proxxx

Appearance

Terminal cockpit for Proxmox VE & PBS.

A Rust TUI and CLI that talks to real Proxmox clusters. REST against PVE and PBS, SSH for the rest. No agent on the cluster.

Install in 60 s
5-min quickstart
GitHub
proxxx animated demo — a destructive command refused by the pre-flight risk gate, approved via Telegram HITL, then executed

One binary, four surfaces

CLI, TUI, MCP server (stdio + Streamable HTTP/SSE with server-sent cluster-event notifications), and a unified `daemon serve` mode in the same executable. Same risk gate, same HITL gate, same API client. The TUI is for interactive operations; the CLI is the same operations, scriptable, JSON-friendly, and CI-ready; the MCP surface is a deterministic 25-tool registry for LLM agents; the daemon folds alerts + HITL listener + interval scheduler into one SIGTERM-clean process.

No agent on the cluster

Direct REST against PVE (token or password) and PBS (token only), with typed error categories so callers match on the failure shape instead of grepping prose. SSH only for the paths PVE never exposed over REST — patch apply, full effective-permissions, per-guest interactive sessions, per-node journalctl tailing, GPU/IOMMU readiness probing.

Eight-stage commit gate, no skip flags

secret-shape scan, cargo fmt, cargo clippy --all-targets at deny tier, cargo audit against a pinned advisory policy, cargo deny check (license whitelist + banned crates + crates.io-only sources + wildcard ban), the full test suite (646 lib tests + 447 integration tests including ~25 proptest properties at 256 random cases each, ~6 400 invariant checks total), 67 read-only probes against a live cluster, and a full mutation lifecycle covering LXC, cluster-level CRUD across all 8 state families, QEMU, and opt-in QGA agent-required round-trips. Every commit on main passes locally and in CI.

Pre-flight risk gate plus HITL

11 risk variants — running, long-uptime, locked, HA-managed, tagged prod, active net traffic, listening on service, many snapshots, backup age warning, no backup found, deep-check skipped — refuse destructive operations on guests that look like production unless overridden explicitly. Above that, a real Telegram round-trip with deny-on-timeout for any op marked destructive by policy. The same gate fires on `state apply` for non-empty pool deletes, root-role ACL deletes, shared-storage removal, and batches ≥ 50.

GitOps loop for Proxmox

`proxxx state export` → `proxxx state diff` → `proxxx state apply` over eight state families — pools, ACL grants, cluster storage definitions, backup jobs, cluster firewall (options + aliases + IP sets + security groups), notification matchers, HA rules, and HA resources. Byte-stable TOML snapshots, structural diff with exit code 2 on drift (CI-gateable), and a converge step with `--dry-run`, `--prune`, `--continue-on-error`, `--allow-risk`, and `--interactive` per-Severe stdin prompts.

Incident lockdown

`proxxx incident freeze` raises a cluster-wide write kill-switch with TTL + audit log. Every `POST`/`PUT`/`DELETE` is refused with typed `FreezeRefusal` → exit code 8 until `proxxx incident thaw` or the TTL fires. Reads keep working. Designed for the "stop the bleeding" minute.

main · gate greenv0.7.4full mutation lifecycle · LXC + cluster + QEMU + QGA0 system deps · rustls onlyMIT

By the numbers

SurfaceToday
Source~66 KLOC Rust · ~16 KLOC tests · 646 lib tests + 447 integration tests (error-handling + resilience-chaos sweeps)
Quality gate8 stages · ~340–480 s wall time (live cluster path)
Live cluster coverage67 read probes + 34 mutation probes per gate run
Property testing~25 proptest properties × 256 random cases = ~6 400 invariant checks per cargo test
Mutation lifecycleLXC create→start→snapshot→stop→delete · cluster-level CRUD across all 8 state families (pools / ACL / storage-defs / backup-jobs / firewall-cluster / notifications / HA rules / HA resources) · QEMU 9998 from alpine ISO · opt-in QGA round-trips
Binary6–9 MB stripped depending on target · single static · no installer
Supply chaincargo audit --deny warnings + cargo deny check per push + nightly cron + CodeQL Rust SAST
System dependencies0 — rustls only, no native-tls, no openssl (banned in deny.toml)
MCP surface25-tool registry · stdio + HTTP · compile-time fixed · server-sent notifications/cluster-event over both transports
Exit code contract9 stable codes (0–8) — see exit-codes

A taste

bash
# Read the cluster
proxxx ls nodes
proxxx ls guests --format json | jq '.[] | select(.status == "running")'
proxxx ha preview --node pve1
proxxx hw conflicts --node pve1
proxxx perms root@pam --node pve1

# Operate it (with consent)
proxxx start 100 101 102
proxxx delete 100 --yes
proxxx migrate 100 pve2 --yes
proxxx snapshot create 100 --name pre-upgrade
proxxx snapshot rollback 100 --name pre-upgrade --yes
proxxx disk move 100 --disk scsi0 --storage ceph-rbd --yes
proxxx patch apply --reboot=auto --dry-run

# Hand off to a graphical client
proxxx ssh    100                       # interactive SSH into the guest (system ssh)
proxxx serial 100 --node pve1           # raw termproxy WebSocket
proxxx spice  100 --node pve1           # writes .vv (0600), launches remote-viewer
proxxx novnc  100 --node pve1           # opens browser to web UI's noVNC

# GitOps loop over 8 state families
# (pools / ACL / storage / backup-jobs / firewall-cluster / notifications / ha-rules / ha-resources)
proxxx state export > cluster.toml      # byte-stable TOML snapshot
proxxx state diff cluster.toml          # exit 2 if drift (CI-gateable)
proxxx state apply cluster.toml --dry-run
proxxx state apply cluster.toml --prune --interactive

# Incident lockdown (writes refused with exit 8 until thaw)
proxxx incident freeze --ttl 1h --reason "ceph osd flapping"
proxxx incident status
proxxx incident thaw

# Cross-cluster fanout (read-only)
proxxx ls guests --all-profiles --format json
proxxx find 100                          # which profile owns this vmid
proxxx describe --output llm-context     # paste at the top of an LLM chat

# Observability + chargeback
proxxx logs tail --service pveproxy --since "1h ago" --grep error
proxxx upgrade-check --target 9.x        # exit 1 on any block-severity finding
proxxx accounting --group-by pool --timeframe month
proxxx heatmap                           # per-node API RTT
proxxx anomaly                           # z-score outliers
proxxx backup-verify --max-age-days 7

# Drive it from an LLM
proxxx mcp serve                        # stdio JSON-RPC + cluster-event notifications
proxxx mcp serve-http --bind 127.0.0.1:8765   # HTTP/SSE + cluster-event notifications
proxxx mcp tools --checksum             # registry hash for audit

# Long-running daemon (alerts + HITL + scheduler under one SIGTERM)
proxxx daemon serve

What it is not

proxxx does not replace the Proxmox web UI. It is built for the workflows where the web UI is slow, repetitive, or unreachable from a terminal-only context. It does not render graphical SPICE or VNC frames — those hand off to remote-viewer and the system browser. It is not a Perl rewrite — when ground truth lives in pveum, proxxx shells out, parses, and stays out of the way.

Where to start

Released under the MIT License.

Copyright © 2026 Fabrizio Salmi