166,494 tools. Last updated 2026-05-31 22:42

"Managing an AWS Environment" matching MCP tools:

awsinspect_batch
InsideOut (Riley)
BATCH INSPECTION: run up to 32 AWS inspect probes in one call. ⚠️ **PREREQUISITE**: Same as awsinspect — deploy attempt required. Check convostatus for hasDeployAttempt=true before calling. Use this when you need to check more than ~3 resources. The backend fetches Oracle credentials ONCE per batch and fans out probes against a single AWS config — for a 12-resource health check this is ~5–8× faster and 12× fewer Oracle round-trips than calling awsinspect 12 times. BUDGETS: - Up to 32 sub-probes per call (subs array length). - 30s per-sub timeout; 60s total batch wall-clock. - Concurrency cap 8 — sub-probes run in parallel but never saturate AWS. - 512 KB response cap: subs past the cap keep their envelope (index/service/action/ok) but have result replaced with truncated=true. PARTIAL FAILURE IS EXPECTED. The response is an ordered results array; each entry has {index, service, action, ok, result, error}. Inspect each result — do NOT abort on the first error. A credential fetch failure leaves cred-less probes (list-actions, list-metrics) succeeding anyway. REQUIRES: session_id from convoopen response (format: sess_v2_...). Supported services: account, acm, alb, apigateway, apprunner, backup, bedrock, cloudfront, cloudwatchlogs, cognito, cost-explorer, dynamodb, ebs, ec2, ecs, eks, elasticache, kms, lambda, msk, opensearch, rds, route53, s3, sagemaker, secretsmanager, sqs, vpc, waf For a specific service's actions, use awsinspect (singular) with action="list-actions" — batch is not the place for discovery. Batch responses are always summarized (no detail/raw per-sub); use singular awsinspect when you need full metadata or raw API output for one resource. EXAMPLES: - awsinspect_batch(session_id=..., subs=[ {"service":"ec2","action":"describe-instances"}, {"service":"rds","action":"describe-db-instances"}, {"service":"vpc","action":"describe-vpcs"}, {"service":"s3","action":"list-buckets"}]) - awsinspect_batch(session_id=..., subs=[ {"service":"ec2","action":"get-metrics","filters":"{\"hours\":6}"}, {"service":"rds","action":"get-metrics","filters":"{\"hours\":6}"}])
Connector
aws___retrieve_skill
AWS Knowledge
Retrieve an AWS agent skill — domain-specific expertise that transforms you into a specialist for a particular AWS domain. Skills provide workflows, context, best practices, decision frameworks and step-by-step procedures. A skill may include reference files (architecture docs, schemas, examples) and deterministic workflows for sub-tasks that require exact execution. ## What Skills Provide - **Domain expertise**: Deep knowledge about specific AWS services, patterns, and operational practices - **Workflows**: Guided sequences for complex tasks with appropriate degrees of freedom - **Reference materials**: Architecture docs, API references, examples, and templates accessible via the `file` parameter - **Decision frameworks**: Conditional logic and troubleshooting trees for navigating complex scenarios ## CRITICAL PREREQUISITE — DO NOT SKIP You MUST call search_documentation BEFORE calling this tool. NEVER call this tool first. You do NOT know skill names — they are unpredictable identifiers that can only be discovered through search_documentation results. Guessing or fabricating a skill_name WILL fail. ## REQUIRED WORKFLOW (no exceptions) 1. FIRST: Call search_documentation with the user's requirements 2. THEN: Find the result entry that has a skill_name field 3. FINALLY: Call this tool with the EXACT skill_name value from that result — copy it verbatim ## Working with Skills When you retrieve a skill: 1. Read the SKILL.md overview to understand the domain and scope 2. Follow the workflows and guidance in the skill body 3. When the skill references additional files (e.g., `[architecture](references/architecture.md)`), retrieve them using this same tool with the `file` parameter 4. Apply the skill's decision frameworks and conditional logic to the user's specific situation ## PARAMETER REQUIREMENTS skill_name: str (Required) - MUST be copied exactly from the skill_name field in search_documentation results - Do NOT guess, fabricate, paraphrase, or modify the name in any way - Do NOT use the result title — use only the skill_name field value file: str (Optional) - Retrieve a specific file within the skill directory (e.g., "references/architecture.md") - Use this when the SKILL.md body links to reference files - If omitted, returns the main SKILL.md file ## IF SKILL NOT FOUND If you get an error, you likely guessed the name. Call search_documentation first to discover it. The error response will include a list of available files for the skill. ## Returns The skill content — either the main SKILL.md with domain expertise, workflows, and guidance, or a specific reference file when the `file` parameter is provided.
Connector
awsinspect_batch
InsideOut (Riley)
BATCH INSPECTION: run up to 32 AWS inspect probes in one call. ⚠️ **PREREQUISITE**: Same as awsinspect — deploy attempt required. Check convostatus for hasDeployAttempt=true before calling. Use this when you need to check more than ~3 resources. The backend fetches Oracle credentials ONCE per batch and fans out probes against a single AWS config — for a 12-resource health check this is ~5–8× faster and 12× fewer Oracle round-trips than calling awsinspect 12 times. BUDGETS: - Up to 32 sub-probes per call (subs array length). - 30s per-sub timeout; 60s total batch wall-clock. - Concurrency cap 8 — sub-probes run in parallel but never saturate AWS. - 512 KB response cap: subs past the cap keep their envelope (index/service/action/ok) but have result replaced with truncated=true. PARTIAL FAILURE IS EXPECTED. The response is an ordered results array; each entry has {index, service, action, ok, result, error}. Inspect each result — do NOT abort on the first error. A credential fetch failure leaves cred-less probes (list-actions, list-metrics) succeeding anyway. REQUIRES: session_id from convoopen response (format: sess_v2_...). Supported services: account, acm, alb, apigateway, apprunner, backup, bedrock, cloudfront, cloudwatchlogs, cognito, cost-explorer, dynamodb, ebs, ec2, ecs, eks, elasticache, kms, lambda, msk, opensearch, rds, route53, s3, sagemaker, secretsmanager, sqs, vpc, waf For a specific service's actions, use awsinspect (singular) with action="list-actions" — batch is not the place for discovery. Batch responses are always summarized (no detail/raw per-sub); use singular awsinspect when you need full metadata or raw API output for one resource. EXAMPLES: - awsinspect_batch(session_id=..., subs=[ {"service":"ec2","action":"describe-instances"}, {"service":"rds","action":"describe-db-instances"}, {"service":"vpc","action":"describe-vpcs"}, {"service":"s3","action":"list-buckets"}]) - awsinspect_batch(session_id=..., subs=[ {"service":"ec2","action":"get-metrics","filters":"{\"hours\":6}"}, {"service":"rds","action":"get-metrics","filters":"{\"hours\":6}"}])
Connector
research_niche
KDP Niche Research
Get detailed KDP niche intelligence for a specific keyword. Returns demand score, competition score, Amazon BSR range, estimated monthly revenue, review threshold, average book pricing, and data freshness for the given Kindle publishing niche. Pricing tiers (x402 USDC on Base network): - $0.03 per query for cached/pre-seeded keywords - $0.10 per query for live on-demand research (new keywords) Use the free `list_niches` tool first to see available keywords. Payment options: 1. Set the KDP_X_PAYMENT environment variable on the server for auto-pay. 2. Pass a valid x402 payment header via the x_payment argument. 3. If neither is set, the tool returns structured 402 payment instructions that an x402-capable agent can use to construct and retry payment. Args: keyword: The KDP niche keyword to research (e.g. "romance novels", "keto cookbook") x_payment: Optional base64-encoded x402 payment header. Takes precedence over the KDP_X_PAYMENT environment variable.
Connector
aws___read_documentation
AWS Knowledge
Read full AWS documentation pages after searching — search results contain partial excerpts only. Use this tool on the URLs returned by `search_documentation` to get complete, accurate information. ## Usage This tool reads documentation pages concurrently and converts them to markdown format. Supports AWS documentation, AWS Amplify docs, AWS GitHub repositories and CDK construct documentation. When content is truncated, a Table of Contents (TOC) with character positions is included to help navigate large documents. ## Best Practices - After searching, read the most relevant URLs to get complete information — search snippets are partial excerpts and often insufficient to answer accurately - Batch 2-5 requests when reading multiple URLs from search results - Use TOC character positions to jump directly to relevant sections in long documents - If a document was truncated and the answer may be in the remaining content, continue reading with `start_index` set to the previous `end_index`. Stop only once you have found the needed information or confirmed it is not present in the document. ## Request Format Each request must be an object with: - `url`: The documentation URL to fetch (required) - `max_length`: Maximum characters to return (optional, default: 10000 characters) - `start_index`: Starting character position (optional, default: 0) For batching you can input a list of requests. ## Example Request ``` { "requests": [ { "url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-management.html", "max_length": 5000, "start_index": 0 }, { "url": "https://repost.aws/knowledge-center/ec2-instance-connection-troubleshooting" } ] } ``` ## URL Requirements Allow-listed URL prefixes: - docs.aws.amazon.com - aws.amazon.com - repost.aws/knowledge-center - docs.amplify.aws - ui.docs.amplify.aws - github.com/aws-cloudformation/aws-cloudformation-templates - github.com/aws-samples/aws-cdk-examples - github.com/aws-samples/generative-ai-cdk-constructs-samples - github.com/aws-samples/serverless-patterns - github.com/awsdocs/aws-cdk-guide - github.com/awslabs/aws-solutions-constructs - github.com/cdklabs/cdk-nag - constructs.dev/packages/@aws-cdk-containers - constructs.dev/packages/@aws-cdk - constructs.dev/packages/@cdk-cloudformation - constructs.dev/packages/aws-analytics-reference-architecture - constructs.dev/packages/aws-cdk-lib - constructs.dev/packages/cdk-amazon-chime-resources - constructs.dev/packages/cdk-aws-lambda-powertools-layer - constructs.dev/packages/cdk-ecr-deployment - constructs.dev/packages/cdk-lambda-powertools-python-layer - constructs.dev/packages/cdk-serverless-clamscan - constructs.dev/packages/cdk8s - constructs.dev/packages/cdk8s-plus-33 - strandsagents.com/ Deny-listed URL prefixes: - aws.amazon.com/marketplace ## Example URLs - https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html - https://docs.aws.amazon.com/lambda/latest/dg/lambda-invocation.html - https://aws.amazon.com/about-aws/whats-new/2023/02/aws-telco-network-builder/ - https://aws.amazon.com/builders-library/ensuring-rollback-safety-during-deployments/ - https://aws.amazon.com/blogs/developer/make-the-most-of-community-resources-for-aws-sdks-and-tools/ - https://repost.aws/knowledge-center/example-article - https://docs.amplify.aws/react/build-a-backend/auth/ - https://ui.docs.amplify.aws/angular/connected-components/authenticator - https://github.com/aws-samples/aws-cdk-examples/blob/main/README.md - https://github.com/awslabs/aws-solutions-constructs/blob/main/README.md - https://constructs.dev/packages/aws-cdk-lib/v/2.229.1?submodule=aws_lambda&lang=typescript - https://github.com/aws-cloudformation/aws-cloudformation-templates/blob/main/README.md - https://strandsagents.com/docs/user-guide/quickstart/overview/index.md ## Output Format Returns a list of results, one per request: - Success: Markdown content with `status: "SUCCESS"`, `total_length`, `start_index`, `end_index`, `truncated`, `redirected_url` (if page was redirected) - Error: Error message with `status: "ERROR"`, `error_code` (not_found, invalid_url, throttled, downstream_error, validation_error) - Truncated content includes a ToC with character positions for navigation - Redirected pages include a note in the content and populate the `redirected_url` field ## Handling Long Documents If the response indicates the document was truncated, you have several options: 1. **Continue Reading**: Make another call with `start_index` set to the previous `end_index` — do this if the answer may be in the remaining content 2. **Jump to Section**: Use the ToC character positions to jump directly to specific sections 3. **Stop when done**: Stop only once you have found the needed information or confirmed it is not present in the document **Example - Jump to Section:** ``` # TOC shows: "Using a logging library (char 3331-6016)" # Jump directly to that section: {"requests":[{"url": "https://docs.aws.amazon.com/lambda/latest/dg/python-logging.html", "start_index": 3331, "max_length": 3000}]} ```
Connector
aws___get_regional_availability
AWS Knowledge
Check AWS resource availability across regions for products (service and features), APIs, and CloudFormation resources. ## Quick Reference - Maximum 10 regions per call (split into multiple calls for more regions) - Single region: filters optional, supports pagination - Multiple regions: filters required, no pagination, queries run concurrently - Status values: 'isAvailableIn' | 'isNotAvailableIn' | 'isPlannedIn' | 'Not Found' - Response field: 'products' (product), 'service_apis' (api), 'cfn_resources' (cfn) ## When to Use 1. Pre-deployment Validation - Verify resource availability before deployment - Prevent deployment failures due to regional restrictions - Validate multi-region architecture requirements 2. Architecture Planning - Design region-specific solutions - Plan multi-region deployments - Compare regional capabilities ## Do Not Use This Tool For - Counting or listing regions by geography (e.g., "how many AP regions exist?") — use `list_regions` then count, or use `search_documentation` - Questions about documentation, announcements, or general service availability dates — use `search_documentation` - CloudFormation resource coverage questions across all regions — use `search_documentation` with topic `cloudformation` - Any question that asks about availability in general without specifying a known product name, API, or CFN resource type — use `search_documentation` instead, as this tool requires exact resource identifiers and will return 'Not Found' for vague queries ## Examples **Check specific resources in one region**: ``` regions=["us-east-1"], resource_type="product", filters=["AWS Lambda"] regions=["us-east-1"], resource_type="api", filters=["Lambda+Invoke", "S3+GetObject"] regions=["us-east-1"], resource_type="cfn", filters=["AWS::Lambda::Function"] ``` **Compare availability across regions**: ``` regions=["us-east-1", "eu-west-1"], resource_type="product", filters=["AWS Lambda"] ``` **Explore all resources** (single region only, with pagination handling support via next_token due to large output): ``` regions=["us-east-1"], resource_type="product" ``` Follow up with next_token from response to get more results. ## Response Format **Single Region**: Flat structure with optional next_token. Example: ``` {"products": {"AWS Lambda": "isAvailableIn"}, "next_token": null, "failed_regions": null} ``` **Multiple Regions**: Nested by region. Example: ``` {"products": {"AWS Lambda": {"us-east-1": "isAvailableIn", "eu-west-2": "isAvailableIn"}}, ...} ``` ## Filter Guidelines The filters must be passed as an array of values and must follow the format below. 1. Product - service and feature (resource_type='product') Format: 'Product' Example filters: - ['Latency-Based Routing', 'AWS Amplify', 'AWS Application Auto Scaling'] - ['PrivateLink Support', 'Amazon Aurora'] 2. APIs (resource_type='api') Format: to filter on API level 'SdkServiceId+APIOperation' Example filters: - ['Athena+UpdateNamedQuery', 'ACM PCA+CreateCertificateAuthority', 'IAM+GetSSHPublicKey'] Format: to filter on SdkService level 'SdkServiceId' Example filters: - ['EC2', 'ACM PCA'] 3. CloudFormation (resource_type='cfn') Format: 'CloudformationResourceType' Example filters: - ['AWS::EC2::Instance', 'AWS::Lambda::Function', 'AWS::Logs::LogGroup']
Connector

Matching MCP Servers

AWS Documentation MCP Server
daniel-levesque
A
license
A
quality
C
maintenance
Provides tools to access AWS documentation, search for content, and get recommendations for both global and China AWS regions.
Last updated 2025-07-24
3
Apache 2.0
aws-athena-mcp
Databases Cloud Platforms Search
lishenxydlgzs
A
license
A
quality
D
maintenance
Run SQL queries with AWS Athena to access data available from AWS Glue catalog.
Last updated 2025-06-05
5
462
40
MIT

Matching MCP Connectors

AWS Knowledge
The AWS Knowledge MCP server is a fully managed remote Model Context Protocol server that provides real-time access to official AWS content in an LLM-compatible format. It offers structured access to AWS documentation, code samples, blog posts, What's New announcements, Well-Architected best practices, and regional availability information for AWS APIs and CloudFormation resources. Key capabilities include searching and reading documentation in markdown format, getting content recommendations, listing AWS regions, and checking regional availability for services and features.
AiPayGen — 65+ AI Tools as an MCP Server
65+ AI tools as MCP: research, write, code, scrape, translate, RAG, agent memory, workflows

credawait
InsideOut (Riley)
Wait for the user to securely connect their cloud account and subscribe to Luther Systems. Polls until credentials appear on the session. 🎯 USE THIS TOOL WHEN: tfdeploy returns an 'auth_required', 'no_credentials', or 'credentials_expired' error. The user needs to visit the connect URL to: 1. Connect their cloud credentials (AWS or GCP) 2. Sign up and subscribe to a Luther Systems plan (required for deployment) This secure connection allows InsideOut to deploy and manage infrastructure in the user's cloud account on their behalf. Credentials are handled securely and only used for deployment and management sessions. WORKFLOW: 1. FIRST: Present the connect URL and explanation to the user (from the tfdeploy error response) 2. THEN: Call this tool to begin polling for credentials 3. The user opens the URL in their browser to subscribe and add credentials 4. When credentials are found, inform the user and call tfdeploy to deploy IMPORTANT: Do NOT call this tool without first showing the connect URL to the user. The user needs to see the URL to complete the process. REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: cloud ('aws' or 'gcp'), timeout (integer, seconds to wait, default 300, max 600).
Connector
get_bundle_rate_environment
LastLook Data
Returns a complete rate environment snapshot in one call: FEDFUNDS, SOFR, DGS2, DGS5, DGS10, DGS30, plus computed yield curve spreads (2s10s and 3m10y), Fed policy spread (EFFR vs IORB), and curve shape signal. Use this instead of multiple individual calls when you need the full rate picture.
Connector
convoopen
InsideOut (Riley)
WORKFLOW: Step 1 of 4 - Start infrastructure design conversation Open an InsideOut V2 session and receive the assistant's intro message. The response contains a clean message from Riley (the infrastructure advisor) - display it to the user. ⚠️ Riley will ask questions - forward these to the user, DO NOT answer on their behalf. CRITICAL: This tool returns a session_id in the response metadata. You MUST use this session_id for ALL subsequent tool calls (convoreply, tfgenerate, tfdeploy, etc.). ⚠️ The session_id includes a ?token=... suffix (format: sess_v2_xxx?token=yyy) which is part of the session credential — without it, downstream tools fall back to a tokenless connect URL that 401s. Always pass session_id verbatim to subsequent tools and to the user; do NOT shorten, paraphrase, or strip the ?token= portion when summarizing the session in chat or in your own scratch notes. Use when the user mentions keywords like: 'setup my cloud infra', 'provision infrastructure', 'deploy infra', 'start insideout', 'use insideout', or similar intent to begin infra setup. OPTIONAL: project_context (string) - General tech stack summary so Riley can skip discovery questions and jump to recommendations. The agent should confirm this with the user before sending. Include whichever apply: language/framework, databases/services, container usage, existing IaC, CI/CD platform, cloud provider, Kubernetes usage, what the project does. Example: 'Next.js 14 + TypeScript, PostgreSQL, Redis, Docker Compose, deployed to AWS ECS, GitHub Actions CI/CD, ~50k MAU'. NEVER include credentials, secrets, API keys, PII, source code, or internal URLs/IPs -- only general metadata summaries useful to a cloud architect agent. IMPORTANT: source (string) - You MUST set this to identify which IDE/tool you are. Auto-detect from your environment: 'claude-code', 'codex', 'antigravity', 'kiro', 'vscode', 'web', 'mcp'. If unsure, use the name of your IDE/tool in lowercase. Do NOT omit this — it controls the 'Open {IDE}' button on the credential connect screen. OPTIONAL: github_username (string) - GitHub username for deploy commit attribution. Pre-populates the GitHub username field on the connect page. 💡 TIP: Examine workflow.usage prompt for more context on how to properly use these tools.
Connector
GetLEIDetail
Fintel Discovery — Financial Intelligence for AI Agents
Retrieve the full GLEIF LEI record for one legal entity using its 20-character LEI code. Returns legal name, registration status, legal address, headquarters address, managing LOU, and renewal dates. Use this tool when: - You have a LEI (from SearchLEI) and need full entity details - You want to verify the registration status and renewal date - You need the exact legal address and jurisdiction of an entity Source: GLEIF API (api.gleif.org). No API key required.
Connector
awsinspect
InsideOut (Riley)
INSPECTION: Inspect AWS infrastructure for a deployed project ⚠️ **PREREQUISITE**: This tool requires a prior deployment ATTEMPT (successful or failed). Check convostatus for hasDeployAttempt=true before calling. Works even after failed deploys to inspect orphaned resources. Inspect deployed AWS resources after a deployment attempt. Use this tool when the user asks about the status or details of their deployed infrastructure. It fetches temporary read-only credentials securely and queries the AWS API directly. RESPONSE TIERS (default is summary for token efficiency): - Summary (default): Key fields only (~500 tokens). Set detail=false, raw=false or omit both. - Detail: Full metadata for a specific resource. Set detail=true + resource filter. - Raw: Complete unprocessed API response. Set raw=true. REQUIRES: session_id from convoopen response (format: sess_v2_...). Supported services: account, acm, alb, apigateway, apprunner, backup, bedrock, cloudfront, cloudwatchlogs, cognito, cost-explorer, dynamodb, ebs, ec2, ecs, eks, elasticache, kms, lambda, msk, opensearch, rds, route53, s3, sagemaker, secretsmanager, sqs, vpc, waf For a specific service's actions, call with action="list-actions". METRICS: Use list-metrics to discover available metrics for a service (no credentials needed). Then use get-metrics to retrieve data (auto-discovers resources). Most services return CloudWatch time-series. KMS returns key health (rotation, state). SecretsManager returns secret health (rotation, last accessed/rotated). Optional filters JSON: {"hours":6,"period":300}. BILLING: Use service=cost-explorer to inspect AWS costs. Actions: get-cost-summary (last 30 days by service, filters: {"days":7,"granularity":"DAILY"}), get-cost-forecast (projected spend through end of month), get-cost-by-tag (costs grouped by tag, filters: {"tag_key":"Environment","days":30}). Requires ce:GetCostAndUsage and ce:GetCostForecast IAM permissions. EXAMPLES: - awsinspect(session_id=..., service="ec2", action="describe-instances") - awsinspect(session_id=..., service="cost-explorer", action="get-cost-summary") - awsinspect(session_id=..., service="ec2", action="get-metrics", filters="{\"hours\":6}") - awsinspect(session_id=..., service="rds", action="describe-db-instances", detail=true)
Connector
list_providers
Diagrams MCP
List all available diagram providers (aws, gcp, azure, k8s, onprem, etc.). Use list_providers -> list_services -> list_nodes to browse available node types for a specific provider.
Connector
secret_scan
AgentSec MCP
Scan text content for hardcoded secrets, API keys, and credentials using 20 pre-compiled patterns. Privacy guarantee: Input text is NEVER logged, cached, stored, or forwarded. Only findings_count and finding offsets (not matched values) are returned. Detected pattern types include: AWS keys, GitHub/GitLab PATs, OpenAI/Anthropic keys, Stripe secrets, Slack tokens, PEM private keys, JWT tokens, and 13 more. Per-call rate limit: 100/min. Payment: $0.05 USDC per scan.
Connector
deploy_staging
RationalBloks
Deploy a project to the staging environment. This triggers: (1) Schema validation, (2) Docker image build, (3) GitHub commit, (4) Kubernetes deployment, (5) Database migrations. The operation is ASYNCHRONOUS - it returns immediately with a job_id. Use get_job_status with the job_id to monitor progress. Deployment typically takes 2-5 minutes depending on schema complexity. If deployment fails, check: (1) Schema format is FLAT (no 'fields' nesting), (2) Every field has a 'type' property, (3) Foreign keys reference existing tables, (4) No PostgreSQL reserved words in table/field names. Use get_project_info to see if the deployment succeeded.
Connector
malware_get_template
website-search
Get Lenny Zeltser's malware analysis report template. The report covers Executive Summary, Sample Snapshot, Malware Family Identification, Component Inventory, Runtime Requirements, Sources, Capabilities, Indicators of Compromise, Analysis Details, What We Don't Know, optional Infection Vector, optional Detection Engineering, About this Report, Appendix: Analysis Environment, and optional Appendix: Analysis Scripts. This server never requests your sample, analysis notes, or indicators and instructs your AI to keep them local—guidelines and the report template flow to your AI for local analysis.
Connector
awsinspect
InsideOut (Riley)
INSPECTION: Inspect AWS infrastructure for a deployed project ⚠️ **PREREQUISITE**: This tool requires a prior deployment ATTEMPT (successful or failed). Check convostatus for hasDeployAttempt=true before calling. Works even after failed deploys to inspect orphaned resources. Inspect deployed AWS resources after a deployment attempt. Use this tool when the user asks about the status or details of their deployed infrastructure. It fetches temporary read-only credentials securely and queries the AWS API directly. RESPONSE TIERS (default is summary for token efficiency): - Summary (default): Key fields only (~500 tokens). Set detail=false, raw=false or omit both. - Detail: Full metadata for a specific resource. Set detail=true + resource filter. - Raw: Complete unprocessed API response. Set raw=true. REQUIRES: session_id from convoopen response (format: sess_v2_...). Supported services: account, acm, alb, apigateway, apprunner, backup, bedrock, cloudfront, cloudwatchlogs, cognito, cost-explorer, dynamodb, ebs, ec2, ecs, eks, elasticache, kms, lambda, msk, opensearch, rds, route53, s3, sagemaker, secretsmanager, sqs, vpc, waf For a specific service's actions, call with action="list-actions". METRICS: Use list-metrics to discover available metrics for a service (no credentials needed). Then use get-metrics to retrieve data (auto-discovers resources). Most services return CloudWatch time-series. KMS returns key health (rotation, state). SecretsManager returns secret health (rotation, last accessed/rotated). Optional filters JSON: {"hours":6,"period":300}. BILLING: Use service=cost-explorer to inspect AWS costs. Actions: get-cost-summary (last 30 days by service, filters: {"days":7,"granularity":"DAILY"}), get-cost-forecast (projected spend through end of month), get-cost-by-tag (costs grouped by tag, filters: {"tag_key":"Environment","days":30}). Requires ce:GetCostAndUsage and ce:GetCostForecast IAM permissions. EXAMPLES: - awsinspect(session_id=..., service="ec2", action="describe-instances") - awsinspect(session_id=..., service="cost-explorer", action="get-cost-summary") - awsinspect(session_id=..., service="ec2", action="get-metrics", filters="{\"hours\":6}") - awsinspect(session_id=..., service="rds", action="describe-db-instances", detail=true)
Connector
convoopen
InsideOut (Riley)
WORKFLOW: Step 1 of 4 - Start infrastructure design conversation Open an InsideOut V2 session and receive the assistant's intro message. The response contains a clean message from Riley (the infrastructure advisor) - display it to the user. ⚠️ Riley will ask questions - forward these to the user, DO NOT answer on their behalf. CRITICAL: This tool returns a session_id in the response metadata. You MUST use this session_id for ALL subsequent tool calls (convoreply, tfgenerate, tfdeploy, etc.). ⚠️ The session_id includes a ?token=... suffix (format: sess_v2_xxx?token=yyy) which is part of the session credential — without it, downstream tools fall back to a tokenless connect URL that 401s. Always pass session_id verbatim to subsequent tools and to the user; do NOT shorten, paraphrase, or strip the ?token= portion when summarizing the session in chat or in your own scratch notes. Use when the user mentions keywords like: 'setup my cloud infra', 'provision infrastructure', 'deploy infra', 'start insideout', 'use insideout', or similar intent to begin infra setup. OPTIONAL: project_context (string) - General tech stack summary so Riley can skip discovery questions and jump to recommendations. The agent should confirm this with the user before sending. Include whichever apply: language/framework, databases/services, container usage, existing IaC, CI/CD platform, cloud provider, Kubernetes usage, what the project does. Example: 'Next.js 14 + TypeScript, PostgreSQL, Redis, Docker Compose, deployed to AWS ECS, GitHub Actions CI/CD, ~50k MAU'. NEVER include credentials, secrets, API keys, PII, source code, or internal URLs/IPs -- only general metadata summaries useful to a cloud architect agent. IMPORTANT: source (string) - You MUST set this to identify which IDE/tool you are. Auto-detect from your environment: 'claude-code', 'codex', 'antigravity', 'kiro', 'vscode', 'web', 'mcp'. If unsure, use the name of your IDE/tool in lowercase. Do NOT omit this — it controls the 'Open {IDE}' button on the credential connect screen. OPTIONAL: github_username (string) - GitHub username for deploy commit attribution. Pre-populates the GitHub username field on the connect page. 💡 TIP: Examine workflow.usage prompt for more context on how to properly use these tools.
Connector
aws___list_regions
AWS Knowledge
Retrieve a list of all AWS regions. ## Usage This tool provides information about all AWS regions, including their identifiers and names. ## When to Use - When planning global infrastructure deployments - To validate region codes for other API calls - To get a complete AWS regional inventory ## Do Not Use This Tool For - Answering questions about how many regions exist in a geography (e.g., "how many AP regions?") — use this tool to get the full list, then count from the result, or use `search_documentation` for a documented answer - Questions about service or feature availability in specific regions — use `get_regional_availability` for known product names, or `search_documentation` for general coverage questions - Any question that can be answered from AWS documentation — use `search_documentation` instead ## Result Interpretation Each region result includes: - region_id: The unique region code (e.g., 'us-east-1') - region_long_name: The human-friendly name (e.g., 'US East (N. Virginia)') ## Common Use Cases 1. Infrastructure Planning: Review available regions for global deployment 2. Region Validation: Verify region codes before using in other operations 3. Regional Inventory: Get a complete list of AWS's global infrastructure
Connector
credawait
InsideOut (Riley)
Wait for the user to securely connect their cloud account and subscribe to Luther Systems. Polls until credentials appear on the session. 🎯 USE THIS TOOL WHEN: tfdeploy returns an 'auth_required', 'no_credentials', or 'credentials_expired' error. The user needs to visit the connect URL to: 1. Connect their cloud credentials (AWS or GCP) 2. Sign up and subscribe to a Luther Systems plan (required for deployment) This secure connection allows InsideOut to deploy and manage infrastructure in the user's cloud account on their behalf. Credentials are handled securely and only used for deployment and management sessions. WORKFLOW: 1. FIRST: Present the connect URL and explanation to the user (from the tfdeploy error response) 2. THEN: Call this tool to begin polling for credentials 3. The user opens the URL in their browser to subscribe and add credentials 4. When credentials are found, inform the user and call tfdeploy to deploy IMPORTANT: Do NOT call this tool without first showing the connect URL to the user. The user needs to see the URL to complete the process. REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: cloud ('aws' or 'gcp'), timeout (integer, seconds to wait, default 300, max 600).
Connector
hmrc_check_mtd_status
UK Legal Research
USE THIS TOOL WHEN you have a 9-digit VAT Registration Number and need that business's Making Tax Digital VAT mandate status. Returns whether the business is mandated for MTD, effective date, and trading name. Connects to the HMRC sandbox by default. Set HMRC_API_BASE to 'https://api.service.hmrc.gov.uk' for production. Requires HMRC_CLIENT_ID + HMRC_CLIENT_SECRET environment variables (OAuth 2.0). Raises if credentials are not configured — do not infer status.
Connector