Back×

MCP TOOLS

10 tools your AI uses to actually know your codebase

Built-in tools that scan your real repo, your live packages, and your running architecture — so your AI works with what's actually there, not what it remembers or guesses.

get_project_context

Instant codebase snapshot. Your AI knows your stack before you type the first prompt.

Summarizes the repo’s stack and key integration points (auth, hosting, billing, queues) based on what’s actually present in code and config.

WHEN TO USE

  • You just opened a new repo
  • You need the stack + key entry points
  • You want a safe overview before changing code
View docs →

check_package

Real-time npm version check. Catches outdated packages and flags security risks before you install.

Checks if an npm package exists, returns installed vs latest version, flags postinstall script risk, and gives security summary.

WHEN TO USE

  • Before writing code with a package
  • Before running npm install
  • To verify a package is real
View docs →

audit_package

Full upgrade intelligence — breaking changes, CVEs, migration steps, and code examples before you touch a version number.

Deep package intelligence: breaking changes, security advisories, migration steps, and code examples. Use after check_package.

WHEN TO USE

  • Upgrading packages to latest version
  • Debugging version errors
  • Checking CVEs before deploying
  • Planning migrations
View docs →

explain_architecture

Traces how requests actually move through your system — auth, database, billing, rate limits. The map your AI needs before touching production code.

Explains how the system works end-to-end (auth, database, billing, rate limits), and points you to the request paths that matter most.

WHEN TO USE

  • You need a high-level mental model
  • You’re about to touch critical flows (auth/billing/limits)
  • You want to understand request → response paths end-to-end
View docs →

read_code

AST-level code reading. Your AI reads exact symbols and functions, not guesses, before suggesting changes.

A precise code reader. Give it a file and (optionally) a function/class name and it will show the exact implementation, plus imports and where it’s used across the codebase — without dumping the whole repo.

WHEN TO USE

  • You want to safely change a function/class
  • You need to see call sites and tests for a symbol
  • You want exact code context without noise
View docs →

find_code

Repo-wide search in under a second. Finds any function, class, or variable across the entire codebase.

A fast search tool for your entire repository. Use it to find TODOs, error messages, env vars, route names, or any pattern you’re trying to locate quickly.

WHEN TO USE

  • You need to find where something is implemented
  • You want to locate an error message or TODO
  • You’re hunting for a pattern across files
View docs →

audit_headers

HTTP and TLS security audit. Flags missing headers, weak configs, and exposure risks before they reach production.

Makes a raw HTTP/TLS connection to inspect what the server sends before the browser processes it — redirect chains, SSL certificate details, security header grades (A+ to F), and cookie flags.

WHEN TO USE

  • You need to check SSL/TLS configuration
  • You want to audit security headers (HSTS, CSP, etc.)
  • You need to check redirect chains
  • You want to analyze cookie security flags
View docs →

Zephex_dev_info

Pulls live content and metadata from any URL. Useful for checking docs, APIs, and third-party references in context.

Inspects a URL to extract clean, usable content (markdown/text) and metadata. Great for docs, blog posts, or API references without the clutter.

WHEN TO USE

  • You want to bring an external doc page into context
  • You need to compare two implementations
  • You want a clean summary of a long page
View docs →

scope_task

Minimum files needed for this task — no wasted reads, no bloated context, no missed dependencies.

Analyzes a coding task and returns the minimal set of files to read (max 7), existing utilities to reuse, and downstream callers at risk. Call this FIRST before reading files to avoid wasted effort.

WHEN TO USE

  • You're starting a new coding task and need to know what to read
  • You want to avoid reading irrelevant files
  • You need to know what utilities already exist to reuse
View docs →

thinking

Structured investigation mode. Nothing gets lost across long debugging sessions or high-risk changes.

A structured problem-solving session that tracks what you checked, what you concluded, and what to do next. Use it for complex debugging and risky changes where losing context mid-task breaks everything.

WHEN TO USE

  • You’re starting a multi-step investigation
  • You need to plan before changing code
  • You want self-verification for risky changes
View docs →
View API reference →