High-risk tools in OmniWire

Chrome DevTools Protocol — persistent headless browser via Docker container. Navigate, screenshot, HTML, PDF, cookies, evaluate JS, click, type, wait, network intercept, set-coo...

Manage cron jobs on a node. List, add, or remove scheduled tasks.

OmniMesh — built-in WireGuard mesh network manager. Create, manage, and monitor a full-mesh or hub-spoke WireGuard VPN across all nodes and any OS (Linux/Windows/macOS). Actions...

Trigger immediate full reconciliation of all tool configs.

In-session command shortcuts. Set short aliases for long commands, then run them by alias name on any node.

Run multiple commands in a single tool call. Supports chaining (sequential with {{prev}} interpolation), abort-on-fail, store_as, and JSON output. Use this to reduce agentic rou...

Execute a command on all online mesh nodes simultaneously.

Full Docker container lifecycle management. Actions: compose-up, compose-down, build, push, logs, ps, prune, stats, inspect.

Run docker commands on a node. Default: contabo.

Execute a command on a mesh node. Set background=true for async. Set via_vpn to route through VPN (Mullvad/OpenVPN/WireGuard) for anonymous scanning. Supports retry, assert, JSO...

Run git commands on a repository on any node.

Run a comprehensive health check across all nodes. Returns structured per-node status with connectivity, disk, memory, load, and service checks. Single tool call replaces 4+ ind...

Cross-node log search and aggregation. Run grep/journalctl across all nodes in parallel, merge results with node prefix. Actions: search, tail, count.

Execute a multi-step pipeline across nodes. Each step can depend on previous step output. Steps run sequentially on potentially different nodes. Pipeline aborts on first failure...

HTTP/SOCKS proxy management on mesh nodes. Start HTTP proxies, SOCKS tunnels via SSH -D, or socat TCP forwarders. Actions: start, stop, status, list.

Execute a multi-line script on a node. The script is written to a temp file and executed, keeping tool call display compact. Use this instead of omniwire_exec for Python scripts...

Run a sequence of commands in a persistent shell session (preserves cwd, env vars).

Saved command templates on a node. Save reusable snippets with {{var}} placeholders, then run them with variable substitution.

Define and execute a named workflow (DAG of steps) that can be reused. Workflows are stored on disk and can be triggered by any agent. Supports conditional steps, fan-out/fan-in...

Dispatch a task to a specific node for background execution and retrieve results later. Creates a task file on the node, runs it in background, and provides a task ID for pollin...

Node performance benchmarking. CPU, memory, disk I/O, and network throughput. Actions: cpu, memory, disk, network, all.

TLS certificate management. List, issue via certbot, renew, check expiry, inspect cert details, or generate self-signed certs.

Firewall engine for mesh nodes. Hardens external-facing security while keeping mesh traffic at full speed. Uses nftables (zero-copy, kernel-level). Mesh interfaces (wg0, wg1, ta...

Kernel-level operations: dmesg, sysctl, modprobe, lsmod, strace, perf.

Expose localhost-bound services to the entire WireGuard/Tailscale mesh. Makes any 127.0.0.1 service reachable from all mesh nodes via socat forwarding on the node\

Auto-expose all localhost services across the mesh with a single command. Discovers localhost-only services on all nodes and creates bidirectional socat forwarders so every mesh...

Network diagnostics: ping, traceroute, dns lookup, open ports, bandwidth test.

Distributed locking / semaphore for multi-agent coordination. Prevents race conditions when multiple agents operate on the same resource. Uses atomic file-based locks on mesh no...

Control systemd services on a node.

Capture streaming command output (for tail -f, watch, etc.) for a limited duration.

Sync Claude Code hooks (hooks/*) bi-directionally across all mesh nodes.

Distributed task queue for agent swarms. Producers enqueue tasks, consumer agents dequeue and process them. Supports priorities, deadlines, and result reporting. Core A2A work d...

Poll a command until a condition is met or timeout. Useful for waiting on deployments, services starting, builds completing. Returns when the assert pattern matches stdout.

DNS management on mesh nodes. Resolve hostnames, switch DNS servers, flush caches, manage /etc/hosts entries.

Install a package on a node via apt, npm, or pip.

Open a URL in a browser. Default: thinkpad (has GPU + display).

Create SSH port forward tunnels to mesh nodes. Supports mesh-wide exposure: any tunnel can be made accessible to all mesh nodes via wg0 binding. Actions: create, list, close, me...

Distributed cron scheduling with failover. Stores schedule JSON, writes crontab entries on preferred node, supports fallback nodes. Actions: add, remove, list, run-now, history.

Scrape web pages using Scrapling via OmniMesh. Modes: http (TLS-spoofed, ~200ms), browser (Playwright JS rendering), stealth (Camoufox + Cloudflare Turnstile bypass). Auto-insta...

Check for updates, self-update OmniWire, manage auto-updates, and push updates to all mesh nodes. Sources: npm + GitHub releases.

Manage VPN on mesh nodes (Mullvad/OpenVPN/WireGuard/Tailscale). Mesh-safe: split-tunnel or namespace isolation. Mullvad advanced: multi-hop, DAITA, quantum-resistant tunnels, DN...