MCP TOOLS

10 tools your AI uses to actually know your codebase

Built-in tools that scan your real repo, your live packages, and your running architecture — so your AI works with what's actually there, not what it remembers or guesses.

get_project_context

Instant codebase snapshot. Your AI knows your stack before you type the first prompt.

Summarizes the repo’s stack and key integration points (auth, hosting, billing, queues) based on what’s actually present in code and config.

WHEN TO USE

You just opened a new repo
You need the stack + key entry points
You want a safe overview before changing code

View docs →

check_package

Real-time npm version check. Catches outdated packages and flags security risks before you install.

Checks if an npm package exists, returns installed vs latest version, flags postinstall script risk, and gives security summary.

WHEN TO USE

Before writing code with a package
Before running npm install
To verify a package is real

View docs →

audit_package

Full upgrade intelligence — breaking changes, CVEs, migration steps, and code examples before you touch a version number.

Deep package intelligence: breaking changes, security advisories, migration steps, and code examples. Use after check_package.

WHEN TO USE

Upgrading packages to latest version
Debugging version errors
Checking CVEs before deploying
Planning migrations

View docs →

explain_architecture

Traces how requests actually move through your system — auth, database, billing, rate limits. The map your AI needs before touching production code.

Explains how the system works end-to-end (auth, database, billing, rate limits), and points you to the request paths that matter most.

WHEN TO USE

You need a high-level mental model
You’re about to touch critical flows (auth/billing/limits)
You want to understand request → response paths end-to-end

View docs →

read_code

AST-level code reading. Your AI reads exact symbols and functions, not guesses, before suggesting changes.

A precise code reader. Give it a file and (optionally) a function/class name and it will show the exact implementation, plus imports and where it’s used across the codebase — without dumping the whole repo.

WHEN TO USE

You want to safely change a function/class
You need to see call sites and tests for a symbol
You want exact code context without noise

View docs →

find_code

Repo-wide search in under a second. Finds any function, class, or variable across the entire codebase.

A fast search tool for your entire repository. Use it to find TODOs, error messages, env vars, route names, or any pattern you’re trying to locate quickly.

WHEN TO USE

You need to find where something is implemented
You want to locate an error message or TODO
You’re hunting for a pattern across files

View docs →

audit_headers

HTTP and TLS security audit. Flags missing headers, weak configs, and exposure risks before they reach production.

Makes a raw HTTP/TLS connection to inspect what the server sends before the browser processes it — redirect chains, SSL certificate details, security header grades (A+ to F), and cookie flags.

WHEN TO USE

You need to check SSL/TLS configuration
You want to audit security headers (HSTS, CSP, etc.)
You need to check redirect chains
You want to analyze cookie security flags

View docs →

inspect_url

Pulls live content and metadata from any URL. Useful for checking docs, APIs, and third-party references in context.

Inspects a URL to extract clean, usable content (markdown/text) and metadata. Great for docs, blog posts, or API references without the clutter.

WHEN TO USE

You want to bring an external doc page into context
You need to compare two implementations
You want a clean summary of a long page

View docs →

scope_task

Minimum files needed for this task — no wasted reads, no bloated context, no missed dependencies.

Analyzes a coding task and returns the minimal set of files to read (max 7), existing utilities to reuse, and downstream callers at risk. Call this FIRST before reading files to avoid wasted effort.

WHEN TO USE

You're starting a new coding task and need to know what to read
You want to avoid reading irrelevant files
You need to know what utilities already exist to reuse

View docs →

thinking

Structured investigation mode. Nothing gets lost across long debugging sessions or high-risk changes.

A structured problem-solving session that tracks what you checked, what you concluded, and what to do next. Use it for complex debugging and risky changes where losing context mid-task breaks everything.

WHEN TO USE

You’re starting a multi-step investigation
You need to plan before changing code
You want self-verification for risky changes

View docs →

View API reference →

MCP TOOLS

10 tools your AI uses to actually know your codebase

Built-in tools that scan your real repo, your live packages, and your running architecture — so your AI works with what's actually there, not what it remembers or guesses.

get_project_context

Instant codebase snapshot. Your AI knows your stack before you type the first prompt.

Summarizes the repo’s stack and key integration points (auth, hosting, billing, queues) based on what’s actually present in code and config.

WHEN TO USE

You just opened a new repo
You need the stack + key entry points
You want a safe overview before changing code

View docs →

check_package

Real-time npm version check. Catches outdated packages and flags security risks before you install.

Checks if an npm package exists, returns installed vs latest version, flags postinstall script risk, and gives security summary.

WHEN TO USE

Before writing code with a package
Before running npm install
To verify a package is real

View docs →

audit_package

Full upgrade intelligence — breaking changes, CVEs, migration steps, and code examples before you touch a version number.

Deep package intelligence: breaking changes, security advisories, migration steps, and code examples. Use after check_package.

WHEN TO USE

Upgrading packages to latest version
Debugging version errors
Checking CVEs before deploying
Planning migrations

View docs →

explain_architecture

Traces how requests actually move through your system — auth, database, billing, rate limits. The map your AI needs before touching production code.

Explains how the system works end-to-end (auth, database, billing, rate limits), and points you to the request paths that matter most.

WHEN TO USE

You need a high-level mental model
You’re about to touch critical flows (auth/billing/limits)
You want to understand request → response paths end-to-end

View docs →

read_code

AST-level code reading. Your AI reads exact symbols and functions, not guesses, before suggesting changes.

WHEN TO USE

You want to safely change a function/class
You need to see call sites and tests for a symbol
You want exact code context without noise

View docs →

find_code

Repo-wide search in under a second. Finds any function, class, or variable across the entire codebase.

A fast search tool for your entire repository. Use it to find TODOs, error messages, env vars, route names, or any pattern you’re trying to locate quickly.

WHEN TO USE

You need to find where something is implemented
You want to locate an error message or TODO
You’re hunting for a pattern across files

View docs →

audit_headers

HTTP and TLS security audit. Flags missing headers, weak configs, and exposure risks before they reach production.

Makes a raw HTTP/TLS connection to inspect what the server sends before the browser processes it — redirect chains, SSL certificate details, security header grades (A+ to F), and cookie flags.

WHEN TO USE

You need to check SSL/TLS configuration
You want to audit security headers (HSTS, CSP, etc.)
You need to check redirect chains
You want to analyze cookie security flags

View docs →

inspect_url

Pulls live content and metadata from any URL. Useful for checking docs, APIs, and third-party references in context.

Inspects a URL to extract clean, usable content (markdown/text) and metadata. Great for docs, blog posts, or API references without the clutter.

WHEN TO USE

You want to bring an external doc page into context
You need to compare two implementations
You want a clean summary of a long page

View docs →

scope_task

Minimum files needed for this task — no wasted reads, no bloated context, no missed dependencies.

Analyzes a coding task and returns the minimal set of files to read (max 7), existing utilities to reuse, and downstream callers at risk. Call this FIRST before reading files to avoid wasted effort.

WHEN TO USE

You're starting a new coding task and need to know what to read
You want to avoid reading irrelevant files
You need to know what utilities already exist to reuse

View docs →

thinking

Structured investigation mode. Nothing gets lost across long debugging sessions or high-risk changes.

WHEN TO USE

You’re starting a multi-step investigation
You need to plan before changing code
You want self-verification for risky changes

View docs →

View API reference →