Show who the MCP is acting as, their permissions, the active audit, and how authentication is configured. Call this first in any session to orient yourself before performing actions. Returns user identity, tenant, role permissions, MCP token expiry, and active audit pin.

List audits this user is a team member of. Use to find the audit ID you want to work in. Filter by status (active/draft/completed/archived).

Pin one audit as the session's active audit. Subsequent tools that take an optional audit argument will default to this one. Accepts an audit ID OR a substring of the audit name (fuzzy match — exact match wins, then unique substring). Folder-level pinning via .konsulto.yml is the recommended persistent alternative.

One-shot orientation tool — returns the active audit's name, status, dates, scope element count, asset count, finding severity rollup, and team. Call this at session start (after whoami) to ground yourself before doing work in the audit. Defaults to the active audit; pass audit to override.

Search the finding-template catalog. Returns a slim shape (id, title, severity, summary, slot names, taxonomy) — NOT the full template body. Use this to pick a template before calling konsulto_compose_finding. When multiple candidates match, prefer the one whose summary best fits the evidence in hand.

Search findings within an audit. Defaults to the active audit when set. Returns titles, severities, statuses, and IDs — the body field is not included. Use to check for duplicates before creating a new finding and to find a specific finding to update or attach evidence to.

Read a single finding by ID, including its body rendered as markdown so the LLM can reason about the prose. Use when the user asks to review, explain, or summarize a specific finding. The body markdown is alongside the structured fields (severity, status, taxonomy, etc.).

Read just one section of a finding's body as markdown. Use for "explain the POC", "summarize the impact", "show me the remediation". Cheaper context-wise than konsulto_get_finding when the user only cares about one section. Section name accepts aliases (recommendations, mitigation, summary, etc.) — they map to canonical names server-side.

Create a brand-new finding from structured fields + optional template + optional evidence. The backend builds the Tiptap body from a layout — NEVER pass Tiptap JSON as a field. Use plain prose for summary/impact/remediation, an array of plain strings for stepsToReproduce. Evidence is grafted into the body at the requested section ("auto" walks poc → description → impact → remediation → end).

Update scalar fields on an existing finding. Use this for changing title, severity, status, taxonomy, or assets — NOT for editing the prose body (use konsulto_append_to_section / konsulto_replace_section for that). NOT for evidence (use konsulto_add_evidence_to_finding).

Change the status of many findings at once. Use for "client confirmed the fix on all of these" or "all stale findings should be closed". Set dryRun: true first to preview affected findings before committing.

Upload a file (or inline content) as an attachment in the active audit. Returns an evidenceId. Pass the evidenceId to konsulto_add_evidence_to_finding or include it in konsulto_compose_finding's evidence array to graft it into a finding's body. This tool only uploads — it does NOT link to a finding by itself. Exactly one of filePath/content/contentBase64 must be set.

Graft an already-uploaded attachment into an existing finding's body at the named section. The "auto" section walks poc → description → impact → remediation → end-of-doc. Use this when adding evidence after the finding was created (e.g. screenshots taken later, additional reproduction logs).

Append markdown prose to a named section of a finding. Use this to add a paragraph or two without touching the rest of the finding. Content is markdown — paragraphs, lists, code blocks, links. The backend converts it to the finding's rich-text format.

Replace the entire prose under a named section. The previous content is preserved on the audit trail (recoverable). Prefer konsulto_append_to_section unless the user explicitly wants to rewrite the section. Content is markdown.

List the scope elements for an audit — what's authorized to be tested. Use to confirm targets are in-scope before recording findings against them. Defaults to the active audit.

List assets in the audit (or tenant-wide if no audit filter). Returns name, type, identifiers (hostname/ip/url/cidr) so you can match evidence to the right asset. Use konsulto_link_asset to attach an asset to a finding.

Create a new asset in the active audit. Use when a scan or evidence reveals a host/URL/IP that isn't yet tracked. After creating, use konsulto_link_asset to attach it to a finding.

Attach an asset to a finding. Tries to match an existing asset by name (case-insensitive substring); creates one if none matches. Then patches the finding's assets[] to include the reference. Use this when the user says "this finding affects acme.com:443" — the tool figures out whether to reuse an existing asset or make a new one.