Joern MCP Server

Overview Schema Related Servers Score Discussions

get_method_callees

Identify methods called by a specified method to analyze code dependencies and understand execution flow during code review or security analysis.

Instructions

Retrieves a list of methods info that are called by the specified method

@param method_full_name: The fully qualified name of the source method(e.g., com.android.nfc.NfcService$6.onReceive:void(android.content.Context,android.content.Intent)) @return: List of full name, name, signature and id of methods which call the source method

Input Schema

TableJSON Schema

Name	Required	Description	Default
`method_full_name`	Yes

Implementation Reference

server_tools.py:36-45 (handler)

The handler function for the 'get_method_callees' tool. It is decorated with @joern_mcp.tool(), which also serves as the registration mechanism. The function queries the Joern server using joern_remote and processes the response with extract_list.

@joern_mcp.tool()
def get_method_callees(method_full_name: str) -> list[str]:
    """Retrieves a list of methods info that are called by the specified method
    
   @param method_full_name: The fully qualified name of the source method(e.g., com.android.nfc.NfcService$6.onReceive:void(android.content.Context,android.content.Intent))
   @return: List of full name, name, signature and id of methods which call the source method
    """
    # responses =  joern_remote(f'cpg.method.fullNameExact("{method_full_name}").head.callee.distinct.map(m => (s"methodFullName=$' + '{m.fullName} methodId=${m.id}L")).l')
    responses = joern_remote(f'get_method_callees("{method_full_name}")')
    return extract_list(responses)

server.py:102-104 (registration)
The exec statement in the generate() function that dynamically loads and executes server_tools.py, thereby registering all tools including 'get_method_callees' via their decorators.
```
with open(GENERATED_PY, "r") as f:
    code = f.read()
    exec(compile(code, GENERATED_PY, "exec"))
```

server.py:38-70 (helper)

The joern_remote helper function used by get_method_callees to send queries to the Joern server.

def joern_remote(query):
    """
    Execute remote query and return results
    
    Parameters:
    query -- The query string to execute
    
    Returns:
    Returns the server response stdout content on success
    Returns None on failure, error message will be output to stderr
    """
    data = {"query": query}
    headers = {'Content-Type': 'application/json'}

    try:
        response = requests.post(
            f'http://{server_endpoint}/query-sync',
            data=json.dumps(data),
            headers=headers,
            auth=basic_auth,
            timeout=timeout
        )
        response.raise_for_status()  
        
        result = response.json()
        return remove_ansi_escape_sequences(result.get('stdout', ''))
        
    except requests.exceptions.RequestException as e:
        sys.stderr.write(f"Request Error: {str(e)}\n")
    except json.JSONDecodeError:
        sys.stderr.write("Error: Invalid JSON response\n")
    
    return None

common_tools.py:38-45 (helper)

The extract_list helper function used to parse the list response from Joern queries in get_method_callees.

def extract_list(input_str):    
    """Extract a list of elements from a string representation of a Scala List.
    
    Parameters:
    input_str -- The input string containing a Scala List representation
    
    Returns:
    A Python list containing the extracted elements with cleaned data

Tool Definition Quality

B3.3/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It describes the basic operation ('retrieves a list') and return format, but lacks details on permissions, rate limits, error handling, or data freshness. For a tool with no annotations, this is a significant gap in transparency.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized and front-loaded, with the core purpose stated first. The @param and @return annotations are concise and informative, though the structure could be slightly improved by integrating the annotations more seamlessly into the main text.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (1 parameter, no output schema, no annotations), the description is moderately complete. It covers the purpose, parameter semantics, and return format, but lacks behavioral details and usage guidelines. Without an output schema, it helpfully describes the return value, but overall completeness is adequate with clear gaps.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description adds substantial meaning beyond the input schema, which has 0% description coverage. It explains the parameter 'method_full_name' with a clear definition and an example (e.g., 'com.android.nfc.NfcService$6.onReceive:void(android.content.Context,android.content.Intent)'), providing essential context that the schema alone does not offer.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Retrieves a list of methods info that are called by the specified method.' It includes a specific verb ('retrieves') and resource ('methods info'), but does not explicitly differentiate it from sibling tools like 'get_method_callers' or 'get_calls_in_method_by_method_full_name', which likely have related but distinct functions.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It does not mention sibling tools such as 'get_method_callers' (which might retrieve callers instead of callees) or 'get_calls_in_method_by_method_full_name' (which could be similar), leaving the agent to infer usage context without explicit direction.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/sfncat/mcp-joern'

If you have feedback or need assistance with the MCP directory API, please join our Discord server