// SCAN REPORT

MCP Codebase Index

9 tools. 2 can modify or destroy data without limits.

2 write tools that can modify data. Rate limits recommended.

Last updated: 11 Jun 2026

2 can modify or destroy data

7 read-only

9 tools total

Community server · catalogue entry verified 11/06/2026

How to control MCP Codebase Index ↓

TOOL MAP

What MCP Codebase Index exposes to your agents

Read (7) Write / Execute (2) Destructive / Financial (0)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS

High Risk

The most dangerous MCP Codebase Index tools

Write · Low export_visualization_html This tool generates and persists data (an HTML visualization file) to the filesystem, making it a Write operation rather than Read (it creates new output) or Destructive (the file can be deleted or overwritten without pe Write · Medium repair_index The tool modifies the index by re-indexing files (write) and removing orphaned vectors (deletion of stale/invalid entries).

2 of MCP Codebase Index's 9 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control MCP Codebase Index

PolicyLayer is an MCP gateway — it sits between your AI agents and MCP Codebase Index, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations

{
  "repair_index": {
    "limits": [
      {
        "counter": "repair_index_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "check_index": {
    "limits": [
      {
        "counter": "check_index_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register MCP Codebase Index — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON MCP CODEBASE INDEX →

Free to start. No card required.

FULL CATALOGUE

All 9 MCP Codebase Index tools

WRITE 2 tools

Write repair_index Repair detected index issues by re-indexing missing files and removing orphaned vectors. Write export_visualization_html Export the vector visualization as a standalone HTML file with modern UI. Automatically saves to file and retu

READ 7 tools

Read check_index Verify index health and detect issues like missing files, orphaned vectors, and dimension mismatches. Read enhance_prompt Enhance a search query by adding codebase context and technical details. Use this before searching to improve Read enhancement_telemetry Get telemetry data for prompt enhancement (success rate, cache hits, latency) Read indexing_status Check the current indexing status and progress. Read search_codebase Search your codebase using natural language queries. Returns relevant code snippets with file paths and line n Read visualize_collection Visualize the entire vector database in 2D or 3D space using UMAP dimensionality reduction. USE CASES: - Expl Read visualize_query Visualize a search query and its retrieved documents in the vector space. USE CASES: - Show where a query lan

FAQ

Questions about MCP Codebase Index

How do I prevent bulk modifications through MCP Codebase Index? +

The MCP Codebase Index server has 2 write tools including repair_index, export_visualization_html. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach MCP Codebase Index.

How many tools does the MCP Codebase Index MCP server expose? +

9 tools across 2 categories: Read, Write. 7 are read-only. 2 can modify, create, or delete data.

How do I enforce a policy on MCP Codebase Index? +

Register the MCP Codebase Index MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every MCP Codebase Index tool call.

Deterministic rules across all 9 MCP Codebase Index tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON MCP CODEBASE INDEX →

Free to start. No card required.

9 MCP Codebase Index tools catalogued and risk-classified — across an index of 43,000+ MCP servers.