Was this page helpful?
Every tool explained: what it does, when your AI agent uses it, and a real example of how it helps. All 10 tools are available immediately after connecting any supported editor.
WHAT IT DOES
Reads your entire project in one call — framework, package manager, dependencies, scripts, env vars, monorepo workspaces, path aliases, and config files. Returns a structured snapshot that replaces manually reading 10+ files.
WHEN IT IS USED
Start of any conversation, before making changes, when you need to know the stack
EXAMPLE
Ask your agent: "What framework is this project using?" or "How do I run the tests?" — it calls this tool automatically.
WHAT IT DOES
AST-based code extraction with three modes: symbol (get a function by name), file (batch-read multiple files), and outline (structural table of contents). Returns only what you need, saving tokens.
WHEN IT IS USED
You need to see a specific function, class, or file without loading everything
EXAMPLE
Ask: "Show me the validateToken function" — it finds and returns just that function's implementation.
WHAT IT DOES
BM25-ranked search with AST-aware context. Returns matches with the enclosing function or class body, not just raw lines. Supports literal, regex, and boolean queries.
WHEN IT IS USED
You need to find where something is defined, used, or imported
EXAMPLE
Ask: "Where is the Stripe webhook handler?" — it searches your codebase and returns ranked results with full context.
WHAT IT DOES
Generates Mermaid diagrams showing auth flows, data flows, service boundaries, external integrations, and dependency graphs. Detects patterns, anti-patterns, and complexity hotspots.
WHEN IT IS USED
You need to understand how a system works before making changes
EXAMPLE
Ask: "How does authentication work in this project?" — it traces the auth flow and generates a sequence diagram.
WHAT IT DOES
Given a plain-English task description, returns the minimal set of files to read and edit, with roles (contains_target, imports_target, tests), risk assessment, and caller impact analysis.
WHEN IT IS USED
Before starting a coding task, to know exactly which files to touch
EXAMPLE
Ask: "What files do I need to change to add rate limiting to the API?" — it returns a focused file list with risk levels.
WHAT IT DOES
Live registry lookup: version status, supply-chain attack signals (postinstall hooks, typosquat risk), maintainer count, weekly downloads, license, and install footprint. Covers npm, pypi, cargo, go, maven, and more.
WHEN IT IS USED
Before installing a dependency, or when reviewing a PR that adds one
EXAMPLE
Ask: "Is this package safe to install?" — it checks the registry and reports any red flags.
WHAT IT DOES
Deep analysis: breaking changes between versions, CVE list with CVSS scores, official migration steps, deprecated APIs, peer-dependency conflicts, and Node/runtime compatibility.
WHEN IT IS USED
Upgrading a dependency, investigating a CVE, or planning a migration
EXAMPLE
Ask: "What breaks if I upgrade Next.js from 15 to 16?" — it returns every breaking change with migration steps.
WHAT IT DOES
Curated knowledge base covering database schemas (Stripe, Supabase, Postgres), security (CSP, CORS, OWASP, JWT), frontend (Next.js, React, Tailwind), auth (OAuth, refresh tokens), backend (Docker, AWS), and mobile (Android, iOS, Expo).
WHEN IT IS USED
You need expert guidance on implementation patterns
EXAMPLE
Ask: "How should I structure my Supabase RLS policies?" — it returns expert guidance with code examples.
WHAT IT DOES
Grades a URL's security posture: CSP, HSTS, TLS certificate, cookies (Secure/HttpOnly/SameSite), redirect chains, and CORS. Returns A+ to F grade with copy-paste fix snippets for Nginx, Vercel, Cloudflare, and more.
WHEN IT IS USED
After deploying, or when checking if a site is production-ready
EXAMPLE
Ask: "Is my production site secure?" with a URL — it audits headers and tells you exactly what to fix.
WHAT IT DOES
Persistent reasoning session that tracks hypotheses, observations, conclusions, and what was ruled out. Prevents circular debugging, detects endless loops, and anchors to the original goal.
WHEN IT IS USED
Complex bugs, multi-system problems, high-risk changes, or planning before coding
EXAMPLE
Ask: "I keep going in circles debugging this — help me think through it step by step."
For detailed parameter documentation and advanced usage, see the Tool Reference. To connect your editor and start using these tools, follow the Quickstart.