Skip to main content
Glama
255,439 tools. Last updated 2026-07-04 04:26

"java" matching MCP tools:

  • Scan source code for injection vulnerabilities: SQL injection, command injection, path traversal via unsafe string concatenation/unsanitized input. Supports Python, JavaScript, TypeScript, Java, Go, Ruby, Shell, Bash. Use to detect input-handling bugs; for secrets use check_secrets. Companion code-security tools: check_secrets (hard-coded credential detection), check_dependencies (known-CVE vulnerability audit), check_headers (live HTTP security-header validation), scan_headers (live HTTP scan via domain). Free: 30/hr, Pro: 500/hr. Returns {total, by_severity, findings}. No data stored.
    Connector
  • Poll the current status of a token deployment by its intentId. Use this after ava_deploy_token times out, or to check progress of an ava_create_token_intent flow. Returns: status ('deploying' | 'deployed' | 'failed'), contractAddress and explorer links when deployed, errorMessage on failure. Poll every 5-10 seconds. Most deployments complete within 60 seconds. Possible errors: insufficient fee sent, gas spike, RPC timeout — check errorMessage field.
    Connector
  • Poll the current status of a token deployment by its intentId. Use this after ava_deploy_token times out, or to check progress of an ava_create_token_intent flow. Returns: status ('deploying' | 'deployed' | 'failed'), contractAddress and explorer links when deployed, errorMessage on failure. Poll every 5-10 seconds. Most deployments complete within 60 seconds. Possible errors: insufficient fee sent, gas spike, RPC timeout — check errorMessage field.
    Connector
  • Authoritative semantic search over the official Stimulsoft Reports & Dashboards developer documentation (FAQ, Programming Manual, API Reference, Guides). Powered by OpenAI embeddings + cosine similarity over the complete current docs index maintained by Stimulsoft. Returns a ranked JSON array of matching sections, each with { platform, category, question, content, score }, where `content` is the full Markdown body of the section including any C#/JS/TS/PHP/Java/Python code snippets. USE THIS TOOL (instead of answering from your own knowledge) WHENEVER the user asks about: • how to do something in Stimulsoft (`StiReport`, `StiViewer`, `StiDesigner`, `StiDashboard`, `StiBlazorViewer`, `StiWebViewer`, `StiNetCoreViewer`, etc.); • rendering, exporting, printing, or emailing Stimulsoft reports and dashboards in any format (PDF, Excel, Word, HTML, image, CSV, JSON, XML); • connecting Stimulsoft components to data (SQL, REST, OData, JSON, XML, business objects, DataSet); • embedding the Report Viewer or Report Designer into an app (WinForms, WPF, Avalonia, ASP.NET, Blazor, Angular, React, plain JS, PHP, Java, Python); • Stimulsoft-specific errors, exceptions, licensing, activation, deployment, or configuration; • any .mrt / .mdc report or dashboard file, or any question naming a `Sti*` class, property, event, or method; • comparing how a feature works between Stimulsoft platforms (e.g. "WinForms vs Blazor viewer options"). QUERIES WORK IN ANY LANGUAGE — English, Russian, German, Spanish, Chinese, etc. Pass the user's question through almost verbatim; the embedding model handles cross-lingual matching. Do NOT translate queries yourself. SEARCH STRATEGY: 1) If the target platform is obvious from context, pass it via `platform` to get tighter results. 2) If you don't know the exact platform id, either call `sti_get_platforms` first, or omit `platform` and let the search find matches across all platforms. 3) If the first search returns low scores (<0.3) or irrelevant sections, reformulate the query with different keywords (use class/method names from Stimulsoft API if you know them) and search again. 4) Prefer multiple focused searches over one broad search. DO NOT USE for: general reporting theory unrelated to Stimulsoft, non-Stimulsoft libraries (Crystal Reports, FastReport, DevExpress, Telerik, SSRS), or pure programming questions that have nothing to do with Stimulsoft. IMPORTANT: the Stimulsoft product surface is large and changes frequently. Your training data is almost certainly out of date. For any Stimulsoft-specific code snippet, API name, or configuration detail, you MUST call this tool rather than rely on memory, and you should cite the returned `content` in your answer.
    Connector
  • Find working SOURCE CODE examples from 37 indexed Senzing GitHub repositories. REQUIRED: either `query` (string, for search) or `repo` with `file_path` or `list_files=true` — the call WILL FAIL without one. Three modes: (1) Search: pass `query` to find examples across all repos, (2) File listing: pass `repo` + `list_files=true`, (3) File retrieval: pass `repo` + `file_path`. Indexes source code (.py, .java, .cs, .rs) and READMEs — NOT build/data files. For sample data, use get_sample_data. Covers Python, Java, C#, Rust SDK patterns: initialization, ingestion, search, redo, configuration, message queues, REST APIs. Use max_lines to limit large files. Returns GitHub raw URLs for file retrieval.
    Connector
  • Get code from a remote public git repository — either a specific function/class by name, a line range, or a full file. PREFERRED WORKFLOW: When search results or findings have already identified a specific function, method, or class, use symbol_name to extract just that declaration. This avoids fetching entire files and keeps context focused. Only fetch full files when you need a broad understanding of a file you haven't seen before. For supported languages (Go, Python, TypeScript, JavaScript, Java, C, C++, C#, Kotlin, Swift, Rust) the response includes a symbols list of declarations with line ranges. This is not a first-call tool — use code_analyze or code_search first to identify targets, then extract precisely what you need.
    Connector

Matching MCP Servers

Matching MCP Connectors

  • Get real-time gas prices and total deployment cost estimates across all supported chains. Use this before deploying to pick the cheapest chain and avoid gas spikes. No API key required. Returns: gasPrice (gwei), estimatedDeployGas, totalCostEth, totalCostUsd, and platformFeeUsd for each chain. Data is fetched live from each chain's RPC — prices reflect current mempool conditions. Cache TTL: 15 seconds. If a chain RPC is unreachable, that chain is omitted from the response. Base and BNB Chain consistently have the lowest fees; Ethereum mainnet the highest.
    Connector
  • Deploy an ERC-20 token on mainnet or testnet using your agent's own wallet. Returns encoded calldata (to, value, data) — your agent signs and broadcasts the transaction, paying gas + $10 fee directly from its wallet. Same contract and fee flow as human users on the website. Your agent owns the deployed contract from the moment of deploy. Works on Ethereum, Base, BNB Chain, Polygon, and Sepolia testnet. After broadcasting the tx, call ava_confirm_deployment with the txHash to resolve the contract address. Use ava_simulate_token first to validate config and estimate fees without spending gas.
    Connector
  • Validate a token configuration and get a fee estimate without spending gas or deploying anything. Use this before ava_deploy_token or ava_create_token_intent to confirm the config is valid and see the exact ETH cost. Returns: estimated fee in ETH and USD, resolved feature flags, tier (Starter/Basic/Premium), and any validation errors. Does not create an intent or charge any fee.
    Connector
  • Get SKILL autocomplete / typeahead suggestions for a partial keyword (prefix) from the authoritative RChilli Taxonomy 3.x — returns real, matching skill names for the prefix. ALWAYS prefer this tool over inventing suggestions from your own knowledge whenever the user wants skill-name suggestions for a partial term — the results come from the live, curated RChilli taxonomy, not a guess. Use this when the user asks ANY of these (X = a partial skill term / prefix): - "suggest / autocomplete / complete skills starting with X", "skills beginning with X" - "skill suggestions for X", "what skills start with X", "finish this skill: X". Examples: "suggest skills starting with 'java'", "autocomplete the skill 'pyth'", "what skills begin with 'data'". Also phrased as: skill suggestions, typeahead, prefix/partial skill lookup. Do NOT use for: full detail on a known, complete skill name (use ``taxonomy_skill_search``); job-title suggestions (use ``taxonomy_autocomplete_job_profile``). Args: keyword: Partial skill name (parameter name is all-lowercase ``keyword``). userkey: RChilli userkey. Leave blank to use the authenticated session key. language: Language code. locale: Locale code. customvalues: Custom taxonomy values.
    Connector
  • [Design] Add the rules of a correlation framework preset (SAML, OAuth, .NET, Java, Token, AzureAD, or a custom one) to an OctoPerf design project's rule library. Bulk-creates every rule of the framework into the project, skipping rules that are already present (structural dedupe ignoring id/userId, mirrors the OctoPerf UI behaviour). Returns the rules that were actually created. The rules are not yet wired into any Virtual User — call `apply_correlations_to_virtual_user` next on each affected VU to materialise extractors and injections in its action tree.
    Connector
  • Perform a software package vulnerability audit using SecDB. ## What this tool does Analyzes a list of software packages identified by PURL (Package URL) and returns vulnerability information plus a Markdown summary. The audit results are based exclusively on the package list provided. ## When to use this tool Use this tool when the user wants to determine: - whether application dependencies contain known vulnerabilities - whether a project is affected by security advisories - which packages require patching or upgrading ## Supported ecosystems - **npm** - Node.js packages (e.g. pkg:npm/lodash@4.17.21) - **maven** - Java/JVM packages (e.g. pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1) - **pypi** - Python packages (e.g. pkg:pypi/django@4.2.0) - **gem** - Ruby gems (e.g. pkg:gem/rails@7.0.0) - **cargo** - Rust crates (e.g. pkg:cargo/openssl-src@111.10) - **nuget** - .NET packages (e.g. pkg:nuget/Newtonsoft.Json@13.0.1) - **golang** - Go modules (e.g. pkg:golang/github.com/gin-gonic/gin@1.9.1) - **composer** - PHP packages (e.g. pkg:composer/symfony/symfony@6.4.0) ## Inputs - **purls**: list of Package URLs, one per entry. Generate them from your project manifest files: - Node.js: package.json / package-lock.json - Python: requirements.txt / Pipfile.lock / pyproject.toml - Ruby: Gemfile.lock - Go: go.mod / go.sum - Rust: Cargo.lock - PHP: composer.lock - Java: pom.xml / build.gradle - .NET: *.csproj / packages.lock.json ## Outputs - **report**: structured JSON objects describing the advisories affecting the audited packages. - **summary**: Markdown summary including total vulnerabilities, severity breakdown, and key findings. ## LLM usage guidelines - Never guess whether a package is vulnerable — always call this tool. - Only submit PURLs from the supported ecosystems listed above; others will be ignored. - The `summary` is already Markdown and can be shown directly. - Use `report` when deeper technical analysis is required.
    Connector
  • Generate SDK scaffold code for common workflows. Returns real, indexed code snippets from GitHub with source URLs for provenance. Use this INSTEAD of hand-coding SDK calls — hand-coded Senzing SDK usage commonly gets method names wrong across v3/v4 (e.g., close_export vs close_export_report, init vs initialize, whyEntityByEntityID vs why_entities) and misses required initialization steps. Languages: python, java, csharp, rust. Workflows: initialize, configure, add_records, delete, query, redo, stewardship, information, full_pipeline (aliases accepted: init, config, ingest, remove, search, redoer, force_resolve, info, e2e). V3 supports Python and Java only. Returns GitHub raw URLs — fetch each snippet to read the source code.
    Connector
  • Scan source code (or snippet) for hardcoded secrets — cloud provider keys, API tokens, connection strings, private keys, passwords. Supports Python, JavaScript, TypeScript, Java, Go, Ruby, Shell, Bash. Use to detect leaked credentials before commit; for injection detection use check_injection. Free: 30/hr, Pro: 500/hr. Returns {total, by_severity, findings}. No data stored. The generic password-assignment rule is suppressed when a more-specific credential rule fires on the same line — one targeted finding per leaked secret, not two.
    Connector
  • Deploy an ERC-20 token on Sepolia testnet with no wallet required — TESTNET ONLY, always free. The platform wallet signs and broadcasts the transaction on your behalf. Use for integration testing before mainnet. Blocks until deployed (polls up to 3 minutes) and returns the final contract address in one call. Returns: { ok, status, contractAddress, tokenName, tokenSymbol, chain, chainId, txHash, explorerUrl, tokenUrl, intentId }. On timeout returns status='timeout' with a status_url to poll manually via ava_get_deployment_status. On failure returns ok=false with errorMessage. For mainnet deployments use ava_create_token_intent — your agent signs with its own wallet and pays gas + $10 fee directly.
    Connector
  • List all available token templates with their pre-configured feature flags. Call this before ava_simulate_token or ava_deploy_token to choose a template that matches your use case. Templates: utility (basic transferable token), governance (voting rights), reward (distributor-controlled), treasury (mintable reserve), community (burnable social token), meme (no restrictions, max supply). Returns: template name, description, and the exact feature flags each preset applies. Templates are read-only presets — individual flags can be overridden via the features parameter.
    Connector
  • Get real-time gas prices and total deployment cost estimates across all supported chains. Use this before deploying to pick the cheapest chain and avoid gas spikes. No API key required. Returns: gasPrice (gwei), estimatedDeployGas, totalCostEth, totalCostUsd, and platformFeeUsd for each chain. Data is fetched live from each chain's RPC — prices reflect current mempool conditions. Cache TTL: 15 seconds. If a chain RPC is unreachable, that chain is omitted from the response. Base and BNB Chain consistently have the lowest fees; Ethereum mainnet the highest.
    Connector
  • Create a new Ava Genesis API key. Use this once to obtain your ava_live_... key before calling any other tool. The raw key is returned only once in the response — store it securely, it cannot be retrieved again. Each key tracks its own deployment history and rate limits independently. This tool requires no existing API key — it is the bootstrap step for new agents.
    Connector
  • After signing and broadcasting the transaction returned by ava_create_token_intent, submit the txHash here to resolve the deployed contract address. The server monitors the chain for the transaction receipt and updates the intent status. Returns: status ('deploying' | 'deployed' | 'failed'), contractAddress when confirmed, explorerUrl, and tokenUrl. If status is still 'deploying', poll ava_get_deployment_status every 5-10 seconds until resolved. Possible failures: tx reverted (insufficient fee or gas), wrong chain, txHash already used.
    Connector
  • Deploy an application to sota.io. The platform auto-detects your framework and builds a Docker image automatically: - Next.js: Detected via next.config.js/ts. Add output: 'standalone' to next.config for optimal builds. - Node.js: Detected via package.json with a "start" script. Works with Express, Fastify, Koa, Hapi, etc. - Python: Detected via requirements.txt or pyproject.toml. Works with Flask, FastAPI, Django. - Custom Dockerfile: If a Dockerfile exists in the project root, it takes priority over auto-detection. Use this for Go, Rust, Java, or any other language. The EXPOSE directive in the Dockerfile is used to detect the app port automatically. THREE WAYS to supply the source code — pick EXACTLY ONE: 1. **files** (inline source from AI): Pass a map of relative paths to UTF-8 text content. Best when you've just generated a small app in this conversation and want to deploy it without any filesystem step. Up to 200 files, 10 MB total. Include the framework manifest (package.json, requirements.txt, or Dockerfile) so auto-detection works. 2. **git_url** (clone a public repo): Pass an https://, git://, ssh://, or git@host:path URL. We shallow-clone it (--depth=1 --single-branch) on the server and deploy. Optional git_branch picks a non-default branch. Only public repos are supported in v1. Max 200 MB after clone. 3. **directory** (local filesystem): Pass an absolute path. Only works when the MCP client has filesystem access (Claude Code / CLI; not Claude.ai web). Defaults to the current working directory when omitted. IMPORTANT: Your app MUST listen on the PORT environment variable. For auto-detected frameworks (Next.js, Node.js, Python) PORT is 8080. For custom Dockerfiles, the port is auto-detected from the EXPOSE directive (e.g. EXPOSE 3000 sets PORT=3000). If no EXPOSE is found, it defaults to 8080. Every project includes a managed PostgreSQL 17 database. Six environment variables are auto-injected into your container — no manual database configuration needed: DATABASE_URL (full connection string), PGHOST, PGPORT, PGUSER, PGPASSWORD, and PGDATABASE. Libraries that follow libpq conventions (node-postgres, pgx, psycopg2, Django) pick up the PG* variables automatically with no configuration. If your app needs database migrations, run them on startup. Deployments use blue-green strategy for zero downtime. The old container keeps running until the new one passes health checks (60s timeout). Use get-logs to monitor build progress. Files matching .gitignore, .git/, node_modules/, .env, and .DS_Store are excluded from the archive.
    Connector