Refract
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| index_repoA | Walk a repo (Python + JavaScript/TypeScript) and return an aggregated structural index: every function, class, import and dependency. Max depth 3; skips pycache, .git, venv, node_modules. |
| get_compressedB | S5-compress a single source file — Python or JS/TS (signatures + dependency contracts, bodies stripped) — and return the compressed structure plus token stats (tokens_before, tokens_after, reduction_pct). |
| expandA | Given function/class names in a .py file, return them verbatim (full source) plus their compressed dependency context. |
| blast_radiusA | Reverse-call-graph impact analysis for a Python function: BFS over inverted call edges to find every function transitively affected by changing target_function. Returns direct_callers, all_impacted, impacted_count, total_functions and a risk_level. Python files only. |
| security_surfaceA | Walk a Python repo and find functions that call dangerous primitives — pure AST analysis, zero LLM calls. Classifies calls as HIGH risk (subprocess/os.system/eval/exec/pickle/import/ctypes …) or MEDIUM risk (sockets/requests/httpx/urllib/paramiko/smtplib and write-mode open()). Also scans for potential secrets: hardcoded keys/tokens (AKIA…, sk-…, ghp_…, token=/password=/api_key= assignments), .env/environment loading, and high-entropy token-looking literals. Returns high_risk, medium_risk, secrets, clean files and a summary. Max depth 3; skips pycache, .git, venv, node_modules. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/LoudiliMed/Refract'
If you have feedback or need assistance with the MCP directory API, please join our Discord server