Skip to main content
Glama
299,163 tools. Last updated 2026-07-14 18:43

"A platform for managing infrastructure as code with Terraform Cloud" matching MCP tools:

  • DESTROY: Tear down previously deployed infrastructure Destroys infrastructure by calling the Oracle destroy endpoint for a session that has a prior successful deployment. IMPORTANT: This starts a long-running job. Use tfstatus/tflogs to monitor progress. SINGLE-FLIGHT: only one TF job per session at a time. If another job is already in flight, tfdestroy returns tf_job_conflict with the live job_id — attach with tfstatus/tflogs, or pass force_new=true to override. REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: force_new (boolean, default false) - bypass the single-flight guard. Use only when the existing run is provably wedged. PREREQUISITE: The session must have a prior successful deployment with a project_id. After destroy completes, the session is kept for historical record but hasDeployment is set to false.
    Connector
  • PREVIEW: Run terraform plan to preview infrastructure changes Runs a terraform plan for an InsideOut session without applying any changes. This lets the user review what will be created/changed/destroyed before committing. Returns job_id, plan_id, and project_id. Use tflogs to stream the plan output. After the plan completes, use tfdeploy with plan_id to apply the exact plan. SINGLE-FLIGHT: only one TF job per session at a time. If another job is already in flight, tfplan returns tf_job_conflict with the live job_id — attach with tfstatus/tflogs, or pass force_new=true to override. REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: sandbox (boolean, default false) — plans real generated Terraform. Set to true for cheap sandbox template (testing only). OPTIONAL: force_new (boolean, default false) - bypass the single-flight guard. Use only when the existing run is provably wedged. CREDENTIAL HANDLING: Same as tfdeploy - credentials must be configured first.
    Connector
  • DESTROY: Tear down previously deployed infrastructure Destroys infrastructure by calling the Oracle destroy endpoint for a session that has a prior successful deployment. IMPORTANT: This starts a long-running job. Use tfstatus/tflogs to monitor progress. SINGLE-FLIGHT: only one TF job per session at a time. If another job is already in flight, tfdestroy returns tf_job_conflict with the live job_id — attach with tfstatus/tflogs, or pass force_new=true to override. REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: force_new (boolean, default false) - bypass the single-flight guard. Use only when the existing run is provably wedged. PREREQUISITE: The session must have a prior successful deployment with a project_id. After destroy completes, the session is kept for historical record but hasDeployment is set to false.
    Connector
  • Get the full AI analysis for a single exploit by its platform ID. Returns classification (working_poc, trojan, suspicious, scanner, stub, writeup), attack type, complexity, reliability, confidence score, authentication requirements, target software, a summary of what the exploit does, prerequisites, MITRE ATT&CK techniques, deception indicators for trojans, and the standalone backdoor-review verdict with operator-risk notes when available. Use this to check if an exploit is safe before reviewing its code. Example: exploit_id=61514 returns a TROJAN warning with deception indicators.
    Connector
  • Checks whether a task can be handled by a local model instead of a cloud API. Call this BEFORE your agent routes any task to a cloud model — at the moment a task is ready to be sent and the model has not yet been selected. Use this when your agent is about to make a cloud inference call and wants to determine whether a local model could handle it at lower cost. Returns LOCAL/CLOUD/EITHER verdict with recommended model. If verdict is LOCAL, skip the cloud call entirely — saves cost on every routable inference call. Pass data_sensitivity=CONFIDENTIAL to force LOCAL verdict for tasks that must not leave the machine. Do not route to cloud without checking local viability first.
    Connector
  • WORKFLOW: Step 1 of 4 - Start infrastructure design conversation Open an InsideOut V2 session and receive the assistant's intro message. The response contains a clean message from Riley (the infrastructure advisor) - display it to the user. ⚠️ Riley will ask questions - forward these to the user, DO NOT answer on their behalf. CRITICAL: This tool returns a session_id in the response metadata. You MUST use this session_id for ALL subsequent tool calls (convoreply, tfgenerate, tfdeploy, etc.). ⚠️ The session_id includes a ?token=... suffix (format: sess_v2_xxx?token=yyy) which is part of the session credential — without it, downstream tools fall back to a tokenless connect URL that 401s. Always pass session_id verbatim to subsequent tools and to the user; do NOT shorten, paraphrase, or strip the ?token= portion when summarizing the session in chat or in your own scratch notes. Use when the user mentions keywords like: 'setup my cloud infra', 'provision infrastructure', 'deploy infra', 'start insideout', 'use insideout', or similar intent to begin infra setup. OPTIONAL: project_context (string) - General tech stack summary so Riley can skip discovery questions and jump to recommendations. The agent should confirm this with the user before sending. Include whichever apply: language/framework, databases/services, container usage, existing IaC, CI/CD platform, cloud provider, Kubernetes usage, what the project does. Example: 'Next.js 14 + TypeScript, PostgreSQL, Redis, Docker Compose, deployed to AWS ECS, GitHub Actions CI/CD, ~50k MAU'. NEVER include credentials, secrets, API keys, PII, source code, or internal URLs/IPs -- only general metadata summaries useful to a cloud architect agent. IMPORTANT: source (string) - You MUST set this to identify which IDE/tool you are. Auto-detect from your environment: 'claude-code', 'codex', 'antigravity', 'kiro', 'vscode', 'web', 'mcp'. If unsure, use the name of your IDE/tool in lowercase. Do NOT omit this — it controls the 'Open {IDE}' button on the credential connect screen. OPTIONAL: github_username (string) - GitHub username for deploy commit attribution. Pre-populates the GitHub username field on the connect page. 💡 TIP: Examine workflow.usage prompt for more context on how to properly use these tools.
    Connector

Matching MCP Servers

Matching MCP Connectors

  • Corporate travel: search and book flights, hotels, rail and transfers, manage orders.

  • Cloudflare Workers MCP server: code-explainer

  • WORKFLOW: Step 4 of 4 - Deploy infrastructure to the cloud Deploy infrastructure by starting a Terraform job for an InsideOut session. This tool initiates the actual deployment process after Terraform files have been generated. IMPORTANT: This starts a long-running job (15+ minutes). Use tfstatus to monitor progress. SINGLE-FLIGHT: only one TF job (apply/plan/destroy/drift) runs per session at a time. If another job is already in flight, tfdeploy returns tf_job_conflict with the live job_id — attach with tfstatus/tflogs instead of retrying, or pass force_new=true to override. Returns confirmation that the deployment has started. REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: plan_id (string) — Apply a previously created plan from tfplan. Preview-then-apply workflow: tfplan → tflogs (review) → tfdeploy(plan_id=...). OPTIONAL: sandbox (boolean, default false) — deploys real generated Terraform. Set to true for cheap sandbox template (testing only). OPTIONAL: ignore_drift (boolean, default false) - when true, proceeds with deploy even if infrastructure drift is detected. By default, deploys fail on drift. Use after reviewing drift details via tfdrift or tflogs. OPTIONAL: force_new (boolean, default false) - bypass the session-level single-flight guard. Use only when the existing run is provably wedged. CREDENTIAL FLOW (if credentials are missing): 1. Response includes a connect_url — present it to the user 2. Call credawait(session_id=...) to poll for credentials 3. When credawait returns success, retry tfdeploy Do NOT call credawait without first showing the connect URL to the user.
    Connector
  • WORKFLOW: Step 4 of 4 - Deploy infrastructure to the cloud Deploy infrastructure by starting a Terraform job for an InsideOut session. This tool initiates the actual deployment process after Terraform files have been generated. IMPORTANT: This starts a long-running job (15+ minutes). Use tfstatus to monitor progress. SINGLE-FLIGHT: only one TF job (apply/plan/destroy/drift) runs per session at a time. If another job is already in flight, tfdeploy returns tf_job_conflict with the live job_id — attach with tfstatus/tflogs instead of retrying, or pass force_new=true to override. Returns confirmation that the deployment has started. REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: plan_id (string) — Apply a previously created plan from tfplan. Preview-then-apply workflow: tfplan → tflogs (review) → tfdeploy(plan_id=...). OPTIONAL: sandbox (boolean, default false) — deploys real generated Terraform. Set to true for cheap sandbox template (testing only). OPTIONAL: ignore_drift (boolean, default false) - when true, proceeds with deploy even if infrastructure drift is detected. By default, deploys fail on drift. Use after reviewing drift details via tfdrift or tflogs. OPTIONAL: force_new (boolean, default false) - bypass the session-level single-flight guard. Use only when the existing run is provably wedged. CREDENTIAL FLOW (if credentials are missing): 1. Response includes a connect_url — present it to the user 2. Call credawait(session_id=...) to poll for credentials 3. When credawait returns success, retry tfdeploy Do NOT call credawait without first showing the connect URL to the user.
    Connector
  • DRIFT CHECK: Run a read-only drift detection check Checks whether deployed infrastructure has drifted from the expected Terraform state. This is a read-only operation — it does NOT modify any infrastructure. Returns job_id. Use tflogs to stream the drift check results. SINGLE-FLIGHT: only one TF job per session at a time. If another job is already in flight, tfdrift returns tf_job_conflict with the live job_id — attach with tfstatus/tflogs, or pass force_new=true to override. REQUIRES: session_id from convoopen response (format: sess_v2_...). PREREQUISITE: The session must have a prior deployment with a project_id. OPTIONAL: force_new (boolean, default false) - bypass the single-flight guard. Use only when the existing run is provably wedged. If drift is detected, the user can either fix the drift or use tfdeploy(ignore_drift=true) to proceed.
    Connector
  • Fetch the full record for a single creator by ID or exact platform username. Use this when you already have either: - a canonical creator UUID returned by `search_creators`, `semantic_search_creators`, `autocomplete_creators`, or `find_lookalike_creators`; or - an exact platform+username pair such as platform "instagram" and username "niickjackson". Pass `include: ['profiles']` to also receive the creator's social profile summaries when using a creator UUID. For platform+username inputs, this tool resolves through the profile endpoint and returns the profile record plus the underlying creator record, so you already get the matched profile context. Examples: - User: "Get creator 123e4567-e89b-12d3-a456-426614174000" -> call with id. - User: "Get @niickjackson on Instagram" -> call with platform "instagram" and username "niickjackson", or use `get_profile` if profile metrics are the main need. - User: "Tell me about @niickjackson and include his profiles" -> use platform "instagram" and username "niickjackson"; then use `get_profile`/`get_posts` for platform-specific metrics and content if needed. Use `lookup_profiles` for batch exact profile lookups.
    Connector
  • Convert a Control Plane resource manifest (YAML or JSON) into the equivalent Terraform (HCL). The manifest is first DRY-RUN VALIDATED against the API (no resource is created) — if it fails validation you get the error instead of HCL, so the returned Terraform always corresponds to a schema-valid resource. Pass `gvc` when the kind is GVC-scoped (workload, identity, volumeset). Set `generateImports` to also return ready-to-run `terraform import` commands. To convert an EXISTING resource instead of a manifest, use export_terraform.
    Connector
  • Compare 2-3 developer tools side by side. Returns each tool's full Markdown-KV entry separated by "===". Alternatives and worksWith are enriched with tagline + agent-readiness for resolved slugs. If any requested slugs are not found, they appear in a trailing "Note: slugs not found: ..." line; the comparison still returns for the ones found. Examples: - Three search engines: {slugs: ["meilisearch-oss", "algolia", "elasticsearch-oss"]} - Two ORMs: {slugs: ["drizzle-orm", "prisma"]} - Three auth providers: {slugs: ["auth0", "clerk", "keycloak"]} - Hosted vs self-hosted for the same vendor: {slugs: ["redis-cloud", "redis-oss"]} — shows deployment trade-off - Postgres engine vs hosted offerings: {slugs: ["postgresql", "supabase-cloud", "cockroachdb-cloud"]} Edge cases: - Cross-category comparisons (e.g., {slugs: ["auth0", "redis-cloud"]}) are allowed but rarely useful. Same-category comparisons answer "which should I pick?" better; cross-category answers "these coexist in my stack" — a compatibility question. - Minimum 2 slugs, maximum 3. Four or more is a validation error; for more, run pairs. - Invalid or unknown slugs are listed under "slugs not found"; the partial comparison returns for valid ones. - Duplicate slugs in the array are deduplicated. - A few tools are single entries (no -cloud/-oss split): stripe, auth0, firebase, twilio, openai-api, pinecone, algolia. Don't pass "stripe-cloud" — it doesn't exist. Risk: read-only, closed-world, idempotent — no state change possible.
    Connector
  • Find cross-provider equivalents for a diagram node by infrastructure role. Given a node name (e.g. 'EC2', 'Lambda', 'ComputeEngine'), returns the infrastructure role category it belongs to and the equivalent nodes from other providers. If a node name is ambiguous, use list_categories to see all mapped roles and pick a provider-specific node name. Args: node: Node class name to look up (case-insensitive, e.g. 'EC2', 'lambda'). target_provider: Optional provider to filter equivalents to (e.g. 'gcp', 'azure', 'aws'). If omitted, all equivalents across all other providers are returned. Returns: A dict with keys: category (str): Infrastructure role category name. description (str): Human-readable description of the category. source (dict): The matched node with keys node, provider, service, import. equivalents (list[dict]): Equivalent nodes, each with keys node, provider, service, import.
    Connector
  • INSPECTION: Inspect GCP infrastructure for a deployed project ⚠️ **PREREQUISITE**: This tool requires a prior deployment ATTEMPT (successful or failed). Check convostatus for hasDeployAttempt=true before calling. Works even after failed deploys to inspect orphaned resources. Inspect deployed GCP resources after a deployment attempt. Use this tool when the user asks about the status or details of their deployed GCP infrastructure. It fetches temporary read-only credentials securely and queries the GCP API directly. RESPONSE TIERS (default is summary for token efficiency): - Summary (default): Key fields only (~500 tokens). Set detail=false, raw=false or omit both. - Detail: Full metadata for a specific resource. Set detail=true + resource filter. - Raw: Complete unprocessed API response. Set raw=true. REQUIRES: session_id from convoopen response (format: sess_v2_...). Supported services: apigateway, bastion, billing, certificatemanager, cloudarmor, cloudbuild, cloudcdn, clouddeploy, clouddns, cloudfunctions, cloudkms, cloudlogging, cloudmonitoring, cloudrun, cloudsql, compute, firestore, gcs, gke, iam, identityplatform, loadbalancer, memorystore, pubsub, secretmanager, vertexai, vpc For a specific service's actions, call with action="list-actions". METRICS: Use list-metrics to see available Cloud Monitoring metrics for any service (no credentials needed — progressive disclosure). Use get-metrics to retrieve time-series data. Optional filters JSON: {"hours":6,"period":300}. Label breakdowns: Cloud Functions (by status), Load Balancer/API Gateway (by response_code_class), Cloud CDN (by cache_result). Secret Manager get-metrics returns operational health (version count, replication, create time) — no time-series. Bastion is an alias for Compute Engine metrics (SSH connection count not available as a GCP metric). BILLING: Use service=billing to inspect GCP billing. Actions: get-billing-info (check if billing enabled, which billing account), get-budgets (list budget alerts for the project — auto-fetches billing account). Requires roles/billing.viewer IAM role. Required IAM roles: Monitoring Viewer (roles/monitoring.viewer) for metrics, Secret Manager Viewer (roles/secretmanager.viewer) for secret health, Billing Viewer (roles/billing.viewer) for billing. EXAMPLES: - gcpinspect(session_id=..., service="compute", action="list-instances") - gcpinspect(session_id=..., service="gke", action="list-clusters") - gcpinspect(session_id=..., service="cloudsql", action="get-metrics", filters="{\"hours\":6}") - gcpinspect(session_id=..., service="billing", action="get-billing-info")
    Connector
  • DRIFT CHECK: Run a read-only drift detection check Checks whether deployed infrastructure has drifted from the expected Terraform state. This is a read-only operation — it does NOT modify any infrastructure. Returns job_id. Use tflogs to stream the drift check results. SINGLE-FLIGHT: only one TF job per session at a time. If another job is already in flight, tfdrift returns tf_job_conflict with the live job_id — attach with tfstatus/tflogs, or pass force_new=true to override. REQUIRES: session_id from convoopen response (format: sess_v2_...). PREREQUISITE: The session must have a prior deployment with a project_id. OPTIONAL: force_new (boolean, default false) - bypass the single-flight guard. Use only when the existing run is provably wedged. If drift is detected, the user can either fix the drift or use tfdeploy(ignore_drift=true) to proceed.
    Connector
  • WORKFLOW: Step 3 of 4 - Generate Terraform files from completed design Generate Terraform files from an InsideOut session that has completed infrastructure design. ⚠️ PREREQUISITE: Only call this AFTER convoreply returns with `terraform_ready=true` in the response metadata. DO NOT call this while convoreply is still running or before terraform_ready is confirmed! If you get 'session has not reached terraform-ready state', wait for convoreply to complete first. 🎯 USE THIS TOOL WHEN: convoreply has returned with terraform_ready=true, OR the user asks to 'see the terraforms', 'generate terraform', 'show me the code', etc. **DEFAULT RESPONSE**: Returns summary table + download URL (keeps code out of LLM context). **FALLBACK**: Set `include_code: true` to get full code inline if curl/unzip fails. **CRITICAL WORKFLOW** (default mode): 1. Call this tool to get file summary and download URL 2. ASK the user: 'Where would you like me to save the Terraform files? Default: ./insideout-infra/' 3. WAIT for user confirmation before running the download command 4. Run the curl/unzip command with the user's chosen directory 5. If curl/unzip FAILS (sandbox, security, platform issues), retry with `include_code: true` **AFTER GENERATION**: Ask user if they want to review the files and then deploy with tfdeploy REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: include_code (boolean) - set true to return full code inline as fallback. 💡 TIP: Examine workflow.usage prompt for more context on how to properly use these tools.
    Connector
  • Find a creator by name/handle, while preserving legacy semantic creator search. Use this as the default creator lookup tool when the user gives a creator-ish string but not a canonical creator UUID: a handle, partial handle, display name, creator name, or profile-ish text. This is cheap, fast, and backed by the creator lookup index. If the user gives an exact handle on a specific platform (for example "@niickjackson on Instagram"), prefer `get_profile` first because it returns the full platform profile. If you need to resolve a rough creator name or partial handle first, use this tool with `query_type: "creator_lookup"`. For backward compatibility, this tool still accepts the old semantic-search fields (`platforms`, follower/engagement filters, `creator_kinds`) and routes legacy calls to the semantic endpoint unless the query clearly contains a handle/profile URL. For new topical/niche discovery calls such as "fitness creators in NYC" or "vegan recipe creators with high engagement", prefer `semantic_search_creators` because its name is explicit and less likely to be confused with exact creator lookup. Examples: - User: "Find @cris" -> use this tool with query "cris" and query_type "creator_lookup". - User: "Who is that fitness coach called Jane?" -> use this tool with query "Jane" and query_type "creator_lookup". - User: "Pull @niickjackson on Instagram" -> use `get_profile` with platform "instagram" and username "niickjackson". - User: "Find news creators with 1M+ followers" -> use `semantic_search_creators`, not this tool. Returns either autocomplete-style creator lookup results or legacy semantic results, depending on routing. Use returned creator IDs with `get_creator`, `find_lookalike_creators`, or `match_creators`; use returned platform usernames with `get_profile` or `get_posts`.
    Connector
  • Hand a natural-language prompt to the FreeAppStore VibeCode AGENT — the platform's own AI writes the code AND deploys it. This is different from create_app/update_files (where the CALLING model writes the code): here you just prompt, and the platform builds. Uses your stored AI key (provider must be in your vault). Long-running; it builds in the background. Returns the session_id — poll agent_status to watch it and get the live URL. Tip: include the app id in your prompt, e.g. 'Build a dice roller and deploy it as dice-roller'.
    Connector
  • Sign up for a brand-new sota.io account from inside Claude — no browser, no copy-paste. Two-step flow: STEP 1: Call with just `email`. We send a 6-digit confirmation code to that email. STEP 2: Call again with `email` + `code`. We verify, create the account on the Free tier (3 projects, EU-hosted, no credit card), generate a sota.io API key, and return it to you. After Step 2 you'll get back a key like `sota_…`. **Save it in a safe place** — you'll need it for any subsequent sota.io tool call in Claude (or you can use it with the sota CLI). It is shown ONCE and never recoverable. sota.io is an EU-native PaaS hosted in Germany — GDPR-compliant by default, no CLOUD Act exposure. Disposable / throwaway email addresses are not accepted; use a real address.
    Connector
  • Wait for a platform agent task to complete and return its result. Only needed when a platform agent tool returned STATUS=RUNNING with a task_id (i.e. the task was still running after the initial 50s inline wait). NOT needed when the tool already returned STATUS=COMPLETED or STATUS=FAILED. NOT needed for a2a_call_agent — that always returns directly. Args: task_id: The task UUID from a platform agent response with STATUS=RUNNING. max_wait_seconds: Max seconds to wait (default 45, max 300).
    Connector