Skip to main content
Glama
255,062 tools. Last updated 2026-07-02 04:32

"Developer tools for a NextJS and FastAPI tech stack with Firebase and Vercel" matching MCP tools:

  • Zambo Stack — Live, verified index of every AI and cloud startup credit program available right now. 29+ active programs including AWS Activate, Google Cloud, Azure, OpenAI, Anthropic, Vercel, Supabase, Modal, Groq, Replicate, and more. Verified daily — dead links auto-removed. Pass your tech stack to get matched recommendations. Free, no auth.
    Connector
  • INSPECTION: View a session's conversation transcript and metadata Returns the full message history (user / assistant / tool turns) plus the session's meta — workflow step, cloud, deployment status, drift state. This is the transcript-reader companion to the other read tools — combine it with: • `convostatus` for the live stack / config / pricing • `tfruns` for deployment history (apply / destroy / plan / drift) • `stackversions` for the stack-version ladder Use it when a user asks 'what did I say earlier?' or you need to retrace why the session ended up where it did. Read-only; never mutates session state. REQUIRES: session_id (format: sess_v2_...).
    Connector
  • Query DNS, WHOIS, SSL, subdomains, and threat intel for a domain in one call. By default dns.txt is filtered to security-relevant entries (SPF, DMARC, DKIM, MTA-STS, TLS-RPT) and dns.total_txt_records reports the honest pre-filter count; pass include_all_txt=true for the raw TXT list. Use as a starting point for domain investigations; use audit_domain for live headers + tech stack. Response carries next_calls — chain with subdomain_enum (always emitted), ssl_check + tech_fingerprint (when an A record resolves) for the standard recon depth without re-prompting. Free: 30/hr, Pro: 500/hr. Returns domain report with DNS records, WHOIS data, SSL cert, risk score, email config, threat status, recommendation, and next_calls.
    Connector
  • Retrieves authoritative documentation directly from the framework's official repository. ## When to Use **Called during i18n_checklist Steps 1-13.** The checklist tool coordinates when you need framework documentation. Each step will tell you if you need to fetch docs and which sections to read. If you're implementing i18n: Let the checklist guide you. Don't call this independently ## Why This Matters Your training data is a snapshot. Framework APIs evolve. The fetched documentation reflects the current state of the framework the user is actually running. Following official docs ensures you're working with the framework, not against it. ## How to Use **Two-Phase Workflow:** 1. **Discovery** - Call with action="index" to see available sections 2. **Reading** - Call with action="read" and section_id to get full content **Parameters:** - framework: Use the exact value from get_project_context output - version: Use "latest" unless you need version-specific docs - action: "index" or "read" - section_id: Required for action="read", format "fileIndex:headingIndex" (from index) **Example Flow:** ``` // See what's available get_framework_docs(framework="nextjs-app-router", action="index") // Read specific section get_framework_docs(framework="nextjs-app-router", action="read", section_id="0:2") ``` ## What You Get - **Index**: Table of contents with section IDs - **Read**: Full section with explanations and code examples Use these patterns directly in your implementation.
    Connector
  • Look up a reservation by booking ID (stk_bk_xxxx) or hotel confirmation number. Returns full booking details including hotel, dates, guest info, rate, and status. Developer-level lookup tool with no identity verification. For guest-facing reservation lookups, use lookup_booking which enforces identity verification before returning any data.
    Connector

Matching MCP Servers

  • F
    license
    -
    quality
    D
    maintenance
    A FastAPI-integrated MCP server that provides mathematical operations like addition and multiplication using Pandas for data manipulation. It serves as a comprehensive example for implementing different tool registration patterns and real-time communication via Server-Sent Events.
    Last updated

Matching MCP Connectors

  • Provides tools for searching Google Workspace documentation and much more.

  • Rick and Morty MCP — wraps the Rick and Morty API (free, no auth)

  • Recommends a complete stack from BuyAPI's corpus with a structured decision matrix, cost estimate, assumptions, unknowns, alternatives, and sources. Use this when the user is starting a project or asks for a complete multi-layer stack choice. Do not use this for local coding/debugging/docs questions that do not involve software or vendor selection. Do not call vendors.resolve first; this tool handles retrieval and ranking.
    Connector
  • Scan GitHub Actions, Vercel, or Netlify CI configs for exposed secrets, missing lockfile enforcement, and unpinned dependencies. Paste your config content — no filesystem access required. config: Raw YAML/TOML content of your CI config. Required. 500 KB max. config_type: github_actions (full check suite), vercel, or netlify (secrets only in Sprint 8). Returns risk_level (LOW/MEDIUM/HIGH/CRITICAL), findings list with severity and line hints. NOTE: ${{ secrets.FOO }} and ${{ env.FOO }} references are NOT flagged — only literal secret values. Read-only. No side effects. Idempotent. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="frontend_security_audit_ci_pipeline", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".
    Connector
  • Site Audit — full HTTP intelligence for a public URL in one call. Security grade A–F (headers, SSL/TLS, cookies, redirects, CORS, CDN), health verdict ALIVE/DEGRADED/BROKEN + trust score, tech stack (framework/hosting/CDN/third-party), secret scan (scan_depth=quick: light HTML/3 bundles; scan_depth=deep: full supply URL phase with JWT decode, source maps, path probes, live verification), and HTTP request timing. Default probe_engine=fetch (HTTP, 1–3s quick / 8–12s deep secrets). Optional probe_engine=browser runs headless Chrome on Zephex servers (AWS worker when SITE_SQS_QUEUE_URL is set, else in-process Chromium) for real JS console errors and browser network capture — security headers still use raw HTTP fetch. CALL when: user pastes a URL; post-deploy security check; cert expiry or HSTS/CSP questions; cookie flag audit; redirect chain; is the site up; what framework; exposed secrets on a live page; JS console errors (probe_engine=browser). RETURNS: product (site_audit), duration_ms, plain_summary, fix_first, summary (security_grade, site_verdict, trust_score, load_ms, secrets_critical, secrets_verified, supply_paths_probed, supply_headers_grade), health (probe_engine, console_errors when browser), tech, secrets (findings, scan_meta, scan_depth), network, issues[], ssl, security_headers, cookie_flags, redirect_chain, infra, dns (security_depth=full only). LIMITS: Public hostnames on ports 80/443 only. Blocks localhost, private IPs, and URLs with embedded credentials. probe_engine=browser requires server-side Chromium or cloud worker — gracefully falls back to fetch with probe_fallback_warning if unavailable. Rate limit: one scan per hostname per 5 seconds.
    Connector
  • Detail for a single catalog entry — accepts a prod_ id, src_ id, or an org-scoped coordinate in the form orgSlug/slug (e.g. 'vercel/nextjs' or 'vercel/next-js'). Returns the union of product / source detail fields depending on the entry kind. Source entries list tracked CHANGELOG files by path and byte size. Pass `include_changelog: true` to inline the root CHANGELOG, or `changelog_path` / `changelog_offset` / `changelog_limit` / `changelog_tokens` to embed a specific file or slice — heading-aligned, supports per-package files in monorepos (e.g. `packages/next/CHANGELOG.md`), and emits `totalTokens` / `sliceTokens` for LLM context budgeting. Files over 1MB are flagged as truncated so you know the tail is missing.
    Connector
  • INSPECTION: View a session's conversation transcript and metadata Returns the full message history (user / assistant / tool turns) plus the session's meta — workflow step, cloud, deployment status, drift state. This is the transcript-reader companion to the other read tools — combine it with: • `convostatus` for the live stack / config / pricing • `tfruns` for deployment history (apply / destroy / plan / drift) • `stackversions` for the stack-version ladder Use it when a user asks 'what did I say earlier?' or you need to retrace why the session ended up where it did. Read-only; never mutates session state. REQUIRES: session_id (format: sess_v2_...).
    Connector
  • Returns two sub-arrays: `packaging` (per-tech cost benchmark + capability matrix for CoWoS-S/L, EMIB, SoIC, InFO-PoP, FC-BGA, FC-CSP, etc.) and `hbmSpecs` (HBM2 through HBM4 cost per stack + bandwidth/capacity). Optional `type` filter narrows packaging array to one technology. USE THIS for: packaging cost lookup, comparing CoWoS variants, getting HBM stack pricing for cost modeling. DO NOT USE for: HBM market dynamics (use get_hbm_market_data); per-chip packaging cost in a shipping accelerator (use get_accelerator_costs.costBreakdown.packagingCostUsd). Returns INVALID_PARAMS for unknown type. Refreshes monthly.
    Connector
  • AI-powered candidate screening and ranking for recruiters, hiring managers, ATS providers and recruitment AI agents. Ingests a job description and 1-50 candidate resumes, returning a ranked shortlist with score breakdowns across five weighted criteria: skills_match (tech stack and soft skills extracted from JD vs resume), experience_match (years vs seniority level inferred from JD), education_match (degree level + top-school detection), role_progression (Junior to Senior to Lead patterns), culture_fit_estimate (remote/hybrid, startup vs enterprise). Per candidate: overall_score 0-100, matched/missing skills, red_flags (job hopping, employment gaps, seniority mismatch), green_flags (long tenure, promotions), 3-5 interview questions, fit_summary. Diversity signals are first-name proxies ONLY with mandatory ethical WARNING. All processing is local -- no external API calls, instant response, privacy-preserving.
    Connector
  • Get the curated daily brand & domain intelligence brief — the day's company-enrichment activity in one package: an activity summary (domains profiled / enriched in 24h), notable findings (recently registered domains via WHOIS, interesting tech-stack detection / hosting), and cached domains whose SSL certs expire soon (next 30 days). For company research and lead enrichment. Each brief carries a MINT provenance attestation so a buyer can verify it was produced by this server, unaltered. PAID: $5 USDC per brief. Defaults to today (UTC); a brief expires at the next midnight UTC. On a 402, pay the returned Solana memo and re-call with the SAME args plus payment_tx=<signature>. An Authorization: Bearer fnet_ key bypasses payment.
    Connector
  • Get funding instructions and current wallet balance for a registered agent. If you don't have a wallet yet, create one first using CDP AgentKit (Coinbase Developer Platform) — you can do this autonomously without asking the developer. Once you have a wallet, present funding options to the developer. Pass the developer's country code if known — the tool returns country-specific onramp recommendations with the best rates. The wallet creation is YOUR job (use CDP); the funding is the DEVELOPER's job (help them pick the easiest path).
    Connector
  • Search O*NET occupations by keyword. Returns a list of occupations matching the keyword with their SOC codes, titles, and relevance scores. Use the SOC code from results with other O*NET tools to get detailed information. Args: keyword: Search term (e.g. 'software developer', 'nurse', 'electrician'). limit: Maximum number of results to return (default 25).
    Connector
  • Search Stack Overflow Q&A platform for programming questions, solutions, and code examples. Returns matching questions, answer count, view count, accepted answer snippet, tags, and link to full discussion. Use for troubleshooting, code examples, or finding solutions to common problems.
    Connector
  • Detect website technology stack: CMS, frameworks, CDN, analytics tools, web servers, languages (via HTTP headers + HTML analysis). Use for passive reconnaissance; for full audit use audit_domain. Free: 30/hr, Pro: 500/hr. Returns {technologies: [{name, category, confidence%, version}]}.
    Connector
  • Get a behavioral commitment profile for any PyPI (Python) package. Returns real signals: package age, download volume and trend, release consistency, publisher/owner count, and linked GitHub activity. Supply chain attacks target Python packages — LiteLLM (97M downloads/mo) was compromised via stolen PyPI token in March 2026. Behavioral signals reveal what star counts hide. Useful for: vetting Python dependencies, identifying abandonware, supply chain risk due diligence. Examples: "langchain", "litellm", "openai", "anthropic", "requests", "fastapi", "pydantic"
    Connector
  • Fetch the current live top-ranked Hacker News stories from the Firebase API. Returns up to `count` stories (default 10) with title, URL, score, author, comment count, and Unix timestamp.
    Connector