Community-maintained open-source project. Not affiliated with, endorsed by, or sponsored by Veeam Software. "Veeam" is a trademark of its owner. Source is publicly auditable under the MIT license.
Report privately via a GitHub Security Advisory on github.com/AIops-tools/Veeam-AIops or email zhouwei008@gmail.com. Please do not open public issues for security reports.
- Per-target passwords live in
~/.veeam-aiops/.env(chmod 600), never inconfig.yamland never in source. Variable pattern:VEEAM_<TARGET_NAME_UPPER>_PASSWORD. - Passwords are exchanged for a short-lived OAuth2 bearer token at connect time; the token is held only in memory (side-stored by connection id, never set as an attribute on the HTTP client). Secrets are never logged or echoed; the config file holds only host, port, username, and TLS settings.
Every MCP tool runs through the bundled @governed_tool harness
(veeam_aiops.governance):
- Audit — every call logged to a local SQLite DB under
~/.veeam-aiops/(relocatable viaVEEAM_AIOPS_HOME), agent-attributed, secret-redacted. - Token/runaway budget — hard ceilings (
VEEAM_MAX_TOOL_CALLS/VEEAM_MAX_TOOL_SECONDS) plus an on-by-default guard that trips a tight poll/retry loop, preventing unbounded API consumption (e.g. polling a slow session). - Graduated risk tiers —
~/.veeam-aiops/rules.yamlrisk_tiersgate writes by environment/tag; the highest tiers require a recorded approver. - Undo-token recording — reversible writes (job start/stop, enable/disable) record an inverse descriptor so a change can be rolled back.
job stop and restore start require double confirmation at the CLI layer and
support --dry-run. The VM restore is irreversible (overwrites/creates a VM),
tagged risk_level=high, and records no undo token.
verify_ssl defaults to true; disable only for self-signed lab certificates.
All Veeam-API-returned text (job names, session results, descriptions) is passed
through a sanitize() truncate + control-character strip before reaching the
agent.
No webhooks, no telemetry, no outbound calls beyond the configured Veeam B&R REST API endpoint. No post-install scripts or background services.
uvx bandit -r veeam_aiops/ mcp_server/
uv run ruff check .The latest released version receives security fixes. This is a preview (0.x); pin a version in production.