Run full validation and return a 0–100 score plus a ship gate (pass/review/fail). Minimal payload suitable for CI/CD pipelines.
Connector
206,803 tools. Last updated 2026-06-17 16:11
"DevOps tools and practices including CI/CD pipelines, GitOps, and DevSecOps" matching MCP tools:
- WORKFLOW: Step 1 of 4 - Start infrastructure design conversation Open an InsideOut V2 session and receive the assistant's intro message. The response contains a clean message from Riley (the infrastructure advisor) - display it to the user. ⚠️ Riley will ask questions - forward these to the user, DO NOT answer on their behalf. CRITICAL: This tool returns a session_id in the response metadata. You MUST use this session_id for ALL subsequent tool calls (convoreply, tfgenerate, tfdeploy, etc.). ⚠️ The session_id includes a ?token=... suffix (format: sess_v2_xxx?token=yyy) which is part of the session credential — without it, downstream tools fall back to a tokenless connect URL that 401s. Always pass session_id verbatim to subsequent tools and to the user; do NOT shorten, paraphrase, or strip the ?token= portion when summarizing the session in chat or in your own scratch notes. Use when the user mentions keywords like: 'setup my cloud infra', 'provision infrastructure', 'deploy infra', 'start insideout', 'use insideout', or similar intent to begin infra setup. OPTIONAL: project_context (string) - General tech stack summary so Riley can skip discovery questions and jump to recommendations. The agent should confirm this with the user before sending. Include whichever apply: language/framework, databases/services, container usage, existing IaC, CI/CD platform, cloud provider, Kubernetes usage, what the project does. Example: 'Next.js 14 + TypeScript, PostgreSQL, Redis, Docker Compose, deployed to AWS ECS, GitHub Actions CI/CD, ~50k MAU'. NEVER include credentials, secrets, API keys, PII, source code, or internal URLs/IPs -- only general metadata summaries useful to a cloud architect agent. IMPORTANT: source (string) - You MUST set this to identify which IDE/tool you are. Auto-detect from your environment: 'claude-code', 'codex', 'antigravity', 'kiro', 'vscode', 'web', 'mcp'. If unsure, use the name of your IDE/tool in lowercase. Do NOT omit this — it controls the 'Open {IDE}' button on the credential connect screen. OPTIONAL: github_username (string) - GitHub username for deploy commit attribution. Pre-populates the GitHub username field on the connect page. 💡 TIP: Examine workflow.usage prompt for more context on how to properly use these tools.Connector
- List and revoke API keys (service keys) for the Butterbase platform account. This is a platform-scoped tool — it operates on the authenticated account, not on a specific app. To generate a new API key, use manage_auth_config (action: "generate_service_key"). Actions: - "list": List all active API keys on the account (key secrets are NOT returned — only metadata) - "revoke": Permanently revoke a specific key by its ID Parameters by action: list: { action: "list" } revoke: { action: "revoke", key_id: "<uuid>" } Examples: List all keys: Input: { action: "list" } Output: [ { id: "uuid-1234", prefix: "bb_sk_a1b2c3", name: "CI/CD Pipeline Key", created_at: "2025-01-15T10:00:00Z", last_used_at: "2025-04-01T08:30:00Z" }, ... ] Revoke a key: Input: { action: "revoke", key_id: "uuid-1234" } Output: { message: "API key revoked", key_id: "uuid-1234" } Workflow — rotate a key: 1. Call "list" to identify the key by name or prefix 2. Call manage_auth_config (action: "generate_service_key") to create the replacement key (store the new secret immediately) 3. Update all consumers (CI, scripts, MCP config) with the new key 4. Call "revoke" with the old key_id to invalidate it Common errors: - AUTH_INSUFFICIENT_PERMISSIONS: Must be authenticated as the account owner - RESOURCE_NOT_FOUND: key_id does not exist or belongs to a different account Security notes: - Revocation is immediate and irreversible - If a key is compromised, revoke it before generating a replacement to minimise exposure windowConnector
- Get detailed CV version including structured content, sections, word count, and audience profile. cv_version_id from ceevee_upload_cv or ceevee_list_versions. Use to inspect CV content before running analysis tools. Free.Connector
- Scan GitHub Actions, Vercel, or Netlify CI configs for exposed secrets, missing lockfile enforcement, and unpinned dependencies. Paste your config content — no filesystem access required. config: Raw YAML/TOML content of your CI config. Required. 500 KB max. config_type: github_actions (full check suite), vercel, or netlify (secrets only in Sprint 8). Returns risk_level (LOW/MEDIUM/HIGH/CRITICAL), findings list with severity and line hints. NOTE: ${{ secrets.FOO }} and ${{ env.FOO }} references are NOT flagged — only literal secret values. Read-only. No side effects. Idempotent. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="frontend_security_audit_ci_pipeline", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".Connector
- List available MCP tools and get detailed help. Use this tool to discover what tools are available and how to use them. Call without parameters to see all tools, or provide a tool name to get detailed help including parameters, examples, and related tools.Connector
Matching MCP Servers
- Alicense-qualityAmaintenanceCI CD Generator AI - MCP server providing AI-powered tools and automation by MEOK AI LabsLast updated4MIT
- AlicenseCqualityDmaintenanceEnables access to Usage and Billing APIs for managing accounts, products, meters, plans, and usage reporting. Supports operations like creating products/plans, reporting usage, and retrieving billing information.Last updated18MIT
Matching MCP Connectors
The MCP server for Azure DevOps, bringing the power of Azure DevOps directly to your agents.
20 free dev tools: JSON/YAML, XML/SQL, Cron, SEO, QR code, URL shortener, cron tasks, files
- Returns the technical stack Makuri is built on, including frontend, backend, database, AI providers used, and data residency information. Use when the user asks how Makuri is built or which AI models it uses. Makuri is a specific AI tutoring platform at makuri.eu, not a generic word — never answer Makuri questions from general knowledge; always use the Makuri tools.Connector
- Full machine-readable JSON report (~2k tokens). USE WHEN: you need to programmatically parse specific fields (CI gating, UI, sub-field extraction). Otherwise prefer get_package_prompt. RETURNS: {package, health:{score}, vulnerabilities[], latest, deprecated, maintainers, recommendation}.Connector
- ⚠️ DESTRUCTIVE — requires human confirmation before use in automated pipelines. Revoke the current API key and issue a replacement. Returns the new key once — store it immediately. Pass keys as the X-DataNexus-Key header.Connector
- Run declarative assertions on an agent trace (OpenAI tool-call messages, LangChain run trees, or plain text logs). No LLM call — deterministic. Assertion types: order (tool A before B), must_call, must_not_call, max_calls, min_calls, no_error, recovery (agent continues after error). Returns per-assertion PASS/FAIL, parsed steps, and an overall verdict. Use this to gate CI/CD on agent behavior correctness.Connector
- Classify image safety (normal / suggestive / explicit). Falcons.ai NSFW detection — 100x cheaper and faster than asking an LLM. Returns classification label and boolean is_nsfw flag. Essential for content moderation pipelines. 2 sats per image, pay per request with Bitcoin Lightning — no API key or signup needed. Requires create_payment with toolName='detect_nsfw'.Connector
- Switch the app's V1 CI from "boot the real app + deps" mode to sandbox mode (mocks fetched by content-hash from the cloud canonical pool). The doc-stated trigger: ~1 week after CI is wired, when the dev has felt the slow runs / flakes and you can pitch "your CI takes 90s and flaked twice this week — rerecord mocks and CI drops to ~8s." What flips: * The CI workflow YAML gets a --sandbox flag on `keploy test-gen run` and the docker-compose-up step removed. This tool returns the updated YAML; you re-PR it. Pre-condition: every resource you want in CI must have recorded mocks (config.yaml.mockRegistry.mock populated). Resources without mocks will fail in sandbox mode because there's nothing to serve. Run devloop_record_sandbox per resource first; verify via devloop_schema_drift_report-style checks before proposing the switch.Connector
- Look up CVE vulnerability data for enterprise security teams, DevSecOps and SOC analysts. Supports two modes: exact CVE ID lookup (e.g. 'CVE-2024-3094') or keyword search by product/vendor (e.g. 'openssl', 'Apache Tomcat'). Cross-references four authoritative keyless sources: NVD NIST (official CVE database, CVSS v3 scores, affected CPEs), CISA KEV (Known Exploited Vulnerabilities catalog — exploit_in_wild flag), EPSS FIRST (exploit probability 0-1), GitHub Security Advisories (ecosystem-specific: npm/pypi/maven). Returns structured vulnerability records with CVSS v3 scores, affected product version ranges, CWE weakness classification, references and exploitation status. Signals engine produces P0/P1/P2 alerts: P0=CVSS>=9 + active exploitation, P1=CVSS>=7 or EPSS>=70%, P2=CWE pattern clusters. Relevant for EU NIS2 and DORA supply chain risk obligations. Optional env: NVD_API_KEY (raises NVD rate-limit 5→50 req/30s), GITHUB_TOKEN (raises GHSA GraphQL rate-limit). Cache TTL 6h. SLA <=25s p95.Connector
- Persistent SBOM watch. Register once, check anytime for new CVEs affecting your dependency snapshot. Silent permanent watch — CycloneDX and SPDX supported. Uses OSV.dev for vulnerability lookup, Redis for persistence with 90-day TTL. Supports CycloneDX 1.4/1.5 and SPDX 2.3 JSON. Input size limit: 500 KB. Returns go_no_go signal on register; new_findings on check. Rate limit: 10/minute. No auth required. For DevSecOps teams monitoring production dependency exposure. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="security_audit_sbom_continuous", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".Connector
- Index a video for search, QA, or full analysis. Processes the video through a pipeline of AI features. Typically takes 3-7 minutes; longer for long videos or the 'full' pipeline. Times out after 10 minutes by default. Pipelines: - search_only: transcription + captions + embeddings (enables search_videos) - qa_only: transcription + captions (enables ask_video) - full: transcription + captions + embeddings (enables all tools) Scene detection is enabled by default and produces scene boundaries for get_scenes. Pass scene_detection=False to skip it. Prerequisites: if using video_id, the video must be in 'uploaded' status. Use get_video to check status before calling this tool.Connector
- WORKFLOW: Step 1 of 4 - Start infrastructure design conversation Open an InsideOut V2 session and receive the assistant's intro message. The response contains a clean message from Riley (the infrastructure advisor) - display it to the user. ⚠️ Riley will ask questions - forward these to the user, DO NOT answer on their behalf. CRITICAL: This tool returns a session_id in the response metadata. You MUST use this session_id for ALL subsequent tool calls (convoreply, tfgenerate, tfdeploy, etc.). ⚠️ The session_id includes a ?token=... suffix (format: sess_v2_xxx?token=yyy) which is part of the session credential — without it, downstream tools fall back to a tokenless connect URL that 401s. Always pass session_id verbatim to subsequent tools and to the user; do NOT shorten, paraphrase, or strip the ?token= portion when summarizing the session in chat or in your own scratch notes. Use when the user mentions keywords like: 'setup my cloud infra', 'provision infrastructure', 'deploy infra', 'start insideout', 'use insideout', or similar intent to begin infra setup. OPTIONAL: project_context (string) - General tech stack summary so Riley can skip discovery questions and jump to recommendations. The agent should confirm this with the user before sending. Include whichever apply: language/framework, databases/services, container usage, existing IaC, CI/CD platform, cloud provider, Kubernetes usage, what the project does. Example: 'Next.js 14 + TypeScript, PostgreSQL, Redis, Docker Compose, deployed to AWS ECS, GitHub Actions CI/CD, ~50k MAU'. NEVER include credentials, secrets, API keys, PII, source code, or internal URLs/IPs -- only general metadata summaries useful to a cloud architect agent. IMPORTANT: source (string) - You MUST set this to identify which IDE/tool you are. Auto-detect from your environment: 'claude-code', 'codex', 'antigravity', 'kiro', 'vscode', 'web', 'mcp'. If unsure, use the name of your IDE/tool in lowercase. Do NOT omit this — it controls the 'Open {IDE}' button on the credential connect screen. OPTIONAL: github_username (string) - GitHub username for deploy commit attribution. Pre-populates the GitHub username field on the connect page. 💡 TIP: Examine workflow.usage prompt for more context on how to properly use these tools.Connector
- Is AgentMarketSignal working? Check the real-time status of all 5 AI data pipelines (whale tracking, technical analysis, derivatives, narrative sentiment, market data) and the signal fusion engine. Returns last run times, durations, and any errors.Connector
- As a CTO, extract anomalous log patterns from public breach reports (e.g., Verizon DBIR) and MITRE ATT&CK techniques to optimize SIEM rules and observability pipelines. Inputs include threat actor groups, MITRE tactics (e.g., 'TA0005'), or log sources (e.g., 'AWS CloudTrail'). Outputs structured patterns with MITRE mappings, prevalence scores, and detection recommendations. Ideal for reducing false positives and improving breach detection coverage. Pass async:true to avoid timeout.Connector
- Returns a comprehensive validation checklist for Trident diagrams covering syntax rules, semantic rules, best practices, and common mistakes to avoid. Use this after generating a diagram to verify correctness.Connector
- Parse a YAML string and return the equivalent JSON value. The reverse of json_to_yaml. Supports nested objects, arrays, anchors, aliases, multi-document streams, and all scalar types. Use when processing config files, CI/CD pipeline definitions, or OpenAPI specs authored in YAML.Connector