// SCAN REPORT

Context Engine MCP Server

50 tools. 22 can modify or destroy data without limits.

3 destructive tools with no built-in limits. Policy required.

Last updated: 11 Jun 2026

22 can modify or destroy data

28 read-only

50 tools total

Community server · catalogue entry verified 11/06/2026

How to control Context Engine MCP Server ↓

TOOL MAP

What Context Engine MCP Server exposes to your agents

Read (28) Write / Execute (19) Destructive / Financial (3)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS

Critical Risk

The most dangerous Context Engine MCP Server tools

Destructive · High clear_index Clearing index state and caches is a destructive operation that cannot be easily undone. Destructive · High delete_plan This tool permanently removes saved plans from persistent storage. Destructive · High reindex_workspace The tool first destroys the current index state (irreversible deletion) before rebuilding. Execute · Medium index_workspace index_workspace initiates a potentially long-running process that scans files and constructs an index.

22 of Context Engine MCP Server's 50 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Context Engine MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Context Engine MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations

{
  "clear_index": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

{
  "start_step": {
    "limits": [
      {
        "counter": "start_step_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "call_relationships": {
    "limits": [
      {
        "counter": "call_relationships_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register Context Engine MCP Server — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON CONTEXT ENGINE →

Free to start. No card required.

FULL CATALOGUE

All 50 Context Engine MCP Server tools

DESTRUCTIVE 3 tools

Destructive clear_index Remove saved index state and clear caches without rebuilding. Destructive delete_plan Delete a saved plan from storage. Destructive reindex_workspace Clear current index state and rebuild it from scratch.

EXECUTE 10 tools

Execute execute_plan Execute steps from an implementation plan, generating code changes. This tool orchestrates the execution of p Execute index_workspace Index the current workspace for semantic search. This tool scans all source files in the workspace and builds Execute reactive_review_pr Start a reactive PR code review session. This tool initiates an AI-powered code review with advanced features Execute run_static_analysis Run local static analyzers (tsc and optional semgrep) and return structured findings. Execute check_invariants Run YAML invariants deterministically against a unified diff (no LLM). Execute pause_review Pause a running reactive review session. The review can be resumed later with resume_review. Useful for: - Fr Execute respond_approval Respond to a pending approval request (approve, reject, or request modifications). Execute scrub_secrets Scrub secrets from content before sending to LLM. Detects and masks 15+ types of secrets: - AWS keys, OpenAI/ Execute validate_content Run multi-tier validation on content. Tier 1 (Deterministic): - Balanced brackets/braces - Valid JSON structu Execute resume_review Resume a paused reactive review session. Continues execution from where it was paused.

WRITE 9 tools

Write start_step Mark a step as in-progress to begin execution. Write fail_step Mark a step as failed with error details. Write add_memory Store a memory for future sessions. Memories are persisted as markdown files and automatically retrieved via s Write complete_step Mark a step as completed with optional notes. Write create_plan Generate a detailed implementation plan for a software development task. This tool enters Planning Mode, wher Write refine_plan Refine an existing implementation plan based on feedback or clarifications. Use this tool to iterate on a pla Write request_approval Create an approval request for a plan or specific steps. Write rollback_plan Rollback a plan to a previous version. Write save_plan Save a plan to persistent storage for later retrieval and execution tracking.

READ 28 tools

Read call_relationships Return deterministic local callers and/or callees of a known function or method symbol. Use this tool when yo Read codebase_retrieval IMPORTANT: This is the PRIMARY tool for searching the codebase. Please consider as the FIRST CHOICE for any co Read find_callees Return deterministic callees of a known function or method symbol. This tool prefers persisted graph call edg Read find_callers Return deterministic callers of a known function or method symbol. This tool prefers persisted graph call edg Read get_context_for_prompt Get relevant codebase context optimized for prompt enhancement. This is the primary tool for understanding cod Read get_file Retrieve complete or partial contents of a file from the codebase. Use this tool when you need to: - View the Read get_review_status Get the current status and progress of a reactive review session. Returns: - Session status (active, paused, Read get_review_telemetry Get detailed telemetry data for a review session. Returns: - Token usage statistics - Cache hit/miss rates - Read impact_analysis Estimate the direct change surface of a known symbol using graph-backed definition, reference, and call-edge d Read index_status Retrieve current index health metadata (status, last indexed time, file count, staleness). Read list_memories List all stored memories, optionally filtered by category. Shows file stats, entry counts, and content previe Read list_plans List all saved plans with optional filtering. Read load_plan Load a previously saved plan by ID or name. Read review_auto Smart wrapper that chooses review_diff when a diff is provided; otherwise chooses review_git_diff for the curr Read review_diff Enterprise-grade diff-first review with deterministic preflight and structured JSON output. Read review_memory_suggestions Review draft memory batches and perform idempotent batch actions. Batch listing enforces the Phase 1 cap (tar Read semantic_search Perform semantic search across the codebase to find relevant code snippets. Use this tool when you need to: - Read symbol_definition Return the single best deterministic declaration site for a known identifier. Use this tool when you need to: Read symbol_references Find non-declaration usages of a known identifier across the local codebase. Use this tool when you need to: Read symbol_search Perform deterministic symbol-first search across the codebase for identifier-style navigation. Use this tool Read tool_manifest Discover available tools and capabilities exposed by the server. Read trace_symbol Trace a known symbol across its canonical definition, non-declaration references, and direct call edges. This Read view_history View version history for a plan. Read view_progress View execution progress for a plan. Read why_this_context Explain why files were selected into a context bundle using the shared retrieval provenance and explainability Read compare_plan_versions Generate a diff between two versions of a plan. Read review_changes Review code changes from a diff using AI-powered analysis. This tool performs a structured code review on a u Read visualize_plan Generate diagrams from an implementation plan. Use this to visualize the plan

EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

FAQ

Questions about Context Engine MCP Server

Can an AI agent delete data through the Context Engine MCP Server MCP server? +

Yes. The Context Engine MCP Server server exposes 3 destructive tools including clear_index, delete_plan, reindex_workspace. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Context Engine MCP Server? +

The Context Engine MCP Server server has 9 write tools including start_step, fail_step, add_memory. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Context Engine MCP Server.

How many tools does the Context Engine MCP Server MCP server expose? +

50 tools across 4 categories: Destructive, Execute, Read, Write. 28 are read-only. 22 can modify, create, or delete data.

How do I enforce a policy on Context Engine MCP Server? +

Register the Context Engine MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Context Engine MCP Server tool call.

Deterministic rules across all 50 Context Engine MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON CONTEXT ENGINE →

Free to start. No card required.

50 Context Engine MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.