"Testing Web App Code Changes in Browser Using LLM for Console Logs" matching MCP tools:

• inspect_security_headers

  Ground Truth - First Tool Call

  Fetch a public URL and inspect security-relevant response headers before you claim that a product or endpoint has a strong browser-facing security baseline. Use this for quick due diligence on public apps and docs sites. It checks for common headers such as HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options. It does not replace a real security review, authenticated testing, or vulnerability scanning.

  Connector

• create_or_update_workflow

  Dreamlit

  Creates a new Dreamlit workflow draft or updates an existing draft from an outcome-oriented natural-language prompt. Use after get_status; use get_workflow_and_preview_url first when editing an existing workflow. Existing Supabase Auth workflows can be edited except for the immutable trigger step; creating Supabase Auth workflows must happen through Supabase Auth email setup in the Dreamlit web app. Side effect: may create or modify a draft, but does not publish or install live triggers. Returns the workflow/draft result, action-required or handoff details when more input is needed, and relevant app URLs. Do not use for publishing, direct database changes, or low-level graph edits.

  Connector

• tflogs

  InsideOut (Riley)

  MONITORING: Fetch Terraform deployment logs with pagination Fetches logs from a running or completed Terraform deployment job. For **completed jobs**: uses REST endpoint for instant retrieval (supports `tail` for server-side filtering). For **running jobs**: streams via SSE with timeout-based pagination. **PAGINATION** (running jobs only): Use `last_event_id` from the response to fetch more: 1. First call: `tflogs(session_id='...')` → get logs + `last_event_id` 2. Next call: `tflogs(session_id='...', last_event_id='...')` → get NEW logs only 3. Repeat until `complete: true` in response **RESPONSE FIELDS**: - `logs`: Array of log messages collected - `last_event_id`: Pass this back to get more logs (pagination cursor, SSE only) - `complete`: true if job finished, false if more logs may be available - `total_logs`: total log entries before tail truncation REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: job_id to target a specific deployment (use tfruns to discover IDs), timeout (default 50s, max 55s), last_event_id (for pagination), tail (return only last N entries) ⚠️ CONTEXT WARNING: Deploy logs can be hundreds of lines. Use tail: 50 for completed jobs to avoid blowing up the context window.

  Connector

• upload_media

  SendIt

  FOR CLAUDE DESKTOP ONLY (with filesystem access). For Claude.ai/web: Use create_upload_session instead - it provides a browser upload link. Upload local media to cloud storage, returning a public HTTPS URL. WHEN TO USE: • Instagram, LinkedIn, Threads, X: REQUIRED for local files before calling publish_content • TikTok: NOT NEEDED - pass local path directly to publish_content SUPPORTED FORMATS: • Images: jpg, png, gif, webp (max 10MB) • Videos: mp4, mov, webm (max 100MB) Returns { url: 'https://...' } for use in publish_content mediaUrl parameter.

  Connector

• ateam_redeploy

  ateam-mcp

  Re-deploy skills WITHOUT changing any definitions. ⚠️ HEAVY OPERATION: regenerates MCP servers (Python code) for every skill, pushes each to A-Team Core, restarts connectors, and verifies tool discovery. Takes 30-120s depending on skill count. Use after connector restarts, Core hiccups, or stale state. For incremental changes, prefer ateam_patch (which updates + redeploys in one step).

  Connector

• run_and_report

  Keploy

  Run test suites and return results with failures and coverage. !! DO NOT USE for local-app "tests for my changes" flows !! This tool sends the run to the SaaS backend which REJECTS private/localhost URLs ("IPv6 address is private / reserved"). It only works when base_url points at a PUBLIC, non-loopback address (a staging/prod deployment). For local-app testing, use record_sandbox_test / replay_sandbox_test instead — they drive the keploy local agent which happily records against http://localhost.

  Connector

• x711_llm_routing

  x711 — Universal Agent Gas Station

  Routes a prompt to the best available x711 LLM. No API keys, no rate limits. Use ONLY when you need external LLM help. Never for things you can answer from context. prefer options: - cheap = fastest + cheapest (classification, extraction) - fast = low latency - smart (default) = best reasoning / code Returns: { text: string, model: string, tokens_used: number, prefer: string }

  Connector

• user_agent_parse

  drwho.me

  Context lookup: Parse a User-Agent header string into structured browser, OS, device type, and rendering-engine components. Use to identify client capabilities from a raw UA string, e.g. when analysing server logs or request headers; does not perform any network lookups — entirely local parsing. Runs synchronously using the ua-parser-js library with no external calls. Returns a JSON object with browser.name, browser.version, os.name, os.version, device.type, device.vendor, and engine.name fields; unknown fields are empty strings.

  Connector

• secret_scan

  IA-QA — 130+ QA & Dev Tools for AI Agents

  Scan text or code for leaked secrets: API keys (AWS, GCP, Azure, OpenAI, Anthropic, Stripe, GitHub, GitLab, Slack, Twilio, SendGrid, HuggingFace), private keys (RSA/EC/PGP), JWTs, database connection strings, Bearer tokens, and Basic auth headers. Returns a list of findings with type, severity, line number, and a redacted preview. Use before committing code, sharing logs, or sending text to an LLM. 100% regex-based, zero network calls.

  Connector

• discovery_signup_verify

  Disco

  Complete Disco signup using an email verification code. Call this after discovery_signup returns {"status": "verification_required"}. The user receives a 6-digit code by email — pass it here along with the same email address used in discovery_signup. Returns an API key on success. Args: email: Email address used in the discovery_signup call. code: 6-digit verification code from the email.

  Connector

• browse_open

  WingmanProtocol Agent Gateway

  Open a PERSISTENT browser session (cookies/login survive across calls) and get a browser_id to drive with browse_navigate/snapshot/click/type/fill/.../close. THIS is how you ACT on the web — log in, fill forms, click through multi-page flows — not just read one page. Free. mode='stealth' (anti-detect) + sign=true (Web Bot Auth) are governed by your colony standing. Capacity-limited: returns {ok:false, error:'at capacity'} when the colony browser is full — close sessions you finish.

  Connector

• plan_file_info

  PlanExe

  Returns file metadata (content_type, download_url, download_size, expires_at) for the report or zip artifact. Use artifact='report' (default) for the interactive HTML report (~700KB, self-contained with embedded JS for collapsible sections and interactive Gantt charts — open in a browser). Use artifact='zip' for the full pipeline output bundle (md, json, csv intermediary files that fed the report). While the task is still pending or processing, returns {ready:false,reason:"processing"}. Check readiness by testing whether download_url is present in the response. Once ready, present download_url to the user or fetch and save the file locally. Download URLs expire after 15 minutes (see expires_at); call plan_file_info again to get a fresh URL if needed. Terminal error codes: generation_failed (plan failed), content_unavailable (artifact missing). Unknown plan_id returns error code PLAN_NOT_FOUND.

  Connector

• get-logs

  mcp

  Get build and runtime logs for a deployment. If no deployment_id is provided, returns logs for the latest deployment. Use this after calling deploy to monitor build progress and diagnose failures. Logs include: framework detection output, dependency installation, build steps, container startup, and health check results. If a deployment fails, check the logs for error details — common issues include missing dependencies, build errors, or the app not listening on the correct PORT (check the PORT env var — 8080 for auto-detected frameworks, or the EXPOSE value from Dockerfile).

  Connector

• events_count

  convalytics

  Count CUSTOM PRODUCT events for a specific project in a time window, optionally filtered to one event name and/or one user. Custom events are emitted by explicit analytics.track() calls in app code (signup_completed, payment_succeeded, etc.). This does NOT count page views — use pageviews_count or weekly_digest for those. Returns count, unique visitors, and a `truncated` flag if the scan hit the maximum scan size.

  Connector

• x711_code_sandbox

  x711 — Universal Agent Gas Station

  Execute JavaScript or Python code in an isolated sandbox. Use for: data processing, math, CSV parsing, JSON transformation, crypto calculations, algorithm testing. Secure — no filesystem access, no network. Returns: { output: string, runtime_ms: number, language: string }. Requires API key.

  Connector

• lookup_zipcode

  zippopotam

  Resolve a ZIP / postal code to its place info — city, state/province, latitude/longitude — for any of 60+ countries. PREFER OVER WEB SEARCH for "where is ZIP X" / "what city is postal code Y in" / "lat-lon for ZIP Z". Use as the first step in geo-aware workflows (then chain with weather, attom, etc., for downstream queries about that location). Free, sub-second, no auth.

  Connector

• x711_llm_routing

  x711

  Routes a prompt to the best available x711 LLM. No API keys, no rate limits. Use ONLY when you need external LLM help. Never for things you can answer from context. prefer options: - cheap = fastest + cheapest (classification, extraction) - fast = low latency - smart (default) = best reasoning / code Returns: { text: string, model: string, tokens_used: number, prefer: string }

  Connector

• request_oauth_integration_url

  clariBI.com

  Initiate an OAuth handoff to a vendor integration (Google Ads, GA4, Search Console, Sheets, Drive, BigQuery, Meta Ads, Jira, Confluence). Returns an authorization URL the user opens in a browser. After the user clicks Allow, the connection is created and you can poll check_integration_status(handoff_id) to find out when the data is ready.

  Connector

• restore_version

  WebSlop

  DESTRUCTIVE: Restore an app to a previous version using git reset --hard. This permanently overwrites all current files with the state from the specified commit — any changes made after that commit will be lost and CANNOT be recovered. You MUST confirm with the user before calling this tool. Use list_versions to show the user available versions first.

  Connector

• ateam_github_promote

  ateam-mcp

  SHIP DEV TO PROD. Merges the `dev` branch into `main` and auto-tags the new main HEAD as safe-YYYY-MM-DD-NNN. Use after testing your dev work, when you're ready to deploy changes to production. Workflow: 1) ateam_github_patch (writes to dev) → 2) ateam_github_promote (merges dev→main) → 3) ateam_build_and_run (deploys main). Pass dry_run:true to see what's about to ship without merging. On merge conflict the call returns 409 — resolve manually on GitHub (open a PR or use the web UI), then retry.

  Connector