Was this page helpful?
Individual tools are useful. Combined in sequence, they become powerful. This page shows real workflows for common development tasks — the exact tool order that experienced users follow.
Most tasks follow one of these patterns. Your AI editor calls tools automatically based on context, but understanding the patterns helps you guide it.
| Pattern | Tool sequence | When to use |
|---|---|---|
| Scope → Read → Act | scope_task → read_code → (your edit) | Bug fixes, small features |
| Context → Architecture → Scope | get_project_context → explain_architecture → scope_task | Onboarding, large features |
| Find → Read → Think | find_code → read_code → keep_thinking | Debugging, root cause analysis |
| Audit → Find → Fix | audit_headers / check_package → find_code → read_code | Security reviews |
| Context → Scope → Read | get_project_context → scope_task → read_code | First time touching a codebase |
Goal:Find and fix a bug you can describe but haven't located yet.
Cost: ~5 requests (within Free tier for simple bugs)
Step 1: scope_task "fix the 500 error on /api/users endpoint" → Returns: 4 files to focus on, callers at risk Step 2: read_code (mode: symbol) target: "getUserHandler" → Returns: full function body with the bug Step 3: find_code query: "getUserHandler" scope: "usages" → Returns: all call sites that might be affected Step 4: keep_thinking "The handler doesn't check for null user..." → Structured reasoning, hypothesis tracking Step 5: read_code (mode: file) files: ["src/tests/users.test.ts"] → Read existing tests to understand expected behaviorWhy this order works: scope_task narrows from the entire codebase to 3-8 files. read_code extracts the exact function. find_code shows blast radius. keep_thinking structures your fix hypothesis before you write code.
Goal: Audit a deployed URL and its source code for security issues.
Cost: ~5 requests
Step 1: audit_headers url: "https://your-app.com" → Returns: header grades, missing CSP, HSTS status Step 2: find_code query: "cors" OR "Access-Control" → Returns: where CORS is configured Step 3: read_code target: "corsMiddleware" → Returns: full CORS config to review Step 4: check_package package: "helmet" → Returns: version status, CVEs, supply-chain signals Step 5: Zephex_dev_info query: "CSP best practices Next.js" → Returns: expert guidance with code snippetsWhy this order works: audit_headers checks what the server actually returns (not what you think it returns). find_code locates the config. read_code shows the implementation. check_package verifies dependencies. Zephex_dev_info provides expert fix guidance.
Goal: Understand a new codebase well enough to make your first contribution.
Cost: ~5 requests
Step 1: get_project_context → Returns: framework, package manager, scripts, env vars, entry points, dependencies Step 2: explain_architecture focus: "full", mode: "overview" → Returns: service diagram, data flow, entry points, external dependencies Step 3: explain_architecture focus: "auth", mode: "deep" → Returns: auth flow sequence diagram, session handling, middleware chain Step 4: read_code (mode: outline) files: ["src/app/layout.tsx"] → Returns: structural TOC of the main layout Step 5: scope_task "add a new API endpoint for /api/teams" → Returns: which files to create/modify, existing patterns to followWhy this order works: get_project_context gives you the 30-second overview (stack, commands, entry points). explain_architecture produces a visual diagram of how services connect. Then you drill into the specific area you need to modify.
| Workflow | Typical requests | Sessions/mo (Free) | Sessions/mo (Pro) |
|---|---|---|---|
| Bug fix (simple) | 3-5 | 60-100 | 700-1,166 |
| Bug fix (complex) | 8-12 | 25-37 | 291-437 |
| Security audit | 5-8 | 37-60 | 437-700 |
| Codebase onboarding | 5-7 | 42-60 | 500-700 |
| Feature planning | 4-6 | 50-75 | 583-875 |
| Code review | 3-5 | 60-100 | 700-1,166 |
| Package upgrade check | 2-3 | 100-150 | 1,166-1,750 |
These are estimates based on typical usage. Complex tasks with many files may use more. The dashboard shows exact usage in real time.
| Your question | Best tool | Why |
|---|---|---|
| What is this project? | get_project_context | Returns stack, commands, deps in one call |
| How does X work? | explain_architecture | Produces diagrams and traces data flow |
| Where is X defined? | find_code | BM25-ranked search across all files |
| Show me the code for X | read_code | AST-based extraction of specific symbols |
| What files do I need to change? | scope_task | Returns minimal file set with roles |
| Is this package safe? | check_package | Registry lookup, CVE check, supply-chain signals |
| How do I upgrade X? | audit_package | Breaking changes, migration steps, CVE details |
| Is this URL secure? | audit_headers | Live header audit with fix snippets |
| How should I approach this? | keep_thinking | Structured reasoning with hypothesis tracking |
| Best practice for X? | Zephex_dev_info | Expert knowledge base with code examples |