Skip to main content
Glama
127,003 tools. Last updated 2026-05-05 06:55

"Using Terraform to Provision AWS Resources and Ansible to Configure Services" matching MCP tools:

  • tfgenerate

    InsideOut (Riley)

    WORKFLOW: Step 3 of 4 - Generate Terraform files from completed design Generate Terraform files from an InsideOut session that has completed infrastructure design. ⚠️ PREREQUISITE: Only call this AFTER convoreply returns with `terraform_ready=true` in the response metadata. DO NOT call this while convoreply is still running or before terraform_ready is confirmed! If you get 'session has not reached terraform-ready state', wait for convoreply to complete first. 🎯 USE THIS TOOL WHEN: convoreply has returned with terraform_ready=true, OR the user asks to 'see the terraforms', 'generate terraform', 'show me the code', etc. **DEFAULT RESPONSE**: Returns summary table + download URL (keeps code out of LLM context). **FALLBACK**: Set `include_code: true` to get full code inline if curl/unzip fails. **CRITICAL WORKFLOW** (default mode): 1. Call this tool to get file summary and download URL 2. ASK the user: 'Where would you like me to save the Terraform files? Default: ./insideout-infra/' 3. WAIT for user confirmation before running the download command 4. Run the curl/unzip command with the user's chosen directory 5. If curl/unzip FAILS (sandbox, security, platform issues), retry with `include_code: true` **AFTER GENERATION**: Ask user if they want to review the files and then deploy with tfdeploy REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: include_code (boolean) - set true to return full code inline as fallback. 💡 TIP: Examine workflow.usage prompt for more context on how to properly use these tools.
    Connector

  • tfgenerate

    InsideOut (Riley)

    WORKFLOW: Step 3 of 4 - Generate Terraform files from completed design Generate Terraform files from an InsideOut session that has completed infrastructure design. ⚠️ PREREQUISITE: Only call this AFTER convoreply returns with `terraform_ready=true` in the response metadata. DO NOT call this while convoreply is still running or before terraform_ready is confirmed! If you get 'session has not reached terraform-ready state', wait for convoreply to complete first. 🎯 USE THIS TOOL WHEN: convoreply has returned with terraform_ready=true, OR the user asks to 'see the terraforms', 'generate terraform', 'show me the code', etc. **DEFAULT RESPONSE**: Returns summary table + download URL (keeps code out of LLM context). **FALLBACK**: Set `include_code: true` to get full code inline if curl/unzip fails. **CRITICAL WORKFLOW** (default mode): 1. Call this tool to get file summary and download URL 2. ASK the user: 'Where would you like me to save the Terraform files? Default: ./insideout-infra/' 3. WAIT for user confirmation before running the download command 4. Run the curl/unzip command with the user's chosen directory 5. If curl/unzip FAILS (sandbox, security, platform issues), retry with `include_code: true` **AFTER GENERATION**: Ask user if they want to review the files and then deploy with tfdeploy REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: include_code (boolean) - set true to return full code inline as fallback. 💡 TIP: Examine workflow.usage prompt for more context on how to properly use these tools.
    Connector

  • tfplan

    InsideOut (Riley)

    PREVIEW: Run terraform plan to preview infrastructure changes Runs a terraform plan for an InsideOut session without applying any changes. This lets the user review what will be created/changed/destroyed before committing. Returns job_id, plan_id, and project_id. Use tflogs to stream the plan output. After the plan completes, use tfdeploy with plan_id to apply the exact plan. SINGLE-FLIGHT: only one TF job per session at a time. If another job is already in flight, tfplan returns tf_job_conflict with the live job_id — attach with tfstatus/tflogs, or pass force_new=true to override. REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: sandbox (boolean, default false) — plans real generated Terraform. Set to true for cheap sandbox template (testing only). OPTIONAL: force_new (boolean, default false) - bypass the single-flight guard. Use only when the existing run is provably wedged. CREDENTIAL HANDLING: Same as tfdeploy - credentials must be configured first.
    Connector

  • awsinspect_batch

    InsideOut (Riley)

    BATCH INSPECTION: run up to 32 AWS inspect probes in one call. ⚠️ **PREREQUISITE**: Same as awsinspect — deploy attempt required. Check convostatus for hasDeployAttempt=true before calling. Use this when you need to check more than ~3 resources. The backend fetches Oracle credentials ONCE per batch and fans out probes against a single AWS config — for a 12-resource health check this is ~5–8× faster and 12× fewer Oracle round-trips than calling awsinspect 12 times. BUDGETS: - Up to 32 sub-probes per call (subs array length). - 30s per-sub timeout; 60s total batch wall-clock. - Concurrency cap 8 — sub-probes run in parallel but never saturate AWS. - 512 KB response cap: subs past the cap keep their envelope (index/service/action/ok) but have result replaced with truncated=true. PARTIAL FAILURE IS EXPECTED. The response is an ordered results array; each entry has {index, service, action, ok, result, error}. Inspect each result — do NOT abort on the first error. A credential fetch failure leaves cred-less probes (list-actions, list-metrics) succeeding anyway. REQUIRES: session_id from convoopen response (format: sess_v2_...). Supported services: account, alb, apigateway, backup, bedrock, cloudfront, cloudwatchlogs, cognito, cost-explorer, dynamodb, ebs, ec2, ecs, eks, elasticache, kms, lambda, msk, opensearch, rds, s3, secretsmanager, sqs, vpc, waf For a specific service's actions, use awsinspect (singular) with action="list-actions" — batch is not the place for discovery. Batch responses are always summarized (no detail/raw per-sub); use singular awsinspect when you need full metadata or raw API output for one resource. EXAMPLES: - awsinspect_batch(session_id=..., subs=[ {"service":"ec2","action":"describe-instances"}, {"service":"rds","action":"describe-db-instances"}, {"service":"vpc","action":"describe-vpcs"}, {"service":"s3","action":"list-buckets"}]) - awsinspect_batch(session_id=..., subs=[ {"service":"ec2","action":"get-metrics","filters":"{\"hours\":6}"}, {"service":"rds","action":"get-metrics","filters":"{\"hours\":6}"}])
    Connector

  • awsinspect_batch

    InsideOut (Riley)

    BATCH INSPECTION: run up to 32 AWS inspect probes in one call. ⚠️ **PREREQUISITE**: Same as awsinspect — deploy attempt required. Check convostatus for hasDeployAttempt=true before calling. Use this when you need to check more than ~3 resources. The backend fetches Oracle credentials ONCE per batch and fans out probes against a single AWS config — for a 12-resource health check this is ~5–8× faster and 12× fewer Oracle round-trips than calling awsinspect 12 times. BUDGETS: - Up to 32 sub-probes per call (subs array length). - 30s per-sub timeout; 60s total batch wall-clock. - Concurrency cap 8 — sub-probes run in parallel but never saturate AWS. - 512 KB response cap: subs past the cap keep their envelope (index/service/action/ok) but have result replaced with truncated=true. PARTIAL FAILURE IS EXPECTED. The response is an ordered results array; each entry has {index, service, action, ok, result, error}. Inspect each result — do NOT abort on the first error. A credential fetch failure leaves cred-less probes (list-actions, list-metrics) succeeding anyway. REQUIRES: session_id from convoopen response (format: sess_v2_...). Supported services: account, alb, apigateway, backup, bedrock, cloudfront, cloudwatchlogs, cognito, cost-explorer, dynamodb, ebs, ec2, ecs, eks, elasticache, kms, lambda, msk, opensearch, rds, s3, secretsmanager, sqs, vpc, waf For a specific service's actions, use awsinspect (singular) with action="list-actions" — batch is not the place for discovery. Batch responses are always summarized (no detail/raw per-sub); use singular awsinspect when you need full metadata or raw API output for one resource. EXAMPLES: - awsinspect_batch(session_id=..., subs=[ {"service":"ec2","action":"describe-instances"}, {"service":"rds","action":"describe-db-instances"}, {"service":"vpc","action":"describe-vpcs"}, {"service":"s3","action":"list-buckets"}]) - awsinspect_batch(session_id=..., subs=[ {"service":"ec2","action":"get-metrics","filters":"{\"hours\":6}"}, {"service":"rds","action":"get-metrics","filters":"{\"hours\":6}"}])
    Connector

  • aws___get_regional_availability

    AWS Knowledge

    Check AWS resource availability across regions for products (service and features), APIs, and CloudFormation resources. ## Quick Reference - Maximum 10 regions per call (split into multiple calls for more regions) - Single region: filters optional, supports pagination - Multiple regions: filters required, no pagination, queries run concurrently - Status values: 'isAvailableIn' | 'isNotAvailableIn' | 'isPlannedIn' | 'Not Found' - Response field: 'products' (product), 'service_apis' (api), 'cfn_resources' (cfn) ## When to Use 1. Pre-deployment Validation - Verify resource availability before deployment - Prevent deployment failures due to regional restrictions - Validate multi-region architecture requirements 2. Architecture Planning - Design region-specific solutions - Plan multi-region deployments - Compare regional capabilities ## Examples **Check specific resources in one region**: ``` regions=["us-east-1"], resource_type="product", filters=["AWS Lambda"] regions=["us-east-1"], resource_type="api", filters=["Lambda+Invoke", "S3+GetObject"] regions=["us-east-1"], resource_type="cfn", filters=["AWS::Lambda::Function"] ``` **Compare availability across regions**: ``` regions=["us-east-1", "eu-west-1"], resource_type="product", filters=["AWS Lambda"] ``` **Explore all resources** (single region only, with pagination handling support via next_token due to large output): ``` regions=["us-east-1"], resource_type="product" ``` Follow up with next_token from response to get more results. ## Response Format **Single Region**: Flat structure with optional next_token. Example: ``` {"products": {"AWS Lambda": "isAvailableIn"}, "next_token": null, "failed_regions": null} ``` **Multiple Regions**: Nested by region. Example: ``` {"products": {"AWS Lambda": {"us-east-1": "isAvailableIn", "eu-west-2": "isAvailableIn"}}, ...} ``` ## Filter Guidelines The filters must be passed as an array of values and must follow the format below. 1. Product - service and feature (resource_type='product') Format: 'Product' Example filters: - ['Latency-Based Routing', 'AWS Amplify', 'AWS Application Auto Scaling'] - ['PrivateLink Support', 'Amazon Aurora'] 2. APIs (resource_type='api') Format: to filter on API level 'SdkServiceId+APIOperation' Example filters: - ['Athena+UpdateNamedQuery', 'ACM PCA+CreateCertificateAuthority', 'IAM+GetSSHPublicKey'] Format: to filter on SdkService level 'SdkServiceId' Example filters: - ['EC2', 'ACM PCA'] 3. CloudFormation (resource_type='cfn') Format: 'CloudformationResourceType' Example filters: - ['AWS::EC2::Instance', 'AWS::Lambda::Function', 'AWS::Logs::LogGroup']
    Connector

Matching MCP Servers

  • AWS Terraform MCP Server

    stv-io
    F
    license
    A
    quality
    C
    maintenance
    A containerized Model Context Protocol server that enables using natural language to develop AWS infrastructure with Terraform, offering best practices guidance, security scanning with Checkov, and access to AWS provider documentation.
    Last updated
    7

Matching MCP Connectors

  • Content to Social

    Transform any blog post or article URL into ready-to-post social media content for Twitter/X threads, LinkedIn posts, Instagram captions, Facebook posts, and email newsletters. Pay-per-event: $0.07 for all 5 platforms, $0.03 for single platform.

  • AWS Knowledge

    The AWS Knowledge MCP server is a fully managed remote Model Context Protocol server that provides real-time access to official AWS content in an LLM-compatible format. It offers structured access to AWS documentation, code samples, blog posts, What's New announcements, Well-Architected best practices, and regional availability information for AWS APIs and CloudFormation resources. Key capabilities include searching and reading documentation in markdown format, getting content recommendations, listing AWS regions, and checking regional availability for services and features.

  • tfstatus

    InsideOut (Riley)

    MONITORING: Quick status check for Terraform deployments Check the current status of a Terraform deployment job. Use this tool to quickly check if a deployment is running, completed, or failed. Returns job status, job_id, and other metadata without streaming logs. Use tflogs to stream the actual deployment logs. REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: job_id to target a specific deployment (use tfruns to discover IDs). **LIVENESS**: The response carries two distinct timestamps: - `updated_at` — last semantic change (only bumped when status / drift / version actually differ). Useful for sorting deployments; NOT a per-poll heartbeat. - `last_refresh_at` — last successful Oracle decode (stamped on every poll where reliable reached Oracle, even if nothing in the row changed). Use this to confirm reliable is still actively talking to Oracle for a long-running RUNNING job. Absent on rows that haven't been refreshed since the column was added. 💡 TIP: Examine workflow.usage prompt for more context on how to properly use these tools.
    Connector

  • aws___read_documentation

    AWS Knowledge

    Fetch and convert AWS related documentation pages to markdown format. ## Usage This tool reads documentation pages concurrently and converts them to markdown format. Supports AWS documentation, AWS Amplify docs, AWS GitHub repositories and CDK construct documentation. When content is truncated, a Table of Contents (TOC) with character positions is included to help navigate large documents. ## Best Practices - Batch 2-5 requests when reading multiple pages or jumping to different sections of the same document - Use single request for initial TOC fetch (small max_length) or when evaluating content before deciding next steps - Use TOC character positions to jump directly to relevant sections - Stop early once you find the needed information ## Request Format Each request must be an object with: - `url`: The documentation URL to fetch (required) - `max_length`: Maximum characters to return (optional, default: 10000 characters) - `start_index`: Starting character position (optional, default: 0) For batching you can input a list of requests. ## Example Request ``` { "requests": [ { "url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-management.html", "max_length": 5000, "start_index": 0 }, { "url": "https://repost.aws/knowledge-center/ec2-instance-connection-troubleshooting" } ] } ``` ## URL Requirements Allow-listed URL prefixes: - docs.aws.amazon.com - aws.amazon.com - repost.aws/knowledge-center - docs.amplify.aws - ui.docs.amplify.aws - github.com/aws-cloudformation/aws-cloudformation-templates - github.com/aws-samples/aws-cdk-examples - github.com/aws-samples/generative-ai-cdk-constructs-samples - github.com/aws-samples/serverless-patterns - github.com/awsdocs/aws-cdk-guide - github.com/awslabs/aws-solutions-constructs - github.com/cdklabs/cdk-nag - constructs.dev/packages/@aws-cdk-containers - constructs.dev/packages/@aws-cdk - constructs.dev/packages/@cdk-cloudformation - constructs.dev/packages/aws-analytics-reference-architecture - constructs.dev/packages/aws-cdk-lib - constructs.dev/packages/cdk-amazon-chime-resources - constructs.dev/packages/cdk-aws-lambda-powertools-layer - constructs.dev/packages/cdk-ecr-deployment - constructs.dev/packages/cdk-lambda-powertools-python-layer - constructs.dev/packages/cdk-serverless-clamscan - constructs.dev/packages/cdk8s - constructs.dev/packages/cdk8s-plus-33 - strandsagents.com/ Deny-listed URL prefixes: - aws.amazon.com/marketplace ## Example URLs - https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html - https://docs.aws.amazon.com/lambda/latest/dg/lambda-invocation.html - https://aws.amazon.com/about-aws/whats-new/2023/02/aws-telco-network-builder/ - https://aws.amazon.com/builders-library/ensuring-rollback-safety-during-deployments/ - https://aws.amazon.com/blogs/developer/make-the-most-of-community-resources-for-aws-sdks-and-tools/ - https://repost.aws/knowledge-center/example-article - https://docs.amplify.aws/react/build-a-backend/auth/ - https://ui.docs.amplify.aws/angular/connected-components/authenticator - https://github.com/aws-samples/aws-cdk-examples/blob/main/README.md - https://github.com/awslabs/aws-solutions-constructs/blob/main/README.md - https://constructs.dev/packages/aws-cdk-lib/v/2.229.1?submodule=aws_lambda&lang=typescript - https://github.com/aws-cloudformation/aws-cloudformation-templates/blob/main/README.md - https://strandsagents.com/docs/user-guide/quickstart/overview/index.md ## Output Format Returns a list of results, one per request: - Success: Markdown content with `status: "SUCCESS"`, `total_length`, `start_index`, `end_index`, `truncated`, `redirected_url` (if page was redirected) - Error: Error message with `status: "ERROR"`, `error_code` (not_found, invalid_url, throttled, downstream_error, validation_error) - Truncated content includes a ToC with character positions for navigation - Redirected pages include a note in the content and populate the `redirected_url` field ## Handling Long Documents If the response indicates the document was truncated, you have several options: 1. **Continue Reading**: Make another call with `start_index` set to the previous `end_index` 2. **Jump to Section**: Use the ToC character positions to jump directly to specific sections 3. **Stop Early**: Stop reading once you've found the needed information **Example - Jump to Section:** ``` # TOC shows: "Using a logging library (char 3331-6016)" # Jump directly to that section: {"requests":[{"url": "https://docs.aws.amazon.com/lambda/latest/dg/python-logging.html", "start_index": 3331, "max_length": 3000}]} ```
    Connector

  • about_emora

    mental-health-care

    [Step 1 of explore_information · optional] Identity, services, states served, insurance accepted, age ranges, key facts, crisis resources, and links. Combined site-info + services catalog. Use when: The user asks "what is Emora?" / "what services do you offer?" / "which states?" / "what insurance?" — this is the canonical "tell me about you" call. Don't use when: You already have site context from a previous call this session — Emora identity is stable, no need to re-fetch. Example: about_emora({})
    Connector

  • list_providers

    Diagrams MCP

    List all available diagram providers (aws, gcp, azure, k8s, onprem, etc.). Use list_providers -> list_services -> list_nodes to browse available node types for a specific provider.
    Connector

  • tfplan

    InsideOut (Riley)

    PREVIEW: Run terraform plan to preview infrastructure changes Runs a terraform plan for an InsideOut session without applying any changes. This lets the user review what will be created/changed/destroyed before committing. Returns job_id, plan_id, and project_id. Use tflogs to stream the plan output. After the plan completes, use tfdeploy with plan_id to apply the exact plan. SINGLE-FLIGHT: only one TF job per session at a time. If another job is already in flight, tfplan returns tf_job_conflict with the live job_id — attach with tfstatus/tflogs, or pass force_new=true to override. REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: sandbox (boolean, default false) — plans real generated Terraform. Set to true for cheap sandbox template (testing only). OPTIONAL: force_new (boolean, default false) - bypass the single-flight guard. Use only when the existing run is provably wedged. CREDENTIAL HANDLING: Same as tfdeploy - credentials must be configured first.
    Connector

  • subscribe_to_updates

    AdvocateMCP

    Subscribe an end-user's email to topical updates from a business (deals, schedule changes, new services). Returns a confirmation_token + confirmation_url; the user MUST click the URL within 7 days to activate. Re-subscribing an already-confirmed email merges topics without re-confirming.
    Connector

  • awsinspect

    InsideOut (Riley)

    INSPECTION: Inspect AWS infrastructure for a deployed project ⚠️ **PREREQUISITE**: This tool requires a prior deployment ATTEMPT (successful or failed). Check convostatus for hasDeployAttempt=true before calling. Works even after failed deploys to inspect orphaned resources. Inspect deployed AWS resources after a deployment attempt. Use this tool when the user asks about the status or details of their deployed infrastructure. It fetches temporary read-only credentials securely and queries the AWS API directly. RESPONSE TIERS (default is summary for token efficiency): - Summary (default): Key fields only (~500 tokens). Set detail=false, raw=false or omit both. - Detail: Full metadata for a specific resource. Set detail=true + resource filter. - Raw: Complete unprocessed API response. Set raw=true. REQUIRES: session_id from convoopen response (format: sess_v2_...). Supported services: account, alb, apigateway, backup, bedrock, cloudfront, cloudwatchlogs, cognito, cost-explorer, dynamodb, ebs, ec2, ecs, eks, elasticache, kms, lambda, msk, opensearch, rds, s3, secretsmanager, sqs, vpc, waf For a specific service's actions, call with action="list-actions". METRICS: Use list-metrics to discover available metrics for a service (no credentials needed). Then use get-metrics to retrieve data (auto-discovers resources). Most services return CloudWatch time-series. KMS returns key health (rotation, state). SecretsManager returns secret health (rotation, last accessed/rotated). Optional filters JSON: {"hours":6,"period":300}. BILLING: Use service=cost-explorer to inspect AWS costs. Actions: get-cost-summary (last 30 days by service, filters: {"days":7,"granularity":"DAILY"}), get-cost-forecast (projected spend through end of month), get-cost-by-tag (costs grouped by tag, filters: {"tag_key":"Environment","days":30}). Requires ce:GetCostAndUsage and ce:GetCostForecast IAM permissions. EXAMPLES: - awsinspect(session_id=..., service="ec2", action="describe-instances") - awsinspect(session_id=..., service="cost-explorer", action="get-cost-summary") - awsinspect(session_id=..., service="ec2", action="get-metrics", filters="{\"hours\":6}") - awsinspect(session_id=..., service="rds", action="describe-db-instances", detail=true)
    Connector

  • credawait

    InsideOut (Riley)

    Wait for the user to securely connect their cloud account and subscribe to Luther Systems. Polls until credentials appear on the session. 🎯 USE THIS TOOL WHEN: tfdeploy returns an 'auth_required', 'no_credentials', or 'credentials_expired' error. The user needs to visit the connect URL to: 1. Connect their cloud credentials (AWS or GCP) 2. Sign up and subscribe to a Luther Systems plan (required for deployment) This secure connection allows InsideOut to deploy and manage infrastructure in the user's cloud account on their behalf. Credentials are handled securely and only used for deployment and management sessions. WORKFLOW: 1. FIRST: Present the connect URL and explanation to the user (from the tfdeploy error response) 2. THEN: Call this tool to begin polling for credentials 3. The user opens the URL in their browser to subscribe and add credentials 4. When credentials are found, inform the user and call tfdeploy to deploy IMPORTANT: Do NOT call this tool without first showing the connect URL to the user. The user needs to see the URL to complete the process. REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: cloud ('aws' or 'gcp'), timeout (integer, seconds to wait, default 300, max 600).
    Connector

  • convoopen

    InsideOut (Riley)

    WORKFLOW: Step 1 of 4 - Start infrastructure design conversation Open an InsideOut V2 session and receive the assistant's intro message. The response contains a clean message from Riley (the infrastructure advisor) - display it to the user. ⚠️ Riley will ask questions - forward these to the user, DO NOT answer on their behalf. CRITICAL: This tool returns a session_id in the response metadata. You MUST use this session_id for ALL subsequent tool calls (convoreply, tfgenerate, tfdeploy, etc.). Use when the user mentions keywords like: 'setup my cloud infra', 'provision infrastructure', 'deploy infra', 'start insideout', 'use insideout', or similar intent to begin infra setup. OPTIONAL: project_context (string) - General tech stack summary so Riley can skip discovery questions and jump to recommendations. The agent should confirm this with the user before sending. Include whichever apply: language/framework, databases/services, container usage, existing IaC, CI/CD platform, cloud provider, Kubernetes usage, what the project does. Example: 'Next.js 14 + TypeScript, PostgreSQL, Redis, Docker Compose, deployed to AWS ECS, GitHub Actions CI/CD, ~50k MAU'. NEVER include credentials, secrets, API keys, PII, source code, or internal URLs/IPs -- only general metadata summaries useful to a cloud architect agent. IMPORTANT: source (string) - You MUST set this to identify which IDE/tool you are. Auto-detect from your environment: 'claude-code', 'codex', 'antigravity', 'kiro', 'vscode', 'web', 'mcp'. If unsure, use the name of your IDE/tool in lowercase. Do NOT omit this — it controls the 'Open {IDE}' button on the credential connect screen. OPTIONAL: github_username (string) - GitHub username for deploy commit attribution. Pre-populates the GitHub username field on the connect page. 💡 TIP: Examine workflow.usage prompt for more context on how to properly use these tools.
    Connector

  • tfstatus

    InsideOut (Riley)

    MONITORING: Quick status check for Terraform deployments Check the current status of a Terraform deployment job. Use this tool to quickly check if a deployment is running, completed, or failed. Returns job status, job_id, and other metadata without streaming logs. Use tflogs to stream the actual deployment logs. REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: job_id to target a specific deployment (use tfruns to discover IDs). **LIVENESS**: The response carries two distinct timestamps: - `updated_at` — last semantic change (only bumped when status / drift / version actually differ). Useful for sorting deployments; NOT a per-poll heartbeat. - `last_refresh_at` — last successful Oracle decode (stamped on every poll where reliable reached Oracle, even if nothing in the row changed). Use this to confirm reliable is still actively talking to Oracle for a long-running RUNNING job. Absent on rows that haven't been refreshed since the column was added. 💡 TIP: Examine workflow.usage prompt for more context on how to properly use these tools.
    Connector

  • search_providers

    LocalPro

    Search for verified local service providers across 9 trade categories: floor coating (epoxy/polyaspartic), radon mitigation, crawl space repair, laundry pickup & delivery, mold/asbestos abatement, basement waterproofing, foundation/slab repair, septic pump services, and water damage restoration. Returns provider name, rating, review count, business status, services offered, certifications, years in business, and a link to the full profile with contact details. Each provider includes Google Maps URL when available. Covers major US metro areas. Use list_niches first to get valid niche IDs, and list_service_types for valid service_type values.
    Connector

  • convoopen

    InsideOut (Riley)

    WORKFLOW: Step 1 of 4 - Start infrastructure design conversation Open an InsideOut V2 session and receive the assistant's intro message. The response contains a clean message from Riley (the infrastructure advisor) - display it to the user. ⚠️ Riley will ask questions - forward these to the user, DO NOT answer on their behalf. CRITICAL: This tool returns a session_id in the response metadata. You MUST use this session_id for ALL subsequent tool calls (convoreply, tfgenerate, tfdeploy, etc.). Use when the user mentions keywords like: 'setup my cloud infra', 'provision infrastructure', 'deploy infra', 'start insideout', 'use insideout', or similar intent to begin infra setup. OPTIONAL: project_context (string) - General tech stack summary so Riley can skip discovery questions and jump to recommendations. The agent should confirm this with the user before sending. Include whichever apply: language/framework, databases/services, container usage, existing IaC, CI/CD platform, cloud provider, Kubernetes usage, what the project does. Example: 'Next.js 14 + TypeScript, PostgreSQL, Redis, Docker Compose, deployed to AWS ECS, GitHub Actions CI/CD, ~50k MAU'. NEVER include credentials, secrets, API keys, PII, source code, or internal URLs/IPs -- only general metadata summaries useful to a cloud architect agent. IMPORTANT: source (string) - You MUST set this to identify which IDE/tool you are. Auto-detect from your environment: 'claude-code', 'codex', 'antigravity', 'kiro', 'vscode', 'web', 'mcp'. If unsure, use the name of your IDE/tool in lowercase. Do NOT omit this — it controls the 'Open {IDE}' button on the credential connect screen. OPTIONAL: github_username (string) - GitHub username for deploy commit attribution. Pre-populates the GitHub username field on the connect page. 💡 TIP: Examine workflow.usage prompt for more context on how to properly use these tools.
    Connector

  • awsinspect

    InsideOut (Riley)

    INSPECTION: Inspect AWS infrastructure for a deployed project ⚠️ **PREREQUISITE**: This tool requires a prior deployment ATTEMPT (successful or failed). Check convostatus for hasDeployAttempt=true before calling. Works even after failed deploys to inspect orphaned resources. Inspect deployed AWS resources after a deployment attempt. Use this tool when the user asks about the status or details of their deployed infrastructure. It fetches temporary read-only credentials securely and queries the AWS API directly. RESPONSE TIERS (default is summary for token efficiency): - Summary (default): Key fields only (~500 tokens). Set detail=false, raw=false or omit both. - Detail: Full metadata for a specific resource. Set detail=true + resource filter. - Raw: Complete unprocessed API response. Set raw=true. REQUIRES: session_id from convoopen response (format: sess_v2_...). Supported services: account, alb, apigateway, backup, bedrock, cloudfront, cloudwatchlogs, cognito, cost-explorer, dynamodb, ebs, ec2, ecs, eks, elasticache, kms, lambda, msk, opensearch, rds, s3, secretsmanager, sqs, vpc, waf For a specific service's actions, call with action="list-actions". METRICS: Use list-metrics to discover available metrics for a service (no credentials needed). Then use get-metrics to retrieve data (auto-discovers resources). Most services return CloudWatch time-series. KMS returns key health (rotation, state). SecretsManager returns secret health (rotation, last accessed/rotated). Optional filters JSON: {"hours":6,"period":300}. BILLING: Use service=cost-explorer to inspect AWS costs. Actions: get-cost-summary (last 30 days by service, filters: {"days":7,"granularity":"DAILY"}), get-cost-forecast (projected spend through end of month), get-cost-by-tag (costs grouped by tag, filters: {"tag_key":"Environment","days":30}). Requires ce:GetCostAndUsage and ce:GetCostForecast IAM permissions. EXAMPLES: - awsinspect(session_id=..., service="ec2", action="describe-instances") - awsinspect(session_id=..., service="cost-explorer", action="get-cost-summary") - awsinspect(session_id=..., service="ec2", action="get-metrics", filters="{\"hours\":6}") - awsinspect(session_id=..., service="rds", action="describe-db-instances", detail=true)
    Connector

  • tfoutputs

    InsideOut (Riley)

    INSPECTION: Retrieve Terraform outputs from a completed deployment Returns structured output values (VPC IDs, endpoints, cluster names, etc.) after a successful deploy. Sensitive outputs are redacted (shown as '(sensitive)'). By default returns outputs for the latest successful deploy. Optionally specify job_id to get outputs for a specific deployment. REQUIRES: session_id from convoopen response (format: sess_v2_...). OPTIONAL: job_id (specific deployment), lifecycle (filter by step e.g. 'cloud-provision').
    Connector