en es ja ko zh

Joern MCP Server

by sfncat

Overview Schema Related Servers Score Discussions

Python

Local

get_method_code_by_id

Retrieve method source code using its unique identifier for code review and security analysis in the Joern MCP Server.

Instructions

Get the code of a method by its class full name and method name

@param class_full_name: The fully qualified name of the class
@param method_name: The name of the method
@return: List of full name, name, signature and id of methods in the class

Input Schema

TableJSON Schema

Name	Required	Description	Default
`method_id`	Yes

Implementation Reference

server_tools.py:87-96 (handler)

Handler function for 'get_method_code_by_id' tool. Decorated with @joern_mcp.tool() for automatic registration in FastMCP. Queries Joern server remotely using joern_remote and parses response with extract_value to return method source code by ID.

@joern_mcp.tool()
def get_method_code_by_id(method_id:str) -> str:
    """Get the code of a method by its class full name and method name
  
    @param class_full_name: The fully qualified name of the class
    @param method_name: The name of the method
    @return: List of full name, name, signature and id of methods in the class
    """
    response =  joern_remote(f'get_method_code_by_id("{method_id}")')
    return extract_value(response)

server.py:38-70 (helper)

Core helper function joern_remote that sends HTTP POST requests to the Joern server endpoint with the CPG query, authenticates, handles timeouts, cleans ANSI sequences from stdout response.

def joern_remote(query):
    """
    Execute remote query and return results
    
    Parameters:
    query -- The query string to execute
    
    Returns:
    Returns the server response stdout content on success
    Returns None on failure, error message will be output to stderr
    """
    data = {"query": query}
    headers = {'Content-Type': 'application/json'}

    try:
        response = requests.post(
            f'http://{server_endpoint}/query-sync',
            data=json.dumps(data),
            headers=headers,
            auth=basic_auth,
            timeout=timeout
        )
        response.raise_for_status()  
        
        result = response.json()
        return remove_ansi_escape_sequences(result.get('stdout', ''))
        
    except requests.exceptions.RequestException as e:
        sys.stderr.write(f"Request Error: {str(e)}\n")
    except json.JSONDecodeError:
        sys.stderr.write("Error: Invalid JSON response\n")
    
    return None

common_tools.py:111-133 (helper)

Utility function extract_value that parses Joern query responses to extract the relevant value (code, ID, name, etc.) based on patterns like triple quotes for code blocks or quoted strings.

def extract_value(input_str: str) -> str:
    """Extract value from a string based on its pattern.
    
    This function automatically selects the appropriate extraction method based on
    the input string format:
    * If contains 'Long =', uses extract_long_value
    * If contains triple quotes, uses extract_code_between_triple_quotes
    * If contains single quotes, uses extract_quoted_string
    
    Args:
        input_str (str): Input string containing a value to extract
        
    Returns:
        str: Extracted value based on the detected pattern
    """
    if 'Long =' in input_str:
        return extract_long_value(input_str)
    elif 'String = """' in input_str:
        return extract_code_between_triple_quotes(input_str)
    elif 'String = "' in input_str:
        return extract_quoted_string(input_str)
    else:
        return input_str

server.py:94-106 (registration)

Dynamic registration mechanism: server.py executes the code in server_tools.py via exec(), which runs all @joern_mcp.tool() decorators to register tools including 'get_method_code_by_id' to the FastMCP instance.

SCRIPT_DIR = os.path.dirname(os.path.realpath(__file__))
GENERATED_PY = os.path.join(SCRIPT_DIR, "server_tools.py")
def generate():
    """Generate and execute additional server tools from server_tools.py file.
    
    This function reads the content of server_tools.py and executes it to add
    more functionality to the server.
    """
    with open(GENERATED_PY, "r") as f:
        code = f.read()
        exec(compile(code, GENERATED_PY, "exec"))

generate()

Tool Definition Quality

C2.2/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description must fully disclose behavioral traits. It states what the tool does but lacks critical details: it doesn't specify what 'code' means (source code, bytecode, etc.), whether this is a read-only operation, error handling, performance characteristics, or authentication requirements. For a tool with no annotation coverage, this leaves significant behavioral gaps.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness3/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is brief and structured with parameter annotations, but it's inefficiently front-loaded. The first sentence states the purpose, but the subsequent @param lines are misleading given the actual schema. While concise, the structure doesn't effectively communicate the tool's true requirements due to the parameter mismatch.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity (1 parameter with 0% schema coverage, no output schema, no annotations), the description is incomplete. It fails to accurately document the single required parameter ('method_id'), doesn't explain the return value beyond a vague 'List of...', and omits behavioral context. For a tool with minimal structured data, the description should do more to compensate but instead adds confusion.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters1/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description lists parameters '@param class_full_name' and '@param method_name' with brief explanations, but the input schema requires only 'method_id' as a single parameter. This creates a direct contradiction: the description documents two parameters that don't exist in the schema, while the schema's one parameter ('method_id') is not mentioned at all in the description. With 0% schema description coverage, the description fails to compensate and instead misleads.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose3/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description states 'Get the code of a method by its class full name and method name' which provides a clear verb ('Get') and resource ('code of a method'), but it's vague about the exact mechanism. The title is null, so the description carries the full burden. However, it doesn't distinguish this tool from sibling tools like 'get_method_code_by_class_full_name_and_method_name' or 'get_method_code_by_full_name', which appear to serve similar purposes.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. With multiple sibling tools that seem related to retrieving method information (e.g., 'get_method_code_by_class_full_name_and_method_name', 'get_method_code_by_full_name'), there's no indication of which tool to choose in different scenarios. The lack of context or prerequisites leaves the agent without usage direction.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/sfncat/mcp-joern'

If you have feedback or need assistance with the MCP directory API, please join our Discord server