Available Tools

What your IDE can do over MCP — the read tools, the cygent_chat companion, and what each key scope unlocks.

Overview

When you connect an MCP client (Claude Code, Cursor, Codex, VS Code, Windsurf, Zed) to your Cygent agent, the client's AI agent picks up two kinds of capability:

  1. Atomic read tools — fast, direct lookups that never start a job (cygent_findings, cygent_list_projects, …).
  2. cygent_chat — one conversational tool that routes plain English through the same brain that powers your Slack/Discord/Telegram agent. This is how the IDE triggers audits and reviews, runs dependency scans, and changes findings.

You don't call these tools directly. Your IDE's agent composes them from your natural-language requests. This page is for understanding what it can do.

ℹ️

Everything an MCP key can do is bounded by its scope (read / operate / mutate) — see What each scope unlocks. There are no confirmation prompts over MCP; the scope is the guard.

Read tools

These return instantly and never start a job:

ToolPurpose
cygent_list_projectsEvery connected repo with its findings summary. Call this first — use the exact owner-repo name everywhere else.
cygent_project_statusDetailed status for one project.
cygent_findingsCompact list of findings, filterable by severity/status.
cygent_finding_detailFull body for one finding (issue_N): root cause, affected code, attack vector, and the authoritative recommendation.
cygent_job_statusPoll an audit/review/scan job_id to completion.
cygent_dependency_vulnerabilitiesVulnerability counts + severity breakdown for a project.
cygent_dependency_advisoriesPaginated list of dependency advisories.
cygent_dependency_advisoryOne advisory's detail.
cygent_kb_querySemantic Q&A over the audited codebase's knowledge base.

cygent_check_code is the one analysis tool that isn't instant: pass Solidity (or Rust/Go/Move) source and it starts a short, one-off CARA analysis, returning a job_id to poll with cygent_job_status. It doesn't touch any project's findings.

cygent_chat — the conversational companion

cygent_chat is the main surface for anything beyond a read. You describe an intent in plain English and the brain reasons across multiple steps, exactly as it does in Slack:

  • "Audit owner-repo" → queues an audit, returns a job_id immediately.
  • "Review PR 42 on owner-repo" → queues a PR review, returns a job_id.
  • "Scan dependencies for owner-repo" → queues a dependency scan.
  • "Triage and file this finding: …" → routes through the engine-validated triage job (returns a job_id; the finding appears or is rejected once the job completes).
  • "Mark issue_3 as a false positive" → updates the finding (mutate scope).

Long-running work never blocks the call: cygent_chat returns a job_id fast, and your agent polls cygent_job_status until it's done. Replies cite findings by their canonical issue_N id and include a structured referenced_findings list, so your IDE can reliably branch on exactly which findings were discussed.

ℹ️

cygent_chat requires a per-user key (created in Settings → API Keys) and is only available on orgs with the companion feature enabled. Triggering audits/reviews/triage happens through cygent_chat, not as standalone tools.

What each scope unlocks

CapabilityReadOperateMutate
Read tools (findings, projects, dependencies, KB, job status)
Repo exploration, memory search, knowledge queries via cygent_chat
Trigger audits, PR reviews, triage, dependency scans, code checks
Change findings (mark fixed/invalid, update status) and settings

Blocked at every scope, by design — the companion can never:

  • Run shell commands, manage GitHub, open issues, schedule tasks, join meetings, or post to chat channels.
  • Write a finding directly. Finding creation always goes through the async, engine-validated triage job, so nothing is written without the analysis engine confirming it.

Catalog evolution

The read tools and cygent_chat are defined centrally and exposed over MCP. As new capabilities ship, they appear in your IDE automatically — you don't update anything on your end. Clients that show the MCP tool list (e.g. /mcp in Claude Code) display the current tools with a cygent_ prefix; rely on the capability descriptions above rather than memorizing exact names.