Back

MCP TOOLS

Ten tools your AI actually uses while it codes.

Each one reads your real repo, your live packages, and your running architecture — so the suggestions you get back are grounded in your code, not generic guesses.

get_project_context

Instant codebase snapshot. Your AI knows your stack before you type the first prompt.

Summarizes the repo’s stack and key integration points (auth, hosting, billing, queues) based on what’s actually present in code and config.

WHEN TO USE

  • You just opened a new repo
  • You need the stack + key entry points
  • You want a safe overview before changing code
View docs →

check_package

Reads your project, checks every package against the live registry, and tells you what's safe, what's outdated, and what's risky — before you ship.

Analyzes your codebase, understands what you have installed, then checks each package against the live npm registry — version status, security flags, maintenance health, and supply-chain risk.

WHEN TO USE

  • Before installing a new package
  • Before upgrading to a new version
  • To verify a package isn't a typosquat or abandoned
View docs →

audit_package

Full upgrade intelligence — breaking changes, CVEs, migration steps, and code examples before you touch a version number.

Deep package intelligence: breaking changes, security advisories, migration steps, and code examples. Use after check_package.

WHEN TO USE

  • Upgrading packages to latest version
  • Debugging version errors
  • Checking CVEs before deploying
  • Planning migrations
View docs →

explain_architecture

Traces how requests actually move through your system — auth, database, billing, rate limits. The map your AI needs before touching production code.

Explains how the system works end-to-end (auth, database, billing, rate limits), and points you to the request paths that matter most.

WHEN TO USE

  • You need a high-level mental model
  • You’re about to touch critical flows (auth/billing/limits)
  • You want to understand request → response paths end-to-end
View docs →

read_code

AST-level code reading. Your AI reads exact symbols and functions, not guesses, before suggesting changes.

A precise code reader. Give it a file and (optionally) a function/class name and it will show the exact implementation, plus imports and where it’s used across the codebase — without dumping the whole repo.

WHEN TO USE

  • You want to safely change a function/class
  • You need to see call sites and tests for a symbol
  • You want exact code context without noise
View docs →

find_code

Repo-wide search in under a second. Finds any function, class, or variable across the entire codebase.

A fast search tool for your entire repository. Use it to find TODOs, error messages, env vars, route names, or any pattern you’re trying to locate quickly.

WHEN TO USE

  • You need to find where something is implemented
  • You want to locate an error message or TODO
  • You’re hunting for a pattern across files
View docs →

audit_headers

HTTP and TLS security audit. Flags missing headers, weak configs, and exposure risks before they reach production.

Makes a raw HTTP/TLS connection to inspect what the server sends before the browser processes it — redirect chains, SSL certificate details, security header grades (A+ to F), and cookie flags.

WHEN TO USE

  • You need to check SSL/TLS configuration
  • You want to audit security headers (HSTS, CSP, etc.)
  • You need to check redirect chains
  • You want to analyze cookie security flags
View docs →

Zephex_dev_info

Expert developer knowledge base (search + get) for architecture, security, auth, frontend, backend, DB schemas, and deployment patterns.

Searchable expert knowledge base by Zephex. Use when you need authoritative, non-hallucinated patterns for auth, security headers, DB schemas, Next.js/React, Stripe, Supabase, deployment, etc. Two operations: search first with a query, then get by the returned slug.

WHEN TO USE

  • You need authoritative patterns for auth, security, schemas, or deployment in the covered domains.
  • An agent workflow requires expert guidance on specific tech (Supabase RLS, Stripe webhooks, Next.js 16 app router, etc.).
  • Before implementing security or integration patterns where the KB has vetted examples.
View docs →

scope_task

Minimum files needed for this task — no wasted reads, no bloated context, no missed dependencies.

Analyzes a coding task and returns the minimal set of files to read (max 7), existing utilities to reuse, and downstream callers at risk. Call this FIRST before reading files to avoid wasted effort.

WHEN TO USE

  • You're starting a new coding task and need to know what to read
  • You want to avoid reading irrelevant files
  • You need to know what utilities already exist to reuse
View docs →

keep_thinking

Structured investigation mode. Nothing gets lost across long debugging sessions or high-risk changes.

A structured problem-solving session that tracks what you checked, what you concluded, and what to do next. Use it for complex debugging and risky changes where losing context mid-task breaks everything.

WHEN TO USE

  • You’re starting a multi-step investigation
  • You need to plan before changing code
  • You want self-verification for risky changes
View docs →
View API reference →