MCP Tools Reference

All 54 tools exposed by @codeatlas/mcp, grouped by purpose. Each entry shows what it returns and roughly what it costs in tokens. The evidence-gated generators and AI code review tools both ground every field in a quoted source line — the model can't invent things that don't appear in your code.

Resources (8)

Resources are read-only addressable views. Clients usually surface them as URI completions.

  • codeatlas://workspace/microservices — L1 system-design view.
  • codeatlas://workspace/features — L2 feature clusters.
  • codeatlas://workspace/apis — All detected entrypoints, flat list.
  • codeatlas://workspace/entrypoints — Same as /apis grouped by service.
  • codeatlas://workspace/diff-summary — Baseline-vs-working numeric diff.
  • codeatlas://workspace/ai-findings — All AI-review findings with source quotes.
  • codeatlas://workspace/review-guidelines — Team review rules injected into every review prompt.
  • codeatlas://workspace/review-summary — Counts by layer + severity, top findings, last review metadata.

Stdio clients that subscribe also receive a push notification (notifications/codeatlas/findings_changed) whenever findings are added, updated, or removed — no polling needed.

Discovery (4)

list_entrypoints

Enumerate every entry into the codebase — HTTP routes, jobs, MQ consumers, CLI commands, lifecycle hooks, GraphQL subscriptions, webhooks, mobile deep links.

Inputs
(none) — or { method?: string, service?: string }
Returns
Array of { method, path, handler, file, line, service, auth, meta }.
Tokens
~1.8k tokens for a medium repo (~150 entries).
get_entrypoint_pack

Deep dive on one route: its handler source, immediate callees, called DB tables, sequence diagram nodes.

Inputs
{ method, path } or { handlerName }
Returns
{ handler, sequence, dependencies, schemaTouches }
Tokens
~700 tokens per route.
get_feature_pack

Bundle every route, function, and file that belongs to one Louvain-detected feature cluster.

Inputs
{ clusterId | clusterLabel }
Returns
{ routes, functions, files, healthSignals }
search_workspace

Weighted reverse-indexed keyword search across features, routes, functions, classes. camelCase / snake_case aware.

Inputs
{ query: string, requireAll?: boolean }
Returns
Ranked hits with { kind, label, file, line, score }.

Diffs & impact (4)

get_diff_summary

Top-line numerical summary of what changed vs baseline — files added/deleted/modified, routes touched, services affected.

Inputs
(none)
Returns
{ files: { added, deleted, modified }, routes: …, services: … }
Tokens
~28 tokens.
get_impact_of_change

Blast radius for a hypothesised edit. Direct callers, transitive callers, tests that need re-running.

Inputs
{ file | symbol }
Returns
{ direct: string[], transitive: string[], reviewRequired: string[] }
get_api_surface_diff

What changed in the public HTTP/GraphQL/gRPC surface vs baseline. Added routes, removed routes, signature changes.

Inputs
(none) — or { service }
Returns
{ added: Route[], removed: Route[], modified: Route[] }
pre_edit_brief

One-shot context for a file you're about to edit. Purpose, callers, callees, nearby tests, recent diffs.

Inputs
{ file: string }
Returns
Compact JSON brief, typically 600–900 tokens.
Notes
The cheapest way to brief an agent before any edit.
get_regression_scope

"What should I re-test for this change?" — composes the working diff, blast radius, coverage, and cross-repo consumers into a ranked re-test plan.

Inputs
(none) — or { repoId } in multi-repo workspaces
Returns
{ changedEntryPoints, impactedEntryPoints, crossRepoConsumers, coverageGaps }

Functions & call graph (4)

get_function_source

Pull a single function's source by name, with surrounding context.

Inputs
{ name, file? }
Returns
{ source, file, lineStart, lineEnd, language }
trace_call_path

BFS over the workspace call graph from A to B. Useful for proving reachability.

Inputs
{ from: string, to: string, maxDepth?: number }
Returns
Array of paths, each path = string[].
get_function_dependencies

Direct in- and out-edges for a function. Cheaper alternative to trace_call_path when you just need 1 hop.

Inputs
{ name, file? }
Returns
{ callers: string[], callees: string[] }
find_similar_entities

Functions with structurally similar bodies — duplication / DRY candidates.

Inputs
{ name, file?, threshold?: number }
Returns
Ranked list of similar functions with similarity scores.

Health (3)

get_health_report

Dead code, god files, high-coupling hotspots, cycles, orphaned clusters.

Inputs
(none)
Returns
{ deadCode, godFiles, highCoupling, cycles, orphans } — each entry severity-ranked.
list_architecture_violations

Rule-based violations of declared architecture (layer crossings, banned dependencies). Configured via repo's .codeatlas/rules.json.

Inputs
(none)
Returns
Violation list with { rule, source, target, severity }.
get_coverage_overlay

Per-route coverage when LCOV / Istanbul JSON is present. Lets the agent prefer covered code paths.

Inputs
(none)
Returns
{ route → { coveredLines, totalLines, percent } }
list_overlays

List the registered graph overlays (diff, comments, coverage, TODO density, future Sentry/APM adapters) with their paint style and current toggle state.

Inputs
(none)
Returns
Array of { id, displayName, paint, join, enabled }.
get_overlay

Fetch one overlay's data points joined to graph anchors. UI toggles never gate data — the agent always gets the points.

Inputs
{ id: string } — e.g. "coverage", "todo-comments"
Returns
{ points: Array<{ target, value, severity? }>, unresolved: number }

Paging & status (4)

list_entrypoints_paged

Same as list_entrypoints but with cursor pagination — for repos with thousands of routes.

Inputs
{ cursor?, limit?: number }
Returns
{ items, nextCursor }
list_saved_views

Saved diagram views (filtered subsets of features / services). Users save them in the browser UI.

Inputs
(none)
Returns
Array of { id, label, filter, layer }
get_workspace_status

Healthcheck — is the snapshot DB present, when was the last successful index, what files are dirty.

Inputs
(none)
Returns
{ snapshotAt, dirtyFiles, lockHolder, version }
get_impact_analysis

Workspace-wide impact view: top hotspots, files with the largest transitive caller set.

Inputs
(none) — or { limit?: number }
Returns
Ranked list.

SQL access (2)

describe_snapshot_schema

Return the column list for every allowlisted table in the snapshot DB. Call this first so the model can write valid SQL.

Inputs
(none)
Returns
{ tableName → ColumnInfo[] }
query_snapshot

Read-only SELECT (or WITH cte AS SELECT) against the snapshot DB. Strict guardrails — single statement, allowlist tables, CTE-aware, row cap.

Inputs
{ sql: string, params?: any[] }
Returns
{ rows, rowCount, truncated? }
Notes
No LLM in the loop — deterministic.

Advanced (4)

compare_workspaces

Diff this workspace against another snapshot path. Useful for monorepo↔monorepo or before/after migrations.

Inputs
{ otherWorkspacePath: string }
Returns
{ routeDiff, fileDiff, healthDiff }
summarise_payload

Deterministic extractive summariser. Compresses long tool outputs (e.g. a 50-route list) without an LLM round-trip.

Inputs
{ payload, maxTokens? }
Returns
{ summary, droppedKeys }
export_openapi_spec

Emit an OpenAPI 3.1 document from detected routes (HTTP only).

Inputs
(none)
Returns
OpenAPI JSON.
export_function_calling_spec

Emit an OpenAI / Anthropic function-calling schema for every detected route. Drop into a function-calling LLM as-is.

Inputs
(none)
Returns
Array of function-calling tool descriptors.

Multi-repo (1)

list_repos

Return one entry per detected repository in a multi-repo workspace (each top-level folder with a manifest, or each serverless service folder, or each binary entry point in a multi-binary Go / Rust workspace). Single-repo workspaces return one entry.

Inputs
(none)
Returns
{ mode: 'single' | 'multi', repos: [{ repoId, name, root, kind }] }
Notes
Pair with any per-repo-scoped tool (e.g. `list_entrypoints({ repoId })`) to reach a specific repo.

Guided tour (1)

get_tour

Generate a guided codebase walkthrough — ordered list of routes / functions / files most worth understanding first. Driven by fan-in ranking + entry-point priority so tests, migrations, seeds, and library internals don't lead.

Inputs
{ mode?: 'codebase' | 'recent', maxSteps?: number }
Returns
{ steps: [{ id, label, blurb, layer, openIn }], totalSteps }
Tokens
~700 tokens for a 5-step tour.

API testing toolkit (6)

run_api_chain

Execute a multi-step API call chain end-to-end. Each step carries env-var extraction recipes + per-step assertions. Pre-/post-scripts run in a sandbox with a curated `pm.*` API (Postman-compatible).

Inputs
{ steps: ChainStep[], initialEnv?, stopOnFirstFailure?: boolean }
Returns
{ steps: StepResult[], finalEnv, passed, failed, errored, aborted }
Notes
Pairs with `generate_chain` so an agent can both author and execute a chain in one session.
stream_sse

Open a Server-Sent Events stream against a URL and capture inbound messages. Times out cleanly.

Inputs
{ url, headers?, timeoutMs?, maxMessages? }
Returns
{ messages: [{ event, data, id, retry, ts }], closedAt }
connect_websocket

Open a WebSocket connection, optionally send a message, and capture inbound frames within a timeout window. Useful for testing real-time endpoints.

Inputs
{ url, headers?, sendOnConnect?: string, timeoutMs?, maxMessages? }
Returns
{ messages: [{ data, ts, type }], closedAt }
oauth2_token

Exchange an authorization code (or refresh token) for an access token against an OAuth2 token endpoint. Stores the resulting token in the environment under a named variable for follow-up requests.

Inputs
{ tokenUrl, grantType, code?, refreshToken?, clientId, clientSecret?, redirectUri?, scope?, storeAs? }
Returns
{ access_token, token_type, expires_in, refresh_token?, scope? }
oauth2_authorize_url

Build a fully-formed OAuth2 authorization URL (PKCE-safe) for the user to open in a browser. Returns the URL plus a state/verifier pair to pass into `oauth2_token`.

Inputs
{ authorizationEndpoint, clientId, redirectUri, scope?, usePkce?: boolean, state? }
Returns
{ url, state, codeVerifier? }
import_api_collection

Import a Postman, Insomnia, or OpenAPI collection into the API Testing workbench. Auto-detects format from file content.

Inputs
{ source: 'file' | 'json', path?, json?, mergeStrategy?: 'replace' | 'merge' }
Returns
{ imported: { collections, requests }, dropped, format }

Evidence-gated generators (3)

generate_request_body

Propose a request body for a detected route. Inferred from the handler source — every field is grounded in a quoted source line; fields without evidence are dropped before returning.

Inputs
{ apiId, llmConfig }
Returns
{ body: object, evidence: { field → sourceQuote }, dropped: string[], rawText, model, usage }
Notes
Evidence-gated. The model cannot invent fields that don't appear in the handler.
generate_chain

Propose a runnable multi-step API call chain from a natural-language description of a workflow. Each step is evidence-gated against handler source — extractions and assertions reference quoted lines.

Inputs
{ description: string, llmConfig }
Returns
{ chain: ChainStep[], evidence, dropped, rawText, model, usage }
Notes
Pair with `run_api_chain` to execute the proposed chain.
generate_test_cases

Propose test cases (positive, negative, edge) for a detected route. Each case quotes a handler source line so the model can't invent unreachable branches.

Inputs
{ apiId, llmConfig }
Returns
{ cases: TestCase[], dropped, rawText, model, usage }

AI code review (15)

list_ai_findings

Every AI-review finding with severity, category, and the source lines it quotes. Filter by layer, severity, status, or entry point.

Inputs
{ graphId?, entryPointId?, severity?, status?, limit? }
Returns
{ items: Finding[], total }
Tokens
~50 tokens per finding.
get_ai_finding

One finding's full body, all layer bindings, the source it quotes, and the file/symbol anchor.

Inputs
{ findingId }
Returns
Single Finding.
get_ai_finding_counts

Counts grouped by diagram layer, entry point, and severity. Drop-in for the count badges on each layer header.

Inputs
(none) — or { status }
Returns
{ byGraph, byEntryPoint, bySeverity, total }
Tokens
~80 tokens.
update_ai_finding_status

Mark a finding resolved or ignored after the fix lands. Refused in read-only mode.

Inputs
{ findingId, status: 'open' | 'resolved' | 'ignored' }
Returns
Updated Finding.
get_review_guidelines

Read the team's free-text review rules currently injected into every review prompt.

Inputs
(none)
Returns
{ text, hash, updatedAt }
set_review_guidelines

Replace the team's review rules (up to 8 KB). The new rules are used on the next review run. Refused in read-only mode.

Inputs
{ text: string }
Returns
{ text, hash, updatedAt }
search_ai_findings

Natural-language search over findings. "What's wrong with auth?" / "anything fishy in the article create flow?" — the intent is parsed to a route, cluster, or file scope before matching.

Inputs
{ query: string, limit? }
Returns
{ intent, matches: [{ finding, score, reason }] }
summarise_findings

Extractive 3–7 bullet summary of findings in a scope. Deterministic — no LLM call. For small-context agents.

Inputs
{ graphId?, entryPointId?, maxBullets? }
Returns
{ title, bullets, counts }
list_findings_by_guideline

Group open findings by which guideline triggered them. Surfaces which rules are pulling weight vs. which guidelines yield nothing.

Inputs
(none) — or { guidelinesHash }
Returns
{ groups, totalGroups }
get_review_summary

Single low-token call for "how's the review looking?" — total findings by layer + severity, last guidelines hash, top error samples.

Inputs
(none)
Returns
{ counts, guidelines, topErrors }
Tokens
~200 tokens.
clear_findings

Wipe AI-review findings within a scope before a fresh review run. Refused in read-only mode.

Inputs
{ scope: 'all' | 'cluster' | 'entry', clusterId?, entryPointId? }
Returns
{ removed }
review_and_fix_pack

One-shot bundle for an agent that wants to fix a finding: the finding + the entry-point pack + impact analysis + adjacent comments — all in one call, ready for a code-edit prompt.

Inputs
{ findingId }
Returns
{ finding, pack, siblingComments }
Tokens
Typically ~8 KB for a median entry point.
score_findings

Rank a set of findings against a natural-language query. Useful when you have many findings and want only the ones relevant to a specific question.

Inputs
{ query, findingIds?, threshold?, limit? }
Returns
{ items, intent }
propose_guideline_from_finding

Given a finding the user agreed with, propose a one-line guideline that would catch the same pattern next time. The user reviews + adds it via set_review_guidelines.

Inputs
{ findingId }
Returns
{ proposedGuideline, rationale, sourceFinding }
review_diff_with_baseline

Surface the scope of entry points that changed since baseline, ready for a targeted review. Cheaper than a full re-review when only a few routes changed.

Inputs
{ scope?: 'changed' | 'cluster' | 'entry', clusterId?, entryPointId? }
Returns
{ scope, entryPointCount, entryPoints, instruction }
Token economics
File-walking a 200-file repo costs ~14k tokens. The same architectural question answered via list_entrypoints + one targeted pack returns in ~2.5k tokens. Pre-edit brief is ~700; diff summary ~28. 5×–60× reductions depending on query shape.

SQL schema (allowlist)

query_snapshot only allows SELECT / WITH against these tables:

  • files — every indexed file with size, language, hash.
  • functions — every detected function/method with file+lines.
  • apis — entrypoints; columns: method, path, handler, file, line, auth, service.
  • call_edges — caller → callee edges from the workspace call graph.
  • services — detected services / microservices.
  • features — Louvain-detected feature clusters.
  • health_findings — dead code, god-file, cycle entries.
  • migrations — detected DB migrations.

Call describe_snapshot_schema at runtime for the authoritative column list — schema can change between minor versions.

← Back to MCP overview