Tools reference
This page lists the tools implemented bycoding_tools_mcp.server. Tool availability depends on --tool-profile.
Profiles
| Profile | Exposed tools |
|---|---|
full | All implemented tools. |
read-only | Inspection tools only. Mutating process, patch, cwd, and permission tools are hidden. |
compat-readonly-all | Compatibility mode that marks exposed tools as read-only even when some can mutate local state. |
Server and workspace tools
| Tool | Purpose | Important inputs |
|---|---|---|
server_info | Returns server metadata, protocol information, active profile, and capability details. | none |
check_exec_environment | Reports command execution environment and confinement status. | none |
get_default_cwd | Returns the runtime default working directory. | none |
set_default_cwd | Changes the default working directory for subsequent relative command operations. | path |
set_default_cwd is not exposed by the read-only profile.
File and search tools
| Tool | Purpose | Important inputs |
|---|---|---|
read_file | Reads UTF-8 text from a workspace file. | path, start_line, end_line, max_bytes, encoding |
list_dir | Lists direct or recursive directory entries. | path, recursive, max_depth, max_entries, include_hidden, include_ignored, sort |
list_files | Finds files by glob-style patterns. | path, patterns, glob, exclude_patterns, include_hidden, include_ignored, max_results, sort |
search_text | Searches text using literal or regex matching. | query, path, regex, case_sensitive, include_globs, exclude_globs, context_lines, max_results |
read_filesupports onlyutf-8and rejects binary-looking files.read_file.max_bytesis capped at 1 MiB.search_textusesrgwhen available and falls back to Python scanning.- Default ignored names include
.git,node_modules, build outputs, virtualenvs, and common cache directories.
Editing tool
| Tool | Purpose | Important inputs |
|---|---|---|
apply_patch | Applies a unified patch to files in the workspace. | patch, dry_run |
apply_patch is hidden in read-only. Use dry_run to validate a patch without writing files.
Command tools
| Tool | Purpose | Important inputs |
|---|---|---|
exec_command | Starts or runs a command in the workspace. | cmd, workdir, timeout_ms, yield_time_ms, max_output_bytes, stdin, tty, env |
write_stdin | Sends input to a running command session. | session_id, chars, yield_time_ms, max_output_bytes |
kill_session | Terminates a running command session. | session_id, signal, wait_ms, max_output_bytes |
safe, network-looking commands, shell expansion, inline scripts, sensitive environment values, and broad temp writes are blocked. In trusted, local development workflows are allowed while secret filtering and Landlock remain active when available. In dangerous, command permission gates are disabled.
Git tools
| Tool | Purpose | Important inputs |
|---|---|---|
git_status | Returns repository status. | path, include_untracked, max_entries |
git_diff | Returns staged or unstaged diffs. | path, paths, staged, unstaged, context_lines, max_bytes |
git_log | Returns recent commits. | path, ref, max_count, skip |
git_show | Shows a revision, optionally with diff. | rev, path, paths, include_diff, context_lines, max_bytes |
git_blame | Returns blame information for a line range. | path, rev, start_line, end_line, max_lines |
Permission tool
| Tool | Purpose | Important inputs |
|---|---|---|
request_permissions | Requests permission for a gated operation such as command network access or patch execution. | tool_name, permission, reason, arguments, scope, ttl_seconds |
tool_name values are exec_command and apply_patch. Permission names include network, destructive_command, long_timeout, sensitive_env, shell_expansion, inline_script, privileged_executable, and write_generated_or_ignored.
Image tool
| Tool | Purpose | Important inputs |
|---|---|---|
view_image | Reads a local image and returns either an MCP image payload or a data URL. | path, max_bytes, max_width, max_height, auto_resize, output |
view_image is enabled by default unless CODING_TOOLS_MCP_ENABLE_VIEW_IMAGE=0 or --enable-view-image is not used in a wrapper that disables it. The input file must be within the workspace path boundary.
Output convention
Tool calls return MCP content plus structured output. Successful tool payloads includeok: true where applicable. Failures are surfaced as structured errors with a code, message, category, retryability flag, and diagnostic details when available.