Complete Toolset Matrix (100+ Functions)
This reference provides an exhaustive list of the functions available to the Perseus agent. Each function is an atomic execution primitive designed for ground-truth verification and surgical precision.| Capability Area | Function Name | Windows | Linux | macOS | Description |
|---|---|---|---|---|---|
| System Info | get_host_info | ✔️ | ✔️ | ✔️ | OS, hostname, architecture, uptime. |
get_performance_info | ✔️ | ✔️ | ✔️ | CPU, RAM, Disk usage metrics. | |
get_cpu_cores_info | ✔️ | ✔️ | ✔️ | Per-core usage and frequency. | |
get_component_temperatures | ✔️ | ✔️ | ✔️ | Hardware thermal diagnostics. | |
is_elevated | ✔️ | ✔️ | ✔️ | Admin/Root privilege check. | |
get_current_user | ✔️ | ✔️ | ✔️ | Currently logged-in interactive user. | |
get_disk_drives | ✔️ | ✔️ | ✔️ | Physical/Logical drive enumeration. | |
get_system_uptime | ✔️ | ✔️ | ✔️ | High-precision uptime measurement. | |
| Process | list_all_processes | ✔️ | ✔️ | ✔️ | Enumeration of all running processes. |
get_process_details(pid) | ✔️ | ✔️ | ✔️ | Deep dive into a specific process. | |
kill_process(pid) | ✔️ | ✔️ | ✔️ | Forced process termination. | |
find_process_by_name | ✔️ | ✔️ | ✔️ | Regex/Pattern match for processes. | |
get_process_tree | ✔️ | ✔️ | ✔️ | Parent-child relationship visualization. | |
get_process_threads | ✔️ | ✔️ | ✔️ | Enumerate threads within a process. | |
get_process_memory_map | ✔️ | ✔️ | ✔️ | RAM regions mapping (Forensics). | |
suspend_process(pid) | ✔️ | ✔️ | ✔️ | Pause process execution. | |
resume_process(pid) | ✔️ | ✔️ | ✔️ | Re-activate suspended process. | |
| Execution | execute_cmd | ✔️ | ✔️ | ✔️ | Single-line shell execution. |
execute_powershell_line | ✔️ | ✔️ | ✔️ | Single-line bash/pwsh execution. | |
execute_cmd_multiline | ✔️ | ✔️ | ✔️ | Sequential batch execution. | |
execute_powershell_multiline | ✔️ | ✔️ | ✔️ | Full script execution with error handling. | |
| Filesystem | list_directory(path) | ✔️ | ✔️ | ✔️ | Metadata-rich file listing. |
get_file_metadata(path) | ✔️ | ✔️ | ✔️ | Hash, size, and timestamp audit. | |
search_files | ✔️ | ✔️ | ✔️ | Recursive wildcard searching. | |
read_file_content | ✔️ | ✔️ | ✔️ | Size-limited secure content reading. | |
delete_file | ✔️ | ✔️ | ✔️ | Surgical deletion from disk. | |
create_directory | ✔️ | ✔️ | ✔️ | Directory creation. | |
copy_file / move_file | ✔️ | ✔️ | ✔️ | Standard file manipulation. | |
analyze_disk_usage | ✔️ | ✔️ | ✔️ | Disk space/utilization analysis. | |
get_file_hash(algo) | ✔️ | ✔️ | ✔️ | MD5/SHA-256 integrity check. | |
| Forensics | query_events | ✔️ | - | - | Windows Event Log querying. |
get_security_events | ✔️ | - | - | Failed logins and audits. | |
get_system_events | ✔️ | - | - | Kernel/Driver message extraction. | |
list_event_logs | ✔️ | - | - | Channel enumeration. | |
journalctl_query | - | ✔️ | - | Native systemd log interface. | |
oslog_query | - | - | ✔️ | Apple Unified Logging query. | |
search_events_by_text | ✔️ | ✔️ | ✔️ | Universal log searching. | |
get_log_stats | ✔️ | ✔️ | ✔️ | Size and utilization metrics. | |
| Registry | read_registry_key | ✔️ | - | - | List all values in a hive. |
read_registry_value | ✔️ | - | - | Read SZ/DWORD/Binary value. | |
write_registry_string | ✔️ | - | - | Create/Overwrite string value. | |
write_registry_dword | ✔️ | - | - | Create/Overwrite numeric value. | |
delete_registry_value | ✔️ | - | - | Remove specific value. | |
delete_registry_key | ✔️ | - | - | Recursive key tree deletion. | |
get_security_keys | ✔️ | - | - | Audit security-critical paths. | |
| Services | list_services | ✔️ | ✔️ | ✔️ | Service/Daemon/Launchd enumeration. |
get_service_details | ✔️ | ✔️ | ✔️ | Deep dive into service state. | |
start_service / stop_service | ✔️ | ✔️ | ✔️ | Initialization and halting. | |
restart_service | ✔️ | ✔️ | ✔️ | Graceful restart with verification. | |
enable_service / disable_service | ✔️ | ✔️ | ✔️ | Boot-time configuration. | |
| Identity | list_local_users | ✔️ | ✔️ | ✔️ | Enumerate all identities. |
get_user_details | ✔️ | ✔️ | ✔️ | Full account metadata. | |
list_active_sessions | ✔️ | ✔️ | ✔️ | Logged-in interactive users. | |
get_admin_users | ✔️ | ✔️ | ✔️ | Root/Admin identity audit. | |
check_user_privileges | ✔️ | ✔️ | ✔️ | Granular privilege check. | |
list_local_groups | ✔️ | ✔️ | ✔️ | Enumerate system groups. | |
get_group_details | ✔️ | ✔️ | ✔️ | Group membership and metadata. | |
| Network | list_network_interfaces | ✔️ | ✔️ | ✔️ | IPs and link state analysis. |
get_network_connections | ✔️ | ✔️ | ✔️ | Socket audit (TCP/UDP + PID). | |
get_listening_ports | ✔️ | ✔️ | ✔️ | Open port/Service binding audit. | |
ping_host / trace_route | ✔️ | ✔️ | ✔️ | Path connectivity diagnostics. | |
test_connectivity | ✔️ | ✔️ | ✔️ | Bulk host validation. | |
| Patching | windows_update_list | ✔️ | - | - | Patch discovery via WUA. |
windows_update_download | ✔️ | - | - | Async KB background download. | |
windows_update_install | ✔️ | - | - | Async KB installation. | |
windows_update_status | ✔️ | - | - | Task polling and progress. | |
windows_update_history | ✔️ | - | - | Installation audit. | |
windows_update_reboot | ✔️ | - | - | Pending reboot check. | |
wsus_config_server | ✔️ | - | - | Point to specific update server. | |
wsus_sync_catalog | ✔️ | - | - | Trigger manual catalog sync. | |
wsus_client_report | ✔️ | - | - | Immediate status reporting. | |
wsus_target_group | ✔️ | - | - | Update targeting assignment. | |
wsus_approval_workflow | ✔️ | - | - | Patch approval automation. | |
wsus_health_check | ✔️ | - | - | Storage and connection audit. |
Technical Guardrails
Every tool listed above adheres to the Perseus Ground Truth Policy:- Deterministic Output: No hallucinations. If the OS returns an error, the AI reports the error.
- Safety Timeouts: Default 120s timeout for all operations to prevent system hangs.
- Encrypted Return: All data travels through the AES-256-GCM secure channel from device to cloud.
- Resource Throttling: Operations are throttled to ensure < 1% CPU impact on the host system.
Comprehensive Coverage: This list covers the foundational primitives for Perseus. Specialized sub-agents (like the Windows Update Specialist) use these primitives to orchestrate complex maintenance windows.