai/codex
# Or on macOS:
# brew install --cask codex
# Copy skill to Codex skills directory
mkdir -p ~/.codex/skills/vmware-monitor
cp codex-skill/SKILL.md ~/.codex/skills/vmware-monitor/SKILL.md
# Copy AGENTS.md to project root
cp codex-skill/AGENTS.md ./AGENTS.md
Then start Codex CLI:
codex --enable skills
> List all VMs on my ESXi
Option D: Aider (supports local models)
# Install Aider
pip install aider-chat
# Install Ollama for local models (optional)
# macOS:
brew install ollama
ollama pull qwen2.5-coder:32b
# Run with cloud API
aider --conventions codex-skill/AGENTS.md
# Or with local model via Ollama
aider --conventions codex-skill/AGENTS.md \
--model ollama/qwen2.5-coder:32b
Option E: Continue CLI (supports local models)
# Install Continue CLI
npm i -g @continuedev/cli
# Copy rules file
mkdir -p .continue/rules
cp codex-skill/AGENTS.md .continue/rules/vmware-monitor.md
Configure ~/.continue/config.yaml for local model:
models:
- name: local-coder
provider: ollama
model: qwen2.5-coder:32b
Then:
cn
> Check ESXi health and alarms
Option F: Trae IDE
Copy the rules file to your project's .trae/rules/ directory:
mkdir -p .trae/rules
cp trae-rules/project_rules.md .trae/rules/project_rules.md
Trae IDE's Builder Mode reads .trae/rules/ Markdown files at startup.
Note: You can also install Claude Code extension in Trae IDE and use
.claude/skills/format directly.
Option G: Kimi Code CLI
# Copy skill file to Kimi skills directory
mkdir -p ~/.kimi/skills/vmware-monitor
cp kimi-skill/SKILL.md ~/.kimi/skills/vmware-monitor/SKILL.md
Option H: MCP Server (Smithery / Glama / Claude Desktop)
The MCP server exposes VMware read-only monitoring as tools via the Model Context Protocol. Works with any MCP-compatible client (Claude Desktop, Cursor, etc.).
# Run directly
python -m mcp_server
# Or via the installed entry point
vmware-monitor-mcp
# With a custom config path
VMWARE_MONITOR_CONFIG=/path/to/config.yaml python -m mcp_server
Claude Desktop config (claude_desktop_config.json):
{
"mcpServers": {
"vmware-monitor": {
"command": "python",
"args": ["-m", "mcp_server"],
"env": {
"VMWARE_MONITOR_CONFIG": "/path/to/config.yaml"
}
}
}
}
Install via Smithery:
npx -y @smithery/cli install @zw008/VMware-Monitor --client claude
Option I: Standalone CLI (no AI)
# Already installed in Step 1
source .venv/bin/activate
vmware-monitor inventory vms --target home-esxi
vmware-monitor health alarms --target home-esxi
vmware-monitor vm info my-vm --target home-esxi
Update / Upgrade
Already installed? Re-run the install command for your channel to get the latest version:
| Install Channel | Update Command |
|---|---|
| ClawHub | clawhub install vmware-monitor |
| Skills.sh | npx skills add zw008/VMware-Monitor |
| Claude Code Plugin | /plugin marketplace add zw008/VMware-Monitor |
| Git clone | cd VMware-Monitor && git pull origin main && uv pip install -e . |
| uv | uv tool install vmware-monitor --force |
Check your current version: vmware-monitor --version
Chinese Cloud Models
For users in China who prefer domestic cloud APIs or have limited access to overseas services.
DeepSeek
export DEEPSEEK_API_KEY="your-key"
aider --conventions codex-skill/AGENTS.md \
--model deepseek/deepseek-coder
Qwen (Alibaba Cloud)
export DASHSCOPE_API_KEY="your-key"
aider --conventions codex-skill/AGENTS.md \
--model qwen/qwen-coder-plus
Local Models (Aider + Ollama)
For fully offline operation — no cloud API, no internet, full privacy.
brew install ollama
ollama pull qwen2.5-coder:32b
ollama serve
aider --conventions codex-skill/AGENTS.md \
--model ollama/qwen2.5-coder:32b
CLI Reference
# Inventory
vmware-monitor inventory vms [--target <name>]
vmware-monitor inventory hosts [--target <name>]
vmware-monitor inventory datastores [--target <name>]
vmware-monitor inventory clusters [--target <name>]
# Health
vmware-monitor health alarms [--target <name>]
vmware-monitor health events [--hours 24] [--severity warning]
# VM Info (read-only)
vmware-monitor vm info <vm-name>
vmware-monitor vm snapshot-list <vm-name>
# Scanning & Daemon
vmware-monitor scan now [--target <name>]
vmware-monitor daemon start
vmware-monitor daemon stop
vmware-monitor daemon status
Configuration
See config.example.yaml for all options.
| Section | Key | Default | Description |
|---|---|---|---|
| targets | name | — | Friendly name |
| targets | host | — | vCenter/ESXi hostname or IP |
| targets | type | vcenter | vcenter or esxi |
| targets | port | 443 | Connection port |
| targets | verify_ssl | false | SSL certificate verification |
| scanner | interval_minutes | 15 | Scan frequency |
| scanner | severity_threshold | warning | Min severity: critical/warning/info |
| scanner | lookback_hours | 1 | How far back to scan |
| notify | log_file | ~/.vmware-monitor/scan.log | JSONL log output |
| notify | webhook_url | — | Webhook endpoint (Slack, Discord, etc.) |
Project Structure
VMware-Monitor/
├── .claude-plugin/ # Claude Code marketplace manifest
│ └── marketplace.json
├── plugins/ # Claude Code plugin
│ └── vmware-monitor/
│ ├── .claude-plugin/
│ │ └── plugin.json
│ └── skills/
│ └── vmware-monitor/
│ └── SKILL.md # Read-only monitoring skill
├── skills/ # Skills index (npx skills add)
│ └── vmware-monitor/
│ └── SKILL.md
├── vmware_monitor/ # Python backend (read-only only)
│ ├── config.py # YAML + .env config
│ ├── connection.py # Multi-target pyVmomi
│ ├── cli.py # Typer CLI (read-only commands only)
│ ├── ops/
│ │ ├── inventory.py # VMs, hosts, datastores, clusters
│ │ ├── health.py # Alarms, events, sensors
│ │ └── vm_info.py # VM info, snapshot list (read-only)
│ ├── scanner/ # Log scanning daemon
│ └── notify/ # Notifications (JSONL + webhook)
├── gemini-extension/ # Gemini CLI extension
│ ├── gemini-extension.json
│ └── GEMINI.md
├── codex-skill/ # Codex + Aider + Continue
│ ├── SKILL.md
│ └── AGENTS.md
├── trae-rules/ # Trae IDE rules
│ └── project_rules.md
├── kimi-skill/ # Kimi Code CLI skill
│ └── SKILL.md
├── mcp_server/ # MCP server (read-only tools only)
│ └── server.py
├── .agents/skills/ # Agent orchestration
│ └── vmware-monitor/
│ └── AGENTS.md
├── smithery.yaml # Smithery marketplace config
├── RELEASE_NOTES.md
├── config.example.yaml
└── pyproject.toml
Related Projects
| Repository | Description | Install |
|---|---|---|
| VMware-Monitor (this repo) | Read-only monitoring — code-level safety | clawhub install vmware-monitor |
| VMware-AIops | Full operations — monitoring + VM lifecycle | clawhub install vmware-aiops |
Choosing between them: Use VMware-Monitor if you only need read-only monitoring with zero risk of accidental changes. Use VMware-AIops if you need full operations (create, delete, power, snapshot, clone, migrate).
Troubleshooting & Contributing
If you encounter any errors or issues, please send the error message, logs, or screenshots to zhouwei008@gmail.com. Contributions are welcome!
License
MIT