MCP Tools Reference
All 54 tools exposed by @codeatlas/mcp, grouped by purpose. Each entry shows what it returns and roughly what it costs in tokens. The evidence-gated generators and AI code review tools both ground every field in a quoted source line — the model can't invent things that don't appear in your code.
Resources (8)
Resources are read-only addressable views. Clients usually surface them as URI completions.
codeatlas://workspace/microservices— L1 system-design view.codeatlas://workspace/features— L2 feature clusters.codeatlas://workspace/apis— All detected entrypoints, flat list.codeatlas://workspace/entrypoints— Same as/apisgrouped by service.codeatlas://workspace/diff-summary— Baseline-vs-working numeric diff.codeatlas://workspace/ai-findings— All AI-review findings with source quotes.codeatlas://workspace/review-guidelines— Team review rules injected into every review prompt.codeatlas://workspace/review-summary— Counts by layer + severity, top findings, last review metadata.
Stdio clients that subscribe also receive a push notification (notifications/codeatlas/findings_changed) whenever findings are added, updated, or removed — no polling needed.
Discovery (4)
list_entrypointsEnumerate every entry into the codebase — HTTP routes, jobs, MQ consumers, CLI commands, lifecycle hooks, GraphQL subscriptions, webhooks, mobile deep links.
- Inputs
- (none) — or { method?: string, service?: string }
- Returns
- Array of { method, path, handler, file, line, service, auth, meta }.
- Tokens
- ~1.8k tokens for a medium repo (~150 entries).
get_entrypoint_packDeep dive on one route: its handler source, immediate callees, called DB tables, sequence diagram nodes.
- Inputs
- { method, path } or { handlerName }
- Returns
- { handler, sequence, dependencies, schemaTouches }
- Tokens
- ~700 tokens per route.
get_feature_packBundle every route, function, and file that belongs to one Louvain-detected feature cluster.
- Inputs
- { clusterId | clusterLabel }
- Returns
- { routes, functions, files, healthSignals }
search_workspaceWeighted reverse-indexed keyword search across features, routes, functions, classes. camelCase / snake_case aware.
- Inputs
- { query: string, requireAll?: boolean }
- Returns
- Ranked hits with { kind, label, file, line, score }.
Diffs & impact (4)
get_diff_summaryTop-line numerical summary of what changed vs baseline — files added/deleted/modified, routes touched, services affected.
- Inputs
- (none)
- Returns
- { files: { added, deleted, modified }, routes: …, services: … }
- Tokens
- ~28 tokens.
get_impact_of_changeBlast radius for a hypothesised edit. Direct callers, transitive callers, tests that need re-running.
- Inputs
- { file | symbol }
- Returns
- { direct: string[], transitive: string[], reviewRequired: string[] }
get_api_surface_diffWhat changed in the public HTTP/GraphQL/gRPC surface vs baseline. Added routes, removed routes, signature changes.
- Inputs
- (none) — or { service }
- Returns
- { added: Route[], removed: Route[], modified: Route[] }
pre_edit_briefOne-shot context for a file you're about to edit. Purpose, callers, callees, nearby tests, recent diffs.
- Inputs
- { file: string }
- Returns
- Compact JSON brief, typically 600–900 tokens.
- Notes
- The cheapest way to brief an agent before any edit.
get_regression_scope"What should I re-test for this change?" — composes the working diff, blast radius, coverage, and cross-repo consumers into a ranked re-test plan.
- Inputs
- (none) — or { repoId } in multi-repo workspaces
- Returns
- { changedEntryPoints, impactedEntryPoints, crossRepoConsumers, coverageGaps }
Functions & call graph (4)
get_function_sourcePull a single function's source by name, with surrounding context.
- Inputs
- { name, file? }
- Returns
- { source, file, lineStart, lineEnd, language }
trace_call_pathBFS over the workspace call graph from A to B. Useful for proving reachability.
- Inputs
- { from: string, to: string, maxDepth?: number }
- Returns
- Array of paths, each path = string[].
get_function_dependenciesDirect in- and out-edges for a function. Cheaper alternative to trace_call_path when you just need 1 hop.
- Inputs
- { name, file? }
- Returns
- { callers: string[], callees: string[] }
find_similar_entitiesFunctions with structurally similar bodies — duplication / DRY candidates.
- Inputs
- { name, file?, threshold?: number }
- Returns
- Ranked list of similar functions with similarity scores.
Health (3)
get_health_reportDead code, god files, high-coupling hotspots, cycles, orphaned clusters.
- Inputs
- (none)
- Returns
- { deadCode, godFiles, highCoupling, cycles, orphans } — each entry severity-ranked.
list_architecture_violationsRule-based violations of declared architecture (layer crossings, banned dependencies). Configured via repo's .codeatlas/rules.json.
- Inputs
- (none)
- Returns
- Violation list with { rule, source, target, severity }.
get_coverage_overlayPer-route coverage when LCOV / Istanbul JSON is present. Lets the agent prefer covered code paths.
- Inputs
- (none)
- Returns
- { route → { coveredLines, totalLines, percent } }
list_overlaysList the registered graph overlays (diff, comments, coverage, TODO density, future Sentry/APM adapters) with their paint style and current toggle state.
- Inputs
- (none)
- Returns
- Array of { id, displayName, paint, join, enabled }.
get_overlayFetch one overlay's data points joined to graph anchors. UI toggles never gate data — the agent always gets the points.
- Inputs
- { id: string } — e.g. "coverage", "todo-comments"
- Returns
- { points: Array<{ target, value, severity? }>, unresolved: number }
Paging & status (4)
list_entrypoints_pagedSame as list_entrypoints but with cursor pagination — for repos with thousands of routes.
- Inputs
- { cursor?, limit?: number }
- Returns
- { items, nextCursor }
list_saved_viewsSaved diagram views (filtered subsets of features / services). Users save them in the browser UI.
- Inputs
- (none)
- Returns
- Array of { id, label, filter, layer }
get_workspace_statusHealthcheck — is the snapshot DB present, when was the last successful index, what files are dirty.
- Inputs
- (none)
- Returns
- { snapshotAt, dirtyFiles, lockHolder, version }
get_impact_analysisWorkspace-wide impact view: top hotspots, files with the largest transitive caller set.
- Inputs
- (none) — or { limit?: number }
- Returns
- Ranked list.
SQL access (2)
describe_snapshot_schemaReturn the column list for every allowlisted table in the snapshot DB. Call this first so the model can write valid SQL.
- Inputs
- (none)
- Returns
- { tableName → ColumnInfo[] }
query_snapshotRead-only SELECT (or WITH cte AS SELECT) against the snapshot DB. Strict guardrails — single statement, allowlist tables, CTE-aware, row cap.
- Inputs
- { sql: string, params?: any[] }
- Returns
- { rows, rowCount, truncated? }
- Notes
- No LLM in the loop — deterministic.
Advanced (4)
compare_workspacesDiff this workspace against another snapshot path. Useful for monorepo↔monorepo or before/after migrations.
- Inputs
- { otherWorkspacePath: string }
- Returns
- { routeDiff, fileDiff, healthDiff }
summarise_payloadDeterministic extractive summariser. Compresses long tool outputs (e.g. a 50-route list) without an LLM round-trip.
- Inputs
- { payload, maxTokens? }
- Returns
- { summary, droppedKeys }
export_openapi_specEmit an OpenAPI 3.1 document from detected routes (HTTP only).
- Inputs
- (none)
- Returns
- OpenAPI JSON.
export_function_calling_specEmit an OpenAI / Anthropic function-calling schema for every detected route. Drop into a function-calling LLM as-is.
- Inputs
- (none)
- Returns
- Array of function-calling tool descriptors.
Multi-repo (1)
list_reposReturn one entry per detected repository in a multi-repo workspace (each top-level folder with a manifest, or each serverless service folder, or each binary entry point in a multi-binary Go / Rust workspace). Single-repo workspaces return one entry.
- Inputs
- (none)
- Returns
- { mode: 'single' | 'multi', repos: [{ repoId, name, root, kind }] }
- Notes
- Pair with any per-repo-scoped tool (e.g. `list_entrypoints({ repoId })`) to reach a specific repo.
Guided tour (1)
get_tourGenerate a guided codebase walkthrough — ordered list of routes / functions / files most worth understanding first. Driven by fan-in ranking + entry-point priority so tests, migrations, seeds, and library internals don't lead.
- Inputs
- { mode?: 'codebase' | 'recent', maxSteps?: number }
- Returns
- { steps: [{ id, label, blurb, layer, openIn }], totalSteps }
- Tokens
- ~700 tokens for a 5-step tour.
API testing toolkit (6)
run_api_chainExecute a multi-step API call chain end-to-end. Each step carries env-var extraction recipes + per-step assertions. Pre-/post-scripts run in a sandbox with a curated `pm.*` API (Postman-compatible).
- Inputs
- { steps: ChainStep[], initialEnv?, stopOnFirstFailure?: boolean }
- Returns
- { steps: StepResult[], finalEnv, passed, failed, errored, aborted }
- Notes
- Pairs with `generate_chain` so an agent can both author and execute a chain in one session.
stream_sseOpen a Server-Sent Events stream against a URL and capture inbound messages. Times out cleanly.
- Inputs
- { url, headers?, timeoutMs?, maxMessages? }
- Returns
- { messages: [{ event, data, id, retry, ts }], closedAt }
connect_websocketOpen a WebSocket connection, optionally send a message, and capture inbound frames within a timeout window. Useful for testing real-time endpoints.
- Inputs
- { url, headers?, sendOnConnect?: string, timeoutMs?, maxMessages? }
- Returns
- { messages: [{ data, ts, type }], closedAt }
oauth2_tokenExchange an authorization code (or refresh token) for an access token against an OAuth2 token endpoint. Stores the resulting token in the environment under a named variable for follow-up requests.
- Inputs
- { tokenUrl, grantType, code?, refreshToken?, clientId, clientSecret?, redirectUri?, scope?, storeAs? }
- Returns
- { access_token, token_type, expires_in, refresh_token?, scope? }
oauth2_authorize_urlBuild a fully-formed OAuth2 authorization URL (PKCE-safe) for the user to open in a browser. Returns the URL plus a state/verifier pair to pass into `oauth2_token`.
- Inputs
- { authorizationEndpoint, clientId, redirectUri, scope?, usePkce?: boolean, state? }
- Returns
- { url, state, codeVerifier? }
import_api_collectionImport a Postman, Insomnia, or OpenAPI collection into the API Testing workbench. Auto-detects format from file content.
- Inputs
- { source: 'file' | 'json', path?, json?, mergeStrategy?: 'replace' | 'merge' }
- Returns
- { imported: { collections, requests }, dropped, format }
Evidence-gated generators (3)
generate_request_bodyPropose a request body for a detected route. Inferred from the handler source — every field is grounded in a quoted source line; fields without evidence are dropped before returning.
- Inputs
- { apiId, llmConfig }
- Returns
- { body: object, evidence: { field → sourceQuote }, dropped: string[], rawText, model, usage }
- Notes
- Evidence-gated. The model cannot invent fields that don't appear in the handler.
generate_chainPropose a runnable multi-step API call chain from a natural-language description of a workflow. Each step is evidence-gated against handler source — extractions and assertions reference quoted lines.
- Inputs
- { description: string, llmConfig }
- Returns
- { chain: ChainStep[], evidence, dropped, rawText, model, usage }
- Notes
- Pair with `run_api_chain` to execute the proposed chain.
generate_test_casesPropose test cases (positive, negative, edge) for a detected route. Each case quotes a handler source line so the model can't invent unreachable branches.
- Inputs
- { apiId, llmConfig }
- Returns
- { cases: TestCase[], dropped, rawText, model, usage }
AI code review (15)
list_ai_findingsEvery AI-review finding with severity, category, and the source lines it quotes. Filter by layer, severity, status, or entry point.
- Inputs
- { graphId?, entryPointId?, severity?, status?, limit? }
- Returns
- { items: Finding[], total }
- Tokens
- ~50 tokens per finding.
get_ai_findingOne finding's full body, all layer bindings, the source it quotes, and the file/symbol anchor.
- Inputs
- { findingId }
- Returns
- Single Finding.
get_ai_finding_countsCounts grouped by diagram layer, entry point, and severity. Drop-in for the count badges on each layer header.
- Inputs
- (none) — or { status }
- Returns
- { byGraph, byEntryPoint, bySeverity, total }
- Tokens
- ~80 tokens.
update_ai_finding_statusMark a finding resolved or ignored after the fix lands. Refused in read-only mode.
- Inputs
- { findingId, status: 'open' | 'resolved' | 'ignored' }
- Returns
- Updated Finding.
get_review_guidelinesRead the team's free-text review rules currently injected into every review prompt.
- Inputs
- (none)
- Returns
- { text, hash, updatedAt }
set_review_guidelinesReplace the team's review rules (up to 8 KB). The new rules are used on the next review run. Refused in read-only mode.
- Inputs
- { text: string }
- Returns
- { text, hash, updatedAt }
search_ai_findingsNatural-language search over findings. "What's wrong with auth?" / "anything fishy in the article create flow?" — the intent is parsed to a route, cluster, or file scope before matching.
- Inputs
- { query: string, limit? }
- Returns
- { intent, matches: [{ finding, score, reason }] }
summarise_findingsExtractive 3–7 bullet summary of findings in a scope. Deterministic — no LLM call. For small-context agents.
- Inputs
- { graphId?, entryPointId?, maxBullets? }
- Returns
- { title, bullets, counts }
list_findings_by_guidelineGroup open findings by which guideline triggered them. Surfaces which rules are pulling weight vs. which guidelines yield nothing.
- Inputs
- (none) — or { guidelinesHash }
- Returns
- { groups, totalGroups }
get_review_summarySingle low-token call for "how's the review looking?" — total findings by layer + severity, last guidelines hash, top error samples.
- Inputs
- (none)
- Returns
- { counts, guidelines, topErrors }
- Tokens
- ~200 tokens.
clear_findingsWipe AI-review findings within a scope before a fresh review run. Refused in read-only mode.
- Inputs
- { scope: 'all' | 'cluster' | 'entry', clusterId?, entryPointId? }
- Returns
- { removed }
review_and_fix_packOne-shot bundle for an agent that wants to fix a finding: the finding + the entry-point pack + impact analysis + adjacent comments — all in one call, ready for a code-edit prompt.
- Inputs
- { findingId }
- Returns
- { finding, pack, siblingComments }
- Tokens
- Typically ~8 KB for a median entry point.
score_findingsRank a set of findings against a natural-language query. Useful when you have many findings and want only the ones relevant to a specific question.
- Inputs
- { query, findingIds?, threshold?, limit? }
- Returns
- { items, intent }
propose_guideline_from_findingGiven a finding the user agreed with, propose a one-line guideline that would catch the same pattern next time. The user reviews + adds it via set_review_guidelines.
- Inputs
- { findingId }
- Returns
- { proposedGuideline, rationale, sourceFinding }
review_diff_with_baselineSurface the scope of entry points that changed since baseline, ready for a targeted review. Cheaper than a full re-review when only a few routes changed.
- Inputs
- { scope?: 'changed' | 'cluster' | 'entry', clusterId?, entryPointId? }
- Returns
- { scope, entryPointCount, entryPoints, instruction }
list_entrypoints + one targeted pack returns in ~2.5k tokens. Pre-edit brief is ~700; diff summary ~28. 5×–60× reductions depending on query shape.SQL schema (allowlist)
query_snapshot only allows SELECT / WITH against these tables:
files— every indexed file with size, language, hash.functions— every detected function/method with file+lines.apis— entrypoints; columns: method, path, handler, file, line, auth, service.call_edges— caller → callee edges from the workspace call graph.services— detected services / microservices.features— Louvain-detected feature clusters.health_findings— dead code, god-file, cycle entries.migrations— detected DB migrations.
Call describe_snapshot_schema at runtime for the authoritative column list — schema can change between minor versions.