Available Tools
The MCP tool catalog your IDE gets access to when connected to a Cygent agent — findings, projects, code analysis, and status.
Overview
When you connect an MCP client (Claude Code, Cursor, Codex, VS Code Copilot, Windsurf, Zed) to your Cygent agent, the client's AI agent gains access to a catalog of Cygent tools. These are the actions it can take on your behalf — reading findings, triaging false positives, analyzing Solidity inline, checking audit status.
You do not call these tools directly. Your IDE's AI agent composes them based on natural-language requests. This page is for understanding what the agent can do, not for memorizing tool names.
The tool catalog is the authoritative IDE surface area. Anything here is something your Claude Code / Cursor / etc. session can do with your Cygent instance once the MCP connection is set up. See MCP setup for connecting.
Finding management
Findings are the primary thing your IDE interacts with. These tools let the IDE's agent browse, inspect, triage, and create findings without leaving the editor.
| Tool | Purpose | Typical use |
|---|---|---|
| List findings | Pull all findings for a project, filtered by severity and status | "What High findings are open on this repo?" |
| Finding detail | Fetch full context: title, root cause, recommendation, affected code, attack vector | Needed whenever the agent has to reason about a fix |
| Mark finding invalid | Reject a finding as a false positive with a reason | The IDE concludes a CEI violation is unreachable |
| Update finding status | Move between Active / Resolved / Won't Fix | After shipping a fix or an accept-the-risk decision |
| Create manual finding | File a new finding from code review with full context | Something the IDE spotted that CARA didn't |
| Delete finding | Soft-delete a finding; recoverable | Code the finding references has been removed entirely |
When the IDE agent uses these: almost any Cygent-related workflow touches list + detail. Triage-heavy sessions hit mark-invalid and update-status frequently. Create-finding is the one you'll use least often but value most — it's how you capture a bug you spotted manually.
Project operations
These tools let the IDE agent understand which repos are connected and what's happening with them.
| Tool | Purpose | Typical use |
|---|---|---|
| List projects | Enumerate every connected repo with language, status, audit state | "Which of my repos is actually hooked up to Cygent?" |
| Audit status | Check whether an audit is queued, running, or complete | Kickoff workflows that depend on audit state |
| Review status | Same for PR reviews — is one in flight, how far along | Gating a follow-up action on review completion |
When the IDE agent uses these: at the start of a session to orient itself, and whenever you kick off an action that depends on audit state.
Code analysis
These tools analyze Solidity inline, without needing to round-trip through a full audit.
| Tool | Purpose | Typical use |
|---|---|---|
| Analyze Solidity | Targeted security analysis on a snippet or file | "Is this function I just wrote safe?" in-editor checks |
| Check code | Verify a set of proposed changes is safe before you commit | Pre-commit pre-flight on a diff |
Use Analyze Solidity to sanity-check code as you're writing it. Use the full dashboard audit when you want CARA's deep protocol-aware reasoning across the whole codebase.
Status polling
These are the glue tools. They don't do new work — they report on work that's happening elsewhere.
| Tool | Purpose | Typical use |
|---|---|---|
| Poll audit progress | Given an audit ID, return current phase + ETA | "Run an audit and tell me when it's done" loops |
| Poll review progress | Same for PR reviews | Gating on review completion |
Typical workflows the IDE agent composes
You describe an intent in natural language; the IDE agent picks which tools to call and in what order. A few common patterns:
Triage session
You: "Walk me through the open Criticals on this repo." Agent: list findings (filter: Critical, Active) → for each, finding detail → opens affected code in editor → you mark invalid / resolved inline.
Pre-commit check
You: "Is the diff I'm about to commit safe?" Agent: check code (with git diff) → reports any introduced issues.
Spot-audit a new file
You: "Audit this new contract I just wrote." Agent: analyze Solidity on the file → returns findings inline.
Kick-and-wait
You: "Run a full audit on my-repo and tell me when it's done." Agent: list projects → (start audit) → poll audit progress until complete → list findings.
Catalog evolution
The tool catalog is defined centrally in Cygent's shared schema and exposed over MCP. When new tools get added to the orchestrator, they appear in your IDE automatically — you don't need to update anything on your end.
If you're using a client that shows MCP tools in a UI (e.g. /mcp in Claude Code), you'll see the current tool list named with a cygent_ prefix. Names can change; rely on the capability descriptions above rather than memorized tool names.