Search documentation using semantic or keyword search. Supports Tiger Cloud (TimescaleDB), PostgreSQL, and PostGIS.

Latest breaking/developing stories — combines trending searches + top headlines.

Validates an email address using the DEVA API.

Atomically rotate an API key. Old key is immediately invalidated. Creates a new key with the same name, scopes, and rate limits. The new key is returned once — store it immediately. Requires: API key with write scope. Args: key_id: UUID of the API key to rotate (get from whoami()) Returns: {"api_key": "bh_...", "key_id": "uuid", "prefix": "bh_...", "scopes": ["read", "write"], "message": "Key rotated. Store securely."} Note: The old key stops working immediately. Update BOREALHOST_API_KEY right away.

Returns the current Strale wallet balance. Call this before executing paid capabilities to verify sufficient funds, or after a series of calls to reconcile spend. Returns balance in EUR cents (integer) and formatted EUR string. Requires an API key — returns an auth instruction if none is configured.

Register a new agent account and get an API key. No authentication needed. The returned API key grants read+write access to all BorealHost API endpoints. Store it securely — it cannot be retrieved again. The key is automatically activated for this session — all subsequent tool calls will use it. No extra configuration needed. If no email is provided, a synthetic agent identity is created (agent-{uuid}@api.borealhost.ai). If an email is provided, it links to an existing or new human account. Args: name: Human-readable name for this API key (default: "Agent Key") email: Optional email to link to a human account Returns: {"api_key": "bh_...", "key_id": "uuid", "prefix": "bh_...", "scopes": ["read", "write"], "account_id": "uuid", "message": "Store this API key securely..."} Errors: RATE_LIMITED: Max 5 registrations per IP per hour VALIDATION_ERROR: Invalid email format

Claim an API key using a claim token from the container. After calling request_api_key(), read the claim token from ~/.borealhost/.claim_token on your container and pass it here. The token is single-use — once claimed, it cannot be used again. The API key is automatically activated for this MCP session. Args: claim_token: The claim token string read from the container file Returns: {"api_key": "bh_...", "key_prefix": "bh_...", "site_slug": "my-site", "scopes": ["read", "write"], "message": "API key created and activated..."} Errors: VALIDATION_ERROR: Invalid, expired, or already-claimed token

Authenticate with your saved API key. Read your key from ~/.agents-overflow-key and pass it here. Call this at the START of every session before using any other tools.

Complete Disco signup using an email verification code. Call this after discovery_signup returns {"status": "verification_required"}. The user receives a 6-digit code by email — pass it here along with the same email address used in discovery_signup. Returns an API key on success. Args: email: Email address used in the discovery_signup call. code: 6-digit verification code from the email.

Search the regulatory corpus using keyword / trigram matching. Uses PostgreSQL trigram similarity on document titles and summaries. Returns documents ranked by relevance with summaries and classification tags. Prefer list_documents with filters (regulation, entity_type, source) first. Only use this for free-text keyword search when structured filters aren't sufficient. Args: query: Search terms (e.g. 'strong customer authentication', 'ICT risk', 'AML reporting'). per_page: Number of results (default 20, max 100).

Set your BorealHost API key for this session. Call this if you already have an API key (from a previous registration, checkout completion, or the BorealHost panel). All subsequent tool calls will use this key for authentication. No need to call this after register() — the key is set automatically. Args: api_key: Your BorealHost API key (format: bh_<48 hex chars>) Returns: {"success": true, "message": "API key set for this session", "key_prefix": "bh_..."}

Register as an agent to get an API key for authenticated submissions. Registration is open — no approval required. Returns an API key that authenticates your proposals and tracks your contribution history. IMPORTANT: Save the returned api_key immediately. It is shown only once and cannot be retrieved again. Args: agent_name: A name identifying this agent instance (2-100 chars) model: The model ID (e.g., "claude-opus-4-6", "gpt-4o")

Create a Disco account and get an API key. Provide an email address to start the signup flow. If email verification is required, returns {"status": "verification_required"} — the user will receive a 6-digit code by email, then call discovery_signup_verify to complete signup and receive the API key. The free tier (10 credits/month, unlimited public runs) is active immediately. No authentication required. Returns 409 if the email is already registered. Args: email: Email address for the new account. name: Display name (optional — defaults to email local part).

Retrieve the full SEC IAPD profile for one individual investment advisor representative using their CRD number. Returns complete registration history, exam qualifications, employment history, and any disclosures. Use this tool when: - You have a CRD (from SearchIAPDIndividual) and need the full profile - You need an advisor's complete Form ADV Part 2B equivalent data - You are performing deep due diligence on an individual IAR Source: SEC IAPD public API (api.adviserinfo.sec.gov). No API key required.

Retrieve the full GLEIF LEI record for one legal entity using its 20-character LEI code. Returns legal name, registration status, legal address, headquarters address, managing LOU, and renewal dates. Use this tool when: - You have a LEI (from SearchLEI) and need full entity details - You want to verify the registration status and renewal date - You need the exact legal address and jurisdiction of an entity Source: GLEIF API (api.gleif.org). No API key required.

Resend the email verification link for an existing Unphurl account. Use this when a user signed up but their verification link expired (links are valid for 24 hours) and they need a new one. The user's API key won't work until their email is verified. For security, the response is always the same regardless of whether the email exists, is already verified, or was rate limited. This prevents account enumeration. Rate limited to 3 requests per email per hour. This tool does not require an API key.

List every registered Trillboards API operation. WHEN TO USE: - First call in an agent session to learn what the API offers. - Filter to agent_safe=true to list only side-effect-free endpoints. - Narrow to a single surface (data-api, sdk-api, device-api, sensing-api, partner-api-generated, dsp-api-generated). RETURNS: - operations: Array of { surface, method, path, operation_id, summary, description, agent_safe, idempotent, cost_tier, tags, doc_url, example_request } - total_operations: Total count. - surfaces: Known surface identifiers. EXAMPLE: Agent: "What read-only endpoints can I call?" list_endpoints({ agent_safe: true })

Install an app template on a VPS/Cloud site. Starts a background installation. Poll get_app_status() for progress. Requires: API key with write scope. VPS or Cloud plan only. Args: slug: Site identifier template: App template slug. Available: django, laravel, nextjs, nodejs, nuxtjs, rails, static, forge app_name: Short name for the app (2-50 chars, lowercase alphanumeric + hyphens). Used as subdomain: {app_name}.{site_domain} db_type: Database type. "none", "mysql", or "postgresql" (depends on template) domain: Custom domain override (default: {app_name}.{site_domain}) display_name: Human-friendly name (default: derived from app_name) Returns: {"id": "uuid", "app_name": "forge", "status": "installing", "message": "Installation started. Poll for progress."} Errors: FORBIDDEN: Plan does not support apps (shared plans) VALIDATION_ERROR: Invalid template, app_name, or duplicate name

Register a new agent on Human Pages. Returns an API key (hp_...) that you MUST save — it cannot be retrieved later. The agent is auto-activated on PRO tier (free during launch): 15 job offers/day, 50 profile views/day. Use the API key as agent_key in create_job_offer, get_human_profile, and other authenticated tools. Typical first step before hiring.

Creates a visual edit session so the user can upload and manage images on their published page using a browser-based editor. Returns an edit URL to share with the user. When creating pages with images, use data-wpe-slot placeholder images instead of base64 — then create an edit session so the user can upload real images.

Classify image safety (normal / suggestive / explicit). Falcons.ai NSFW detection — 100x cheaper and faster than asking an LLM. Returns classification label and boolean is_nsfw flag. Essential for content moderation pipelines. 2 sats per image, pay per request with Bitcoin Lightning — no API key or signup needed. Requires create_payment with toolName='detect_nsfw'.

State Verifier — 3-Tier QA Coverage for SQUAD Products. SUMA Testing Manifesto (sealed April 13, 2026): 200 OK is not a test. It is a rumor. Every write operation must be followed by a database assertion. Every endpoint is a button. Every button must have a test. MODES: READ (default): Returns coverage report from testframe_reports DB. Classifies gaps by tier and severity. Identifies "shallow" tests (status-code-only, no DB assertion). GENERATE (mode="generate"): Uses OPTION C: SUMA graph (WHY/WHAT) + your code_context (HOW) Generates test scaffolds in 3 tiers: - Component: endpoint isolation, UI element presence - Technical: DB state verification after API calls (State Verifier pattern) - Functional: end-to-end business workflow with all-layer assertions Requires code_context (paste the relevant file/endpoint code). The 3-Tier taxonomy: component → Single endpoint or UI element in isolation technical → Database state AFTER API call (State Verifier) functional → Complete business workflow, all layers verified The gap severity taxonomy: missing → No test exists (CRITICAL) not_implemented → Planned but not written (HIGH) shallow → Test exists but only checks HTTP status, no DB assertion (HIGH) flaky → Non-deterministic (HIGH) skipped → Marked skip/todo (MEDIUM) dead_end → Tests a UI element that no longer exists (LOW, cleanup) Args: product: Product to query (e.g. "squad-suma-mcp", "squad-qms", "squad-ghostgate"). If omitted in READ mode, returns all products. area: Filter by test area (e.g. "auth", "ingest", "assign"). Optional. mode: "read" (default) or "generate" (AI test generation via Option C). tier_filter: Filter by test tier — "component", "technical", or "functional". If omitted, all tiers returned. decision_graph: Hierarchical Tech Questionnaire (REQUIRED for generate mode). Structure: { "platform": { "type": "web|android|ios|api|robotics", "framework": "React|Flutter|FastAPI|etc", "auth_mode": "GhostGate|GoogleSSO|JWT|none" }, "database": { "engine": "postgresql|sqlite|none", "orm": "prisma|sqlalchemy|none", "target_table": "table_name" } } code_context: Optional raw code string to test (UI components, API routes). ingest_snapshot: If True, saves coverage state as a K-WIL graph node. Returns (READ mode): overall_coverage_pct, products[], gaps_by_tier, shallow_tests, recommendation Returns (GENERATE mode): component_tests[], technical_tests[], functional_tests[], manifesto_violations[]

Create an ICME Preflight account with x402 USDC payment ($5.00 on Base). Returns an API key and 325 starting credits immediately. Save the api_key — it is shown only once. Use create_account_card instead if paying by credit card.

Repay debt to an Arcadia lending pool using tokens from the wallet (requires ERC20 allowance). To repay using account collateral instead (no wallet tokens needed), use write_account_deleverage. Check allowance first (read_wallet_allowances), then approve the pool if needed (write_wallet_approve). Check outstanding debt with read_account_info.

Audit a technology stack for exploitable vulnerabilities. Accepts a comma-separated list of technologies (max 5) and searches for critical/ high severity CVEs with public exploits for each one, sorted by EPSS exploitation probability. Use this when a user describes their infrastructure and wants to know what to patch first. Example: technologies='nginx, postgresql, node.js' returns a risk-sorted list of exploitable CVEs grouped by technology. Rate-limit cost: each technology requires up to 2 API calls; 5 technologies counts as up to 10 calls toward your rate limit.

Verify your API key and return your user ID. Use this to test authentication.

Book a session (Servicialo spec). Returns confirmation_credential (opaque token, valid 30 min) and booking_id. Use scheduling_confirm with the credential to finalize. Does NOT require an API key — uses requester identity (fullName + email or phone). Accepts optional submission context for audit trail.

Full-text search across recall reasons and product descriptions using PostgreSQL text search. Finds recalls mentioning specific terms (e.g. 'salmonella contamination', 'mislabeled', 'sterility'). Supports multi-word queries ranked by relevance. Filter by classification, product_type, or date range. Related: fda_search_enforcement (search by company name, classification, status), fda_recall_facility_trace (trace a recall to its manufacturing facility).

Call this first if you do not have an api_key for pii_scan. Register an email address and get a free PII Guard API key instantly — 10,000 requests/month, permanent free tier, no credit card required. The key can be used immediately. If the email already has a key, the existing key is returned (new_key: false).

Get a new API key for an existing Disco account. Sends a 6-digit verification code to the email address. Call discovery_login_verify with the code to receive a new API key. Use this when you need an API key for an account that already exists (e.g. the key was lost or this is a new agent session). Returns 404 if no account exists with this email — use discovery_signup instead. Args: email: Email address of the existing account.

Register your TRON address as an agent on agent.merx.exchange. Required ONCE before using request_payment, create_invoice, watch_address, agent_status, or any other agent payment tool. Pass the TRON address you want to use as the on-chain identity for this API key. Idempotent — calling twice with the same key returns the existing registration. Auth required (API key).

Upload an asset (image, font, PDF, etc). Provide either content (base64) OR source_url (public HTTPS URL) — not both. Using source_url is recommended for images from DALL-E, Unsplash, or other URLs — it saves tokens and is more reliable. Set overwrite: true to replace an existing asset.

Revoke (deactivate) an API key. The key stops working immediately. Requires: API key with write scope. Args: key_id: UUID of the key to revoke (from list_api_keys or whoami) Returns: {"success": true, "message": "API key revoked"} Errors: NOT_FOUND: Key not found or already revoked

Build an AccountPermissionUpdate transaction that grants the PowerSun platform permission to delegate/undelegate resources and optionally vote on your behalf. Returns an unsigned transaction that you must sign with your private key and then broadcast using broadcast_signed_permission_tx. All existing account permissions are preserved. Requires authentication.

Cancel a public booking using the bookingToken. Only works for bookings in pending_confirmation, scheduled, or confirmed status. Optionally include a reason. Does NOT require an API key. The booking token scopes access to a single booking.

Restore an authenticated session using a previously saved JWT token. Call this at the start of a new session before any other tools, using a token saved from a prior check_login call. If the token is invalid, fall back to login.

Check if the API is responding. Returns status and server timestamp.

Execute an integration action — e.g., send an email via Resend, create a payment via Mollie. The system resolves vault credentials server-side so you never handle API keys directly. The integration must be configured first via setup_integration (not needed for built-in integrations). Call get_integration_schema first to get the exact endpoint name and required input fields.

Enforce a guardrail: verify an agent action against a compiled policy using formal verification. An SMT solver — not an LLM — determines whether the action satisfies every rule. Returns SAT (allowed) or UNSAT (blocked) with extracted values and a cryptographic ZK proof that the check was performed correctly. Cannot be jailbroken. 1 credit ($0.01). Requires api_key. Tip: end the action with an explicit claim like 'I assert this complies with the policy' for best extraction.

Authenticate this MCP session with your BopMarket API key. Call this once before using cart, checkout, price watch, order, or listing tools. Read-only tools (search, get_product, batch_compare, get_categories) work without auth. Buyer keys: sk_buy_*. Seller keys: sk_sell_*.

Confirm a pending public booking using the confirmationToken returned by public_booking_create. Advances the booking from pending_confirmation to scheduled. The token expires after 30 minutes. Does NOT require an API key. Rate-limited.

Check if the discava API is online and responding. Returns status and version. No parameters required.

Complete payment using Stripe ACP (Shared Payment Token). Only use this if your platform supports Stripe Agentic Commerce Protocol and can provision an SPT. If your platform does NOT support ACP, use the `payment_url` from checkout_create instead, then poll checkout_status. Requires authentication.

Complete payment using Stripe ACP (Shared Payment Token). Only use this if your platform supports Stripe Agentic Commerce Protocol and can provision an SPT. If your platform does NOT support ACP, use the `payment_url` from checkout_create instead, then poll checkout_status. Requires authentication.

Check connectivity to the Indicate backend. Returns 'ok' if the server can reach the API, or an error message otherwise. Does not require authentication.

Search Secureship API documentation. Use when you need to find endpoints for a specific task (e.g. 'create a shipment', 'get rates', 'address book'). Returns matching endpoints with method, path, summary, and tags. Follow up with GetEndpointDetail to get full parameter schemas. IMPORTANT: Secureship API uses the X-API-KEY header for authentication (NOT Bearer token). Pass your API key as: X-API-KEY: your-api-key

Configure DataMerge API authentication (required before using other tools if DATAMERGE_API_KEY is not set).

Find alternatives to a brand using the knowledge graph, shared capabilities, and category matching. Each alternative includes WHY it's an alternative. Args: slug: The brand slug (e.g. "cursor", "salesforce"). limit: Max alternatives (default 10, max 20). Returns: Dict with source brand, alternatives list (each with reasons, shared capabilities, AI visibility score), and an alternatives_url.

Permanently deactivate an API key by its database ID. Requests using the revoked key are rejected immediately. Use this after rotating to a new key via create_api_key. You cannot revoke the key you are currently authenticating with in the same call — use a different active key. Requires: API key from register_agent.

Create a database user for a Cloud SQL instance. * This tool returns a long-running operation. Use the `get_operation` tool to poll its status until the operation completes. * When you use the `create_user` tool, specify the type of user: `CLOUD_IAM_USER` or `CLOUD_IAM_SERVICE_ACCOUNT`. * By default the newly created user is assigned the `cloudsqlsuperuser` role, unless you specify other database roles explicitly in the request. * You can use a newly created user with the `execute_sql` tool if the user is a currently logged in IAM user. The `execute_sql` tool executes the SQL statements using the privileges of the database user logged in using IAM database authentication. The `create_user` tool has the following limitations: * To create a built-in user with password, use the `password_secret_version` field to provide password using the Google Cloud Secret Manager. The value of `password_secret_version` should be the resource name of the secret version, like `projects/12345/locations/us-central1/secrets/my-password-secret/versions/1` or `projects/12345/locations/us-central1/secrets/my-password-secret/versions/latest`. The caller needs to have `secretmanager.secretVersions.access` permission on the secret version. This feature is available only to projects on an allowlist. * The `create_user` tool doesn't support creating a user for SQL Server. To create an IAM user in PostgreSQL: * The database username must be the IAM user's email address and all lowercase. For example, to create user for PostgreSQL IAM user `example-user@example.com`, you can use the following request: ``` { "name": "example-user@example.com", "type": "CLOUD_IAM_USER", "instance":"test-instance", "project": "test-project" } ``` The created database username for the IAM user is `example-user@example.com`. To create an IAM service account in PostgreSQL: * The database username must be created without the `.gserviceaccount.com` suffix even though the full email address for the account is`service-account-name@project-id.iam.gserviceaccount.com`. For example, to create an IAM service account for PostgreSQL you can use the following request format: ``` { "name": "test@test-project.iam", "type": "CLOUD_IAM_SERVICE_ACCOUNT", "instance": "test-instance", "project": "test-project" } ``` The created database username for the IAM service account is `test@test-project.iam`. To create an IAM user or IAM service account in MySQL: * When Cloud SQL for MySQL stores a username, it truncates the @ and the domain name from the user or service account's email address. For example, `example-user@example.com` becomes `example-user`. * For this reason, you can't add two IAM users or service accounts with the same username but different domain names to the same Cloud SQL instance. * For example, to create user for the MySQL IAM user `example-user@example.com`, use the following request: ``` { "name": "example-user@example.com", "type": "CLOUD_IAM_USER", "instance": "test-instance", "project": "test-project" } ``` The created database username for the IAM user is `example-user`. * For example, to create the MySQL IAM service account `service-account-name@project-id.iam.gserviceaccount.com`, use the following request: ``` { "name": "service-account-name@project-id.iam.gserviceaccount.com", "type": "CLOUD_IAM_SERVICE_ACCOUNT", "instance": "test-instance", "project": "test-project" } ``` The created database username for the IAM service account is `service-account-name`.

Call Wix apis on a business or site. Use this to create, read, update, and delete data and other Wix entities in your Wix site. **Prefer using the "ListWixSites" tool when the user asks to list or show their sites.** Only use this tool for site listing if the user needs advanced filtering or specific site details beyond what ListWixSites provides. For POST/PATCH/PUT requests, pass the request body as a JSON object or array in the "body" parameter with all the required fields and values as described in the API schema, code examples, or docs you retrieved (e.g. body: {"name": "value", "nested": {"key": "value"}} or body: [{"key": "value"}]). The API endpoint url param MUST ALWAYS be taken from the conversation context. By conversation context we mean the endpoint url was given in the user prompt OR got into the conversation context by the "WixREADME" tool OR by the "SearchWixRESTDocumentation" tool OR by the "BrowseWixRESTDocsMenu" tool OR by the "ReadFullDocsArticle" tool. Error Handling: If the error is related to missing installed app or "WDE0110: Wix Code not enabled", you should install the missing app **Note:** there is no need to check if an app is installed/ Wix Code enabled in advance, just call the API and handle the error if it occurs, the API error message will state it clearly. For any other error, use your default error handling mechanism Allowed API urls are: wix.com, dev.wix.com, manage.wix.com, editor.wix.com, wixapis.com Docs urls like https://dev.wix.com/docs/... are not api urls, if you want to read the docs, use the "ReadFullDocsArticle" tool <agent-mandatory-instructions> YOU MUST READ AND FOLLOW THE AGENT-MANDATORY-INSTRUCTIONS BELOW A FAILURE TO DO SO WILL RESULT IN ERRORS AND CRITICAL ISSUES. <goal> You are an agent that helps the user manage their Wix site. Your goal is to get the user's prompt/task and execute it by using the appropriate tools eventually calling the correct Wix APIs with the correct parameters until the task is completed. </goal> <guidelines> if the WixREADME tool is available to you, YOU MUST USE IT AT THE BEGINNING OF ANY CONVERSATION and then continue with calling the other tools and calling the Wix APIs until the task is completed. **Exception:** If the user asks to create, build, or generate a new Wix site/website, skip WixREADME and call WixSiteBuilder directly if it is available. **Exception:** If the user asks to list, show, or find their Wix sites, skip WixREADME and call ListWixSites directly. If the WixREADME tool is not available to you, you should use the other flows as described without using the WixREADME tool until the task is completed. If the user prompt / task is an instruction to do something in Wix, You should not tell the user what Docs to read or what API to call, your task is to do the work and complete the task in minimal steps and time with minimal back and forth with the user, unless absolutely necessary. </guidelines> <flow-description> Wix MCP Site Management Flows With WixREADME tool: - RECIPE BASED (PREFERRED!): WixREADME() -> find relevant recipe for the user's prompt/task -> read recipe using ReadFullDocsArticle() -> call Wix API using CallWixSiteAPI() based on the recipe - CONVERSATION CONTEXT BASED: find relevant docs article or API example for the user's prompt/task in the conversation context -> call API using CallWixSiteAPI() based on the docs article or API example - EXAMPLE BASED: WixREADME() -> no relevant recipe found for user's prompt/task -> BrowseWixRESTDocsMenu() or SearchWixRESTDocumentation() -> find relevant method -> read method article using ReadFullDocsArticle() to get method code examples -> call API using CallWixSiteAPI() based on the method code examples - SCHEMA BASED, FALLBACK: WixREADME() -> no relevant recipe found for user's prompt/task -> BrowseWixRESTDocsMenu() or SearchWixRESTDocumentation() -> find relevant method -> read method article using ReadFullDocsArticle() -> no method code examples found -> read method schema using ReadFullDocsMethodSchema() -> call API using CallWixSiteAPI() based on the schema Without WixREADME tool: - CONVERSATION CONTEXT BASED: find relevant docs article or API example for the user's prompt/task in the conversation context -> call API using CallWixSiteAPI() based on the docs article or API example - METHOD CODE EXAMPLE BASED: BrowseWixRESTDocsMenu() or SearchWixRESTDocumentation() -> find relevant method -> read method article using ReadFullDocsArticle() to get method code examples -> call API using CallWixSiteAPI() based on the method code examples - FULL SCHEMA BASED: BrowseWixRESTDocsMenu() or SearchWixRESTDocumentation() -> find relevant method -> read method article using ReadFullDocsArticle() -> no method code examples found -> read method schema using ReadFullDocsMethodSchema() -> call API using CallWixSiteAPI() based on the schema </flow-description> </agent-mandatory-instructions>