194,718 tools. Last updated 2026-06-12 00:59

"Ruby" matching MCP tools:

asterwise_get_crystals
Asterwise
Returns all 50 crystals in the database sorted alphabetically. Each entry includes chakra associations, elemental correspondences, Vedic and Western planetary assignments, physical/emotional/spiritual healing properties, geographic origins, affirmations, and safety cautions. SECTION: WHAT THIS TOOL COVERS Dual-tradition crystal database distinguishing classical Vedic assignments from modern Western metaphysical ones. vedic_correspondence field is always one of: 'navaratna' (primary classical gem — one of the nine planetary gems), 'uparatna' (classical substitute gem), or 'none_classical' (no Vedic text assigns this stone — Western tradition only). The nine Navaratna: Ruby (Sun), Pearl (Moon), Red Coral (Mars), Emerald (Mercury), Yellow Sapphire (Jupiter), Diamond / White Sapphire (Venus), Blue Sapphire (Saturn), Hessonite Garnet (Rahu), Cat's Eye Chrysoberyl (Ketu). Crystals like Labradorite and Amazonite are marked none_classical — they were unknown in ancient India. Does not compute natal chart recommendations (asterwise_get_crystal_recommendations). SECTION: WORKFLOW BEFORE: None — standalone catalogue. AFTER: asterwise_get_crystal_by_planet — filter by Vedic planet for remedial use. SECTION: INPUT CONTRACT No required parameters. SECTION: OUTPUT CONTRACT data.total (int — 50) data.crystals[] — 50 objects each: slug, name, colors[], hardness_mohs (float) chakras[] (string array) element (string) zodiac_signs[] (string array) vedic_planet (string or null) vedic_correspondence (string — 'navaratna'|'uparatna'|'none_classical') western_planet (string or null) keywords[] (string array) healing_physical, healing_emotional, healing_spiritual (strings) description (string) origins[] (string array) affirmation (string) caution (string or null) SECTION: RESPONSE FORMAT response_format=json — full 50-crystal array. response_format=markdown — formatted catalogue. Both return identical data. SECTION: COMPUTE CLASS FAST_LOOKUP — static database, no ephemeris. SECTION: ERROR CONTRACT INTERNAL_ERROR: Any upstream API failure → MCP INTERNAL_ERROR SECTION: DO NOT CONFUSE WITH asterwise_get_crystal — single crystal detail by name. asterwise_get_crystal_by_planet — filter by Vedic planetary correspondence. asterwise_get_crystal_recommendations — recommendations by zodiac/chakra/intention.
Connector
dependency_vulnerability_scan
gapup-mcp
SCA (Software Composition Analysis) — scans a project dependency manifest and returns known vulnerabilities for each dependency. Supports: package.json (npm), requirements.txt (Python), go.mod (Go), Cargo.toml (Rust), composer.json (PHP), Gemfile.lock (Ruby), CycloneDX SBOM JSON. PRIMARY source: OSV.dev (keyless, free, covers npm/PyPI/Go/crates.io/Packagist/RubyGems + GHSA advisories federated). CVSS enrichment: NVD NIST (when OSV lacks score). Exploitation flag: CISA KEV (known-exploited-vulnerabilities catalog). Returns per-vuln CVE/GHSA IDs, severity, CVSS score, fixed version, and actionable upgrade recommendations. Relevant for EU NIS2 supply chain risk obligations, DORA, SOC 2 vendor assessments. Cache TTL 6h. Parallel OSV queries (concurrency=10). SLA <=30s p95.
Connector
check_secrets
ContrastAPI
Scan source code (or snippet) for hardcoded secrets — cloud provider keys, API tokens, connection strings, private keys, passwords. Supports Python, JavaScript, TypeScript, Java, Go, Ruby, Shell, Bash. Use to detect leaked credentials before commit; for injection detection use check_injection. Free: 30/hr, Pro: 500/hr. Returns {total, by_severity, findings}. No data stored. The generic password-assignment rule is suppressed when a more-specific credential rule fires on the same line — one targeted finding per leaked secret, not two.
Connector
check_injection
ContrastAPI
Scan source code for injection vulnerabilities: SQL injection, command injection, path traversal via unsafe string concatenation/unsanitized input. Supports Python, JavaScript, TypeScript, Java, Go, Ruby, Shell, Bash. Use to detect input-handling bugs; for secrets use check_secrets. Companion code-security tools: check_secrets (hard-coded credential detection), check_dependencies (known-CVE vulnerability audit), check_headers (live HTTP security-header validation), scan_headers (live HTTP scan via domain). Free: 30/hr, Pro: 500/hr. Returns {total, by_severity, findings}. No data stored.
Connector
devloop_scaffold_ci
Keploy
Scaffold the GitHub Actions workflow that runs the V1 API tests on every PR. Returns the exact YAML content to write to .github/workflows/keploy.yml + the Bash command to set the KEPLOY_API_KEY secret. The AI walks the playbook with its Write tool + the `gh` CLI. PRECONDITIONS — CHECK BEFORE CALLING. Calling this tool out of order is a DEVLOOP violation; the doc-stated user-flow ordering is generate → run → mutation-prove (opt-in) → expand (opt-in) → CI (opt-in). Specifically you must have: 1. Generated at least one test via devloop_generate_resource_flow AND watched it pass via "keploy test-gen run --ci". 2. SURFACED the mutation-prove opt-in to the dev verbatim: "Want me to prove the test catches bugs by applying 3 small mutations to your handler and reverting?" — and the dev answered (yes-walked through devloop_mutation_demo, or explicit no/skip/later). Doing the test runs is NOT the same as offering mutation-prove; the offer is a separate dev-facing question. 3. ASKED the dev "want me to wire this into CI?" — explicit yes from the dev. If ANY of those three are missing, STOP and back up. The mutation-prove gate is what builds the dev's trust before they commit Keploy to CI; skipping it ships shallow tests into a workflow the dev hasn't validated. What this tool does NOT do (intentionally — the dev keeps custody): * Mint the CI API key server-side. The dev provisions it themselves in the Keploy dashboard (Step 2 of the returned playbook walks them through it). The AI never sees the kep_* value — it transits dashboard clipboard → terminal stdin → gh CLI's encrypted POST. This is a security property, not a limitation. * Post structured PR comments from api-server. V1 relies on GitHub Actions' native status-check rendering; the structured comment renderer is a V1.5 lift. The emitted workflow runs on pull_request (default base branch) and reads app_id / test-dir / context-dir from keploy/api-tests/keploy-test-gen.yaml — the dev never has to thread flags through the workflow. TIME-FREEZING — DEFAULT ON, ALMOST ALWAYS NEEDED FOR BACKEND APPS. Almost every backend app has authentication (login → JWT/session/OAuth). The dev's recorded tests carry those tokens in headers. Between record time and the first PR's CI run, the tokens' exp claims pass real wall-clock — CI then 401s on every authenticated step, and the dev blames Keploy. Keploy's time-freezing rewinds the app's clock to the record moment so the recorded tokens validate. Default policy: time_freezing=true. The AI MUST inspect the dev's test suites BEFORE calling this tool: - <app_dir>/keploy/api-tests/<resource>/test.yaml (V1 sources) - <app_dir>/keploy/<SuiteName>/tests/*.yaml (captured sandbox tests) Look for: Authorization Bearer headers; steps hitting /login /auth /signin /token /oauth; response bodies containing jwt / token / access_token / refresh_token / expires_in / iat / exp. If any of those signals appear (or you're unsure), keep time_freezing=true. Only pass time_freezing=false when you've audited every suite and confirmed zero time-sensitive tokens (rare for a real backend). When time_freezing=true, this tool also requires app_language (go / node / python / java / ruby / other) and app_service (docker-compose service name). Output then includes: - Modified workflow YAML (pre-populates keploy-sockets-vol; uses -f docker-compose.yml -f docker-compose.keploy.yml; passes --freezeTime) - docker-compose.keploy.yml override (volume mount + LD_PRELOAD for non-Go, or Dockerfile.keploy build for Go) - Dockerfile.keploy (Go ONLY — vDSO bypasses LD_PRELOAD, requires -tags=faketime rebuild) The dev's plain "docker compose up" is unaffected. Time-freezing only activates when CI (or the dev locally) explicitly passes both compose files. TIME-FREEZING IS REPLAY-ONLY — STRICT INVARIANT. The Dockerfile.keploy / docker-compose.keploy.yml / --freezeTime flag this tool emits exist purely to make recorded JWTs validate at REPLAY time. They MUST NEVER apply when recording. Concretely: - Record uses the dev's PROD Dockerfile + plain "docker compose up" (no override file). - Replay uses Dockerfile.keploy + "docker compose -f docker-compose.yml -f docker-compose.keploy.yml up" + the --freezeTime flag on the CLI. If a recording is captured against a faketime-built binary, every timestamp in the captured mocks is wrong and the whole capture is corrupt — there is no recovery short of re-recording from scratch with the prod binary. The CI YAML this tool emits in ci_mode=sandbox-replay is a REPLAY workflow; it boots via the compose override on purpose. The dev's separate record flow (devloop_record_sandbox) must NOT touch the override. TIME-FREEZING IS FORCED ON FOR ci_mode=sandbox-replay — NON-NEGOTIABLE. Any explicit time_freezing=false passed alongside ci_mode=sandbox-replay is silently overridden back to true. Rationale: sandbox replay processes the recorded request stream verbatim — any time-sensitive token in any captured request (JWT exp, OAuth iat, session cookie) goes stale the moment wall-clock passes the recorded moment, and silently fails replay. Whether the dev's suite happens to carry such a token is not auditable at scaffold time, and the failure is silent (401 on the first auth-gated step in CI). The cost of force-ON for a hypothetical zero-token app is one dormant volume mount + a no-op CLI flag; the cost of force-OFF for a token-bearing app is every PR failing. Asymmetric — force-ON wins. For ci_mode=api-tests, the workflow runs against live deps with current wall-clock so recorded tokens never enter the picture; time_freezing defaults to false and is overridable by the AI if they want the artifacts pre-staged for a later sandbox switch.
Connector
jobs_search
FoundRole — AI Job Search & Application Tracker MCP for Claude & ChatGPT
Searches a database for real-time job listings matching the user's criteria. The query is the full job title or role: "Ruby Developer" or "Ruby on Rails Engineer" rather than a bare keyword like "Ruby", which is too broad and matches unrelated fields. Results may be filtered by location, company, and how recently a job was posted. Each result carries an `id`; jobs_details takes that `id` and returns the job's full description, requirements, and benefits. The response also carries a `nextCursor` for the next page of results; a follow-up page is fetched by passing only that cursor, with no other search parameters. Each response includes a system_instruction describing how to present the results for the current client.
Connector

Matching MCP Servers

MCP Server RubyGems
Developer Tools Data Platforms
6
F
license
A
quality
C
maintenance
A Model Context Protocol server that allows interaction with the RubyGems.org API to fetch metadata about Ruby packages, search gems, and explore dependencies and ownership information.
Last updated 2025-03-08
6
1
VulnFeed
Security Monitoring Developer Tools
infai-tech
A
license
A
quality
B
maintenance
An MCP server that scans your lockfiles (npm, PyPI, Go, Rust, Ruby, PHP) for known vulnerabilities, enriches with EPSS exploit probability scores, and recommends fix versions. $14/mo — not per-seat.
Last updated 2026-05-28
9
MIT

Matching MCP Connectors

Ruby on Rails MCP Skills
## Skill Catalog The library contains 42 public skills organized by Rails development concern. | Category | Examples | |----------|----------| | Planning | `create-prd`, `generate-tasks`, `plan-tickets` | | Testing | `plan-tests`, `write-tests`, `test-service`, `triage-bug` | | Code quality | `code-review`, `respond-to-review`, `security-check`, `refactor-code` | | Architecture and DDD | `define-domain-language`, `review-domain-boundaries`, `model-domain`, `review-architecture` | | Rails imple
rugby
First dedicated rugby MCP — Six Nations, Rugby Championship, World Cup. Fixtures + venues.

count_code_lines
IA-QA — 130+ QA & Dev Tools for AI Agents
Count lines of code: total, code lines, comment lines, blank lines, and comment density. Supports JS/TS, Python, Java/C/C++, Ruby, Go, Shell, HTML/XML, and CSS.
Connector
dependency_vulnerability_scan
gapup-mcp
SCA (Software Composition Analysis) — scans a project dependency manifest and returns known vulnerabilities for each dependency. Supports: package.json (npm), requirements.txt (Python), go.mod (Go), Cargo.toml (Rust), composer.json (PHP), Gemfile.lock (Ruby), CycloneDX SBOM JSON. PRIMARY source: OSV.dev (keyless, free, covers npm/PyPI/Go/crates.io/Packagist/RubyGems + GHSA advisories federated). CVSS enrichment: NVD NIST (when OSV lacks score). Exploitation flag: CISA KEV (known-exploited-vulnerabilities catalog). Returns per-vuln CVE/GHSA IDs, severity, CVSS score, fixed version, and actionable upgrade recommendations. Relevant for EU NIS2 supply chain risk obligations, DORA, SOC 2 vendor assessments. Cache TTL 6h. Parallel OSV queries (concurrency=10). SLA <=30s p95.
Connector
dependency_vulnerability_scan
mcp-knowledge
SCA (Software Composition Analysis) — scans a project dependency manifest and returns known vulnerabilities for each dependency. Supports: package.json (npm), requirements.txt (Python), go.mod (Go), Cargo.toml (Rust), composer.json (PHP), Gemfile.lock (Ruby), CycloneDX SBOM JSON. PRIMARY source: OSV.dev (keyless, free, covers npm/PyPI/Go/crates.io/Packagist/RubyGems + GHSA advisories federated). CVSS enrichment: NVD NIST (when OSV lacks score). Exploitation flag: CISA KEV (known-exploited-vulnerabilities catalog). Returns per-vuln CVE/GHSA IDs, severity, CVSS score, fixed version, and actionable upgrade recommendations. Relevant for EU NIS2 supply chain risk obligations, DORA, SOC 2 vendor assessments. Cache TTL 6h. Parallel OSV queries (concurrency=10). SLA <=30s p95.
Connector
microsoft_code_sample_search
Microsoft Learn MCP
Search for code snippets and examples in official Microsoft Learn documentation. This tool retrieves relevant code samples from Microsoft documentation pages providing developers with practical implementation examples and best practices for Microsoft/Azure products and services related coding tasks. This tool will help you use the **LATEST OFFICIAL** code snippets to empower coding capabilities. ## When to Use This Tool - When you are going to provide sample Microsoft/Azure related code snippets in your answers. - When you are **generating any Microsoft/Azure related code**. ## Usage Pattern Input a descriptive query, or SDK/class/method name to retrieve related code samples. The optional parameter `language` can help to filter results. Eligible values for `language` parameter include: csharp javascript typescript python powershell azurecli al sql java kusto cpp go rust ruby php
Connector
search_exploits
Exploit Intelligence Platform — CVE, Vulnerability and Exploit Database
Browse and filter exploits using STRUCTURED FILTERS ONLY (no free-text query). Use this to filter by source (github, metasploit, exploitdb, nomisec, gitlab, inthewild, vulncheck_xdb, patchapalooza, oscs, poc_monitor), language (python, ruby, etc.), LLM classification (working_poc, trojan, suspicious, scanner, stub, writeup, tool, no_code), author, min stars, code availability, CVE ID, vendor, or product. Also filter by AI analysis: attack_type (RCE, SQLi, XSS, DoS, LPE, auth_bypass, info_leak), complexity (trivial/simple/moderate/complex), reliability (reliable/unreliable/untested/theoretical), requires_auth. NOTE: To search by product name (e.g. 'OpenSSH', 'Apache'), use search_vulnerabilities instead — it has free-text query and get_vulnerability already includes exploits in the response. Examples: source='metasploit' for all Metasploit modules; attack_type='RCE' with reliability='reliable' for weaponizable RCE exploits; cve='CVE-2024-3400' for all exploits targeting a specific CVE; vendor='mitel' for all Mitel exploits.
Connector
microsoft_code_sample_search
xpay✦ DevTools Collection
Search for code snippets and examples in official Microsoft Learn documentation. This tool retrieves relevant code samples from Microsoft documentation pages providing developers with practical implementation examples and best practices for Microsoft/Azure products and services related coding tasks. This tool will help you use the **LATEST OFFICIAL** code snippets to empower coding capabilities. ## When to Use This Tool - When you are going to provide sample Microsoft/Azure related code snippets in your answers. - When you are **generating any Microsoft/Azure related code**. ## Usage Pattern Input a descriptive query, or SDK/class/method name to retrieve related code samples. The optional parameter `language` can help to filter results. Eligible values for `language` parameter include: csharp javascript typescript python powershell azurecli al sql java kusto cpp go rust ruby php
Connector
lookup_rubygem
GoCreative Agent API
Get RubyGems package metadata (version, downloads, repo). Use for Ruby-dependency research. Example call: {"pkg": "rails"} Cost: $0.005–$0.05 USDC on Base per call.
Connector
notes-list
hjarni
List notes with optional filtering, sorting, and pagination. Returns paginated results. Optional: team_id (integer) to list team notes, scope ('active'|'archived'|'inbox'|'favorited'), container_id (integer) with include_nested (boolean), tags (array of strings, AND logic), tag_ids (array of integers, AND logic), summary_stale (boolean, filter to notes with outdated summaries), sort ('recent'|'oldest'|'title'), page (integer, default 1), per_page (integer, max 100, default 25). container_id can be combined with team_id to list a specific team container. Example: list ruby-tagged notes in a container: {container_id: 5, tags: ['ruby']}.
Connector
code_generator
interactive-api-playground
Generate a ready-to-run code snippet for an HTTP request in javascript, typescript, python, curl, go, ruby, php, or java.
Connector