Install
openclaw skills install @zw008/veeam-aiopsVeeam Aiops
Use this skill whenever the user needs to operate Veeam Backup & Replication — list/inspect backup jobs, start/stop jobs, enable/disable jobs, list restore points and start a VM restore, list backup repositories and stored backups, and poll async sessions for job/restore progress. Always use this skill for "list veeam jobs", "run veeam backup", "start veeam job", "veeam restore", "veeam repository", "veeam backup status", or "veeam session" when the context is explicitly Veeam / Veeam Backup & Replication / VBR. Do NOT use when the target is not Veeam Backup & Replication (other backup products, hypervisor lifecycle, or cloud providers are out of scope). Preview — common Veeam B&R operations with a built-in governance harness (audit, policy, token budget, undo, risk-tiers).
Veeam AIops (preview)
Disclaimer: This is a community-maintained open-source project and is not affiliated with, endorsed by, or sponsored by Veeam Software. "Veeam" is a trademark of its owner. Source code is publicly auditable at github.com/AIops-tools/Veeam-AIops under the MIT license.
Governed Veeam Backup & Replication operations — 12 MCP tools, every one wrapped with the bundled @governed_tool harness: a local unified audit log under ~/.veeam-aiops/, policy engine, token/runaway budget guard, undo-token recording, and graduated-autonomy risk tiers.
Standalone: the governance harness is bundled in the package (
veeam_aiops.governance) — veeam-aiops has no external skill-family dependency. Preview: common Veeam operations, not yet exhaustive.
What This Skill Does
| Category | Tools | Count | Read or Write |
|---|---|---|---|
| Backup Jobs | list, get, start, stop, enable, disable | 6 | 2 read / 4 write |
| Restore | list restore points, start VM restore | 2 | 1 read / 1 write |
| Repositories | list repositories | 1 | 1 read |
| Backups | list stored backups | 1 | 1 read |
| Sessions | list, get (poll async progress) | 2 | 2 read |
Quick Install
uv tool install veeam-aiops
veeam-aiops doctor
When to Use This Skill
- List/inspect Veeam backup jobs and their last result
- Start or stop a backup job on demand
- Enable or disable a job's schedule
- List available restore points and start a VM restore
- List backup repositories and stored backups
- Poll async sessions to follow job/restore progress
Do NOT use when the target is not Veeam Backup & Replication (other backup products, hypervisor VM lifecycle, Kubernetes, or cloud providers are out of scope for this skill).
Related Skills — Skill Routing
| If the user wants… | Use |
|---|---|
| Veeam backup jobs / restore / repositories | veeam-aiops (this skill) |
| Hypervisor VM lifecycle (power, snapshot, migrate) | a hypervisor ops skill |
| Container/cluster lifecycle | a cluster ops skill |
Common Workflows
Run a backup job and follow it to completion
veeam-aiops job list→ find the job id and confirmlastResultveeam-aiops job start <job_id>→ starts the job (records an inversejob_stopundo descriptor)veeam-aiops session list→ find the running session;veeam-aiops session get <session_id>→ checkstate/progressPercent- Failure branch: if
session getshows the sessionFailed, inspectresult, then re-runjob startafter fixing the cause — do not loopsession getrapidly (the runaway budget guard will trip a tight poll loop).
Restore a VM from a restore point
veeam-aiops restore list-points→ identify the correct restore point idveeam-aiops restore start --restore-point-id <id> --dry-run→ preview the exact API callveeam-aiops restore start --restore-point-id <id>→ double confirmation required; this is IRREVERSIBLE (overwrites/creates a VM) and records no undo token- Failure branch: if
doctorshows the VBR server unreachable or the password env var is missing, fix~/.veeam-aiops/.env(chmod 600) before retrying — the restore is never issued against an unauthenticated session.
Usage Mode
| Scenario | Recommended | Why |
|---|---|---|
| Local/small models (Ollama, Qwen) | CLI | fewer tokens than MCP |
| Cloud models (Claude, GPT) | Either | MCP gives structured JSON I/O |
| Automated pipelines | MCP | type-safe parameters, audited |
MCP Tools (12 — 8 read, 4 write)
| Category | Tools | R/W |
|---|---|---|
| Backup Jobs | job_list, job_get | Read |
job_start, job_stop, job_enable, job_disable | Write | |
| Restore | restore_list_points | Read |
start_vm_restore | Write | |
| Repositories | repository_list | Read |
| Backups | backup_list | Read |
| Sessions | session_list, session_get | Read |
Harness features that light up: write tools with a clean inverse (job_start↔job_stop, job_enable↔job_disable) pass an undo= lambda so the harness records an inverse descriptor (with _undo_id) to the undo store. The irreversible start_vm_restore declares no undo and is tagged risk_level=high. All 12 tools are audit-logged under ~/.veeam-aiops/ and pass through the policy pre-check + budget/runaway guard + graduated risk-tier gate. Veeam jobs/restores run as async sessions — poll with session_get instead of re-issuing (the runaway breaker backs this up).
CLI Quick Reference
veeam-aiops job list [--target <t>]
veeam-aiops job get <job_id>
veeam-aiops job start <job_id>
veeam-aiops job stop <job_id> [--dry-run] # double confirm
veeam-aiops job enable <job_id>
veeam-aiops job disable <job_id>
veeam-aiops restore list-points
veeam-aiops restore start --restore-point-id <id> [--dry-run] # double confirm
veeam-aiops repository list
veeam-aiops session list
veeam-aiops session get <session_id>
veeam-aiops backup list
veeam-aiops doctor
veeam-aiops mcp # start MCP server (stdio)
See references/cli-reference.md for the full command list.
Troubleshooting
"Config file not found"
Create ~/.veeam-aiops/config.yaml with a targets: list (see README), and put passwords in ~/.veeam-aiops/.env (chmod 600).
"Password not found. Set environment variable: VEEAM__PASSWORD"
Each target needs a per-target password env var. For target vbr-lab, set VEEAM_VBR_LAB_PASSWORD=<password> in .env.
"Authentication/authorization failed (401)"
The username/password is wrong, or the account lacks a Veeam role. Veeam usernames are typically DOMAIN\\user or a local Windows account on the VBR server. Confirm the account can log in to the Veeam console.
"Could not reach Veeam server … check the host/port"
The default REST API port is 9419 — confirm the Veeam Backup & Replication REST API service is running and the port is open. For self-signed certificates set verify_ssl: false on the target (lab only).
"Resource not found (404)"
The job/session/restore-point id is stale. List the parent collection first (job list, session list, restore list-points) to get a current id.
Audit & Safety
All operations are automatically audited via the bundled @governed_tool decorator (veeam_aiops.governance):
- Every tool call logged to
~/.veeam-aiops/audit.db(local SQLite audit DB; relocate withVEEAM_AIOPS_HOME) - Policy rules enforced via
~/.veeam-aiops/rules.yaml(deny rules, maintenance windows, risk tiers) - Budget / runaway guard caps cumulative tool calls and wall-time, and trips on tight session-poll/retry loops
- Undo store records inverse descriptors for reversible writes (job start/stop, enable/disable)
- Graduated-autonomy risk tiers gate write operations (require a recorded approver for the highest tiers)
The harness is bundled in the package — no external dependency, no manual setup. See references/setup-guide.md for security details.