Joern MCP Server

Overview Schema Related Servers Score Discussions

get_derived_classes_by_class_full_name

Identify derived classes from a specified parent class to analyze inheritance hierarchies and dependencies in codebases for security reviews.

Instructions

Get the derived classes of a class

@param class_full_name: The fully qualified name of the class
@return: The derived classes info of the class, including the full name, name and id

Input Schema

TableJSON Schema

Name	Required	Description	Default
`class_full_name`	Yes

Implementation Reference

server_tools.py:140-148 (handler)

Handler function decorated with @joern_mcp.tool() implementing the tool logic: queries Joern server via joern_remote and parses response with extract_list to return list of derived classes.

@joern_mcp.tool()
def get_derived_classes_by_class_full_name(class_full_name:str) -> list[str]:
    """Get the derived classes of a class
    
    @param class_full_name: The fully qualified name of the class
    @return: The derived classes info of the class, including the full name, name and id
    """
    response = joern_remote(f'get_derived_classes_by_class_full_name("{class_full_name}")')
    return extract_list(response)

server.py:95-106 (registration)

Dynamic execution of server_tools.py via exec(), which runs the @joern_mcp.tool() decorators, registering the get_derived_classes_by_class_full_name tool among others.

GENERATED_PY = os.path.join(SCRIPT_DIR, "server_tools.py")
def generate():
    """Generate and execute additional server tools from server_tools.py file.
    
    This function reads the content of server_tools.py and executes it to add
    more functionality to the server.
    """
    with open(GENERATED_PY, "r") as f:
        code = f.read()
        exec(compile(code, GENERATED_PY, "exec"))

generate()

server.py:38-71 (helper)

Core helper function that sends the Cypher-like query to the Joern server and returns the cleaned stdout response.

def joern_remote(query):
    """
    Execute remote query and return results
    
    Parameters:
    query -- The query string to execute
    
    Returns:
    Returns the server response stdout content on success
    Returns None on failure, error message will be output to stderr
    """
    data = {"query": query}
    headers = {'Content-Type': 'application/json'}

    try:
        response = requests.post(
            f'http://{server_endpoint}/query-sync',
            data=json.dumps(data),
            headers=headers,
            auth=basic_auth,
            timeout=timeout
        )
        response.raise_for_status()  
        
        result = response.json()
        return remove_ansi_escape_sequences(result.get('stdout', ''))
        
    except requests.exceptions.RequestException as e:
        sys.stderr.write(f"Request Error: {str(e)}\n")
    except json.JSONDecodeError:
        sys.stderr.write("Error: Invalid JSON response\n")
    
    return None

common_tools.py:38-77 (helper)

Helper function used by the handler to parse the Joern server's Scala List response into a Python list of derived class names.

def extract_list(input_str):    
    """Extract a list of elements from a string representation of a Scala List.
    
    Parameters:
    input_str -- The input string containing a Scala List representation
    
    Returns:
    A Python list containing the extracted elements with cleaned data
    """
    # Check if input is empty or None
    if not input_str:
        return []
    
    # Use regex to match List content
    list_pattern = r'List\((.*?)\)$'
    list_match = re.search(list_pattern, input_str, re.DOTALL)
    if not list_match:
        return []
        
    content = list_match.group(1).strip()
    
    # Try to match content within triple quotes
    triple_quote_pattern = r'"""(.*?)"""'
    triple_quote_matches = re.findall(triple_quote_pattern, content, re.DOTALL)
    
    if triple_quote_matches:
        return triple_quote_matches
    
    # If no triple-quoted content found, try to match content within regular quotes
    single_quote_pattern = r'"((?:\\.|[^"\\])*?)"'
    single_quote_matches = re.findall(single_quote_pattern, content, re.DOTALL)
    
    elements = []
    for item in single_quote_matches:
        if item.strip():
            # Handle escape characters
            cleaned = item.replace('\\"', '"').replace('\\\\', '\\')
            elements.append(cleaned)
    
    return elements

Tool Definition Quality

B3.3/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It states it 'gets' derived classes, implying a read-only operation, but doesn't specify whether this requires authentication, has rate limits, returns paginated results, or handles errors. For a tool with zero annotation coverage, this leaves significant behavioral gaps.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately concise with three sentences: purpose statement, parameter documentation, and return value description. Each sentence adds value, and the structure is front-loaded with the core purpose. Minor room for improvement in flow, but very efficient.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's moderate complexity (class hierarchy query), no annotations, no output schema, and 1 parameter with 0% schema coverage, the description is minimally adequate. It covers the purpose and parameter semantics but lacks behavioral details and output format explanation beyond a brief '@return' note. Completeness is borderline for safe use.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description adds meaningful context for the single parameter: '@param class_full_name: The fully qualified name of the class'. With 0% schema description coverage (the schema only provides a title 'Class Full Name'), this parameter documentation in the description is essential and fully compensates for the schema gap. However, it doesn't explain format examples or constraints.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Get the derived classes of a class' - a specific verb ('Get') and resource ('derived classes'). It distinguishes from siblings like 'get_parent_classes_by_class_full_name' by focusing on derived rather than parent classes. However, it doesn't explicitly contrast with all siblings, so it's not a perfect 5.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage context through the parameter name 'class_full_name' and the tool's name, suggesting it's for class hierarchy analysis. However, it provides no explicit guidance on when to use this tool versus alternatives like 'get_parent_classes_by_class_full_name' or 'get_class_methods_by_class_full_name', nor any prerequisites or exclusions.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/sfncat/mcp-joern'

If you have feedback or need assistance with the MCP directory API, please join our Discord server