Trace MCP Policy · 178 Tools

HOW TO CONTROL TRACE

PolicyLayer is an MCP gateway — it sits between your AI agents and Trace, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations

{
  "delete_corpus": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

{
  "change_signature": {
    "limits": [
      {
        "counter": "change_signature_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "analyze_perf": {
    "limits": [
      {
        "counter": "analyze_perf_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register Trace — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON TRACE →

Free to start. No card required.

ALL 178 TRACE TOOLS

DESTRUCTIVE 4 tools

Destructive delete_corpus Remove a saved corpus (manifest + packed body). Returns JSON: { deleted: bool, name }. Destructive remove_dead_code Safely remove a dead symbol from its file. Verifies the symbol is actually dead (multi-signal detection or zer Destructive repair_index Apply a targeted repair to the local SQLite index. Modes: drop-orphans (delete embedding rows whose symbol_id Destructive apply_codemod Bulk regex find-and-replace across files. Dry-run by default — first call shows preview, second call with dry_

EXECUTE 1 tools

Execute reindex Trigger (re)indexing of the project or a subdirectory. Mutates the local index (SQLite). Use after major file

WRITE 25 tools

Write change_signature Change a function/method signature (add/remove/rename/reorder parameters) and update all call sites. Dry-run b Write embed_repo Precompute and cache symbol embeddings for semantic / hybrid search. Embeddings are also computed lazily on fi Write unpin Remove a ranking pin by target. Pass either symbol_id (for a pinned symbol) or file_path (for a pinned file). Write build_corpus Pack a slice of project context into a persistent corpus on disk so future query_corpus calls can prime an LLM Write build_decision_clusters Recompute the L2 thematic cluster overlay over the decision store using the configured LLM. Stable cluster ids Write consolidate_decisions LLM-driven semantic dedup of the decision store. For each decision in scope, finds top-K similar candidates (F Write index_sessions Index conversation content from Claude Code / Claw Code sessions for cross-session search. Stores chunked mess Write invalidate_decision Mark a decision as no longer valid. The decision remains in the knowledge graph for historical queries but is Write refresh_co_changes Rebuild co-change index from git history. Mutates the co-change index; idempotent. Use after significant git h Write snapshot_graph Capture the current graph shape (file/symbol counts, edges by type, top in-degree files, communities, exported Write subproject_sync Re-scan all subprojects: re-discover services, re-parse contracts, re-scan client calls, and re-link everythin Write tune_decision_weights Re-fit decision confidence weights from accumulated review feedback (approve/reject events). Requires >= min_e Write tune_weights Self-tuning retrieval: read the persistent ranking ledger and learn per-repo signal-fusion weights, written to Write visualize_subproject_topology Open interactive HTML visualization of the subproject topology: services as nodes, API calls as edges, health/ Write add_decision Manually record an architectural decision, tech choice, preference, or convention. Links to code symbols/files Write apply_move Move a symbol to a different file or rename/move a file, updating all import paths across the codebase. Dry-ru Write apply_rename Rename a symbol across all usages (definition + all importing files). Runs collision detection first and abort Write approve_decision Approve a decision currently in the memoir-style review queue (review_status= Write generate_docs Auto-generate project documentation from the code graph. Produces structured docs with architecture, API surfa Write pin_file Boost (or demote) a specific file in PageRank-driven ranking by setting a multiplicative weight on its PageRan Write pin_symbol Boost (or demote) a specific symbol in PageRank-driven ranking by setting a multiplicative weight. Pinned symb Write register_edit Notify trace-mcp that a file was edited. Reindexes the single file and invalidates search caches. Call after E Write reject_decision Reject a decision currently in the memoir-style review queue (review_status= Write remember_decision Live agent write into the decision knowledge graph. Confidence-scores the input and routes it through the memo Write subproject_add_repo Add a repository as a subproject of the current project. Pass

READ 148 tools

Read analyze_perf Per-tool latency telemetry: p50/p95/max, count, error_rate. Default reads the current session ring; Read assess_change_risk Before modifying a file or symbol, predict risk level (low/medium/high/critical) with contributing factors and Read benchmark_project Synthetic token efficiency benchmark: compare raw file reads vs trace-mcp compact responses across symbol look Read check_architecture Check architectural layer rules: detect forbidden imports between layers (e.g. domain importing infrastructure Read check_claudemd_drift Detect drift between AI agent config files (CLAUDE.md, AGENTS.md, .cursorrules) and the live tool/skill/comman Read check_duplication Check if a function/class name already exists elsewhere in the codebase before creating it. Prevents duplicati Read check_embedding_drift Pin and re-check a 16-string canary against the active embedding provider. Catches silent provider model swaps Read check_quality_gates Run configurable quality gate checks against the project. Returns pass/fail for each gate (complexity, couplin Read check_rename Pre-rename collision detection: checks the symbol Read compare_branches Compare two branches at symbol level: what was added, modified, removed. Resolves merge-base automatically, gr Read detect_antipatterns Detect performance & design antipatterns: N+1 query risks, missing eager loading, unbounded queries, event lis Read detect_ast_clones Find Type-2 AST clones across the codebase: functions/methods with identical structure after normalizing ident Read detect_communities Run Leiden community detection on the file dependency graph. Identifies tightly-coupled file clusters (modules Read detect_drift Detect architectural drift: cross-module co-change anomalies (files in different modules that always change to Read detect_topic_tunnels Cross-project topic tunnels: links between registered subprojects that share canonical entities — package name Read diff_graph_snapshots Compare two named graph snapshots and report deltas in counts, communities, and top in-degree files. Use to tr Read discover_claude_sessions Scan ~/.claude/projects for projects Claude Code has touched on this machine, decode each directory name back Read discover_hermes_sessions List Hermes Agent (NousResearch) sessions visible on this machine. Scans $HERMES_HOME (default ~/.hermes) for Read explain_architecture AI-powered architecture analysis — layers, patterns, and data flow Read explain_symbol Explain a symbol in detail using AI — purpose, behavior, relationships, usage patterns Read extract_function DISABLED pending AST-aware rewrite — returns a structured error explaining the limitation. The previous regex- Read find_similar Find semantically similar symbols using vector search + optional AI reranking Read find_usages Find all places that reference a symbol or file (imports, calls, renders, dispatches). Use instead of Grep for Read get_api_contract Get API contract (OpenAPI/gRPC/GraphQL) for a service. Parses spec files found in the service repo. Use to ins Read get_api_surface List all exported symbols (public API) of a file or matching files. Use to understand what a module exposes. F Read get_artifacts Surface non-code knowledge from the index: DB schemas (migrations, ORM models), API specs (routes, OpenAPI end Read get_call_graph Build a bidirectional call graph centered on a symbol (who calls it + what it calls). Use to understand contro Read get_change_impact Full change impact report: risk score + mitigations, breaking change detection, enriched dependents (complexit Read get_changed_symbols Map a git diff to affected symbols (functions, classes, methods). For PR review. If Read get_circular_imports Find circular dependency chains in the import graph (Kosaraju SCC algorithm). Considers only import-typed edge Read get_cluster_decisions Return the member decisions of a cluster, plus the cluster header. Use after get_decision_clusters to drill in Read get_co_changes Find files that frequently change together in git history (temporal coupling). Requires git. Use to discover h Read get_code_owners Git-based code ownership: who contributed most to specific files (git shortlog). Requires git. Use to identify Read get_communities Get previously detected communities (file clusters). Run detect_communities first. Read-only. Returns JSON: { Read get_community Get details for a specific community: files, inter-community dependencies. Read-only. Use after detect_communi Read get_complexity_report Get complexity metrics (cyclomatic, max nesting, param count) for symbols in a file or across the project. Use Read get_complexity_trend File complexity over git history: cyclomatic complexity at past commits. Shows if a file is getting more or le Read get_component_tree Build a component render tree starting from a given .vue file. Use to visualize parent-child component hierarc Read get_context_bundle Get a symbol Read get_contract_drift Detect mismatches between API spec and implementation: endpoints in spec but not in code, or in code but not i Read get_contract_versions Show version history for a service API contract with breaking change detection between versions. Compares requ Read get_control_flow Build a Control Flow Graph (CFG) for a function/method: if/else branches, loops, try/catch, returns, throws. S Read get_coupling Coupling analysis: afferent (Ca), efferent (Ce), instability index per file. Shows which modules are stable vs Read get_coupling_trend File coupling over git history: Ca/Ce/instability at past commits. Shows if a module is stabilizing or destabi Read get_cross_domain_deps Show which business domains depend on which. Based on edges between symbols in different domains. Use to under Read get_cross_service_impact Analyze cross-service impact of changing an endpoint or event. Shows which services would be affected. Use bef Read get_cross_workspace_impact Show which workspaces are affected by changes in a given workspace. Lists all cross-workspace edges, affected Read get_dataflow Intra-function dataflow analysis: track how each parameter flows through the function body — into which calls, Read get_dead_code Dead code detection. Two modes: (1) Read get_dead_exports Find exported symbols whose Read get_decision_clusters List decision clusters with optional full-text filter. Each row carries a short noun-phrase title, 1-3 sentenc Read get_decision_stats Overview of the decision knowledge graph: total decisions, active/invalidated counts, breakdown by type and so Read get_decision_timeline Chronological timeline of decisions for a project, symbol, or file. Shows when decisions were made and invalid Read get_dependency_diagram Render dependency diagram for a file/directory path as Mermaid or DOT. Input: a path like Read get_di_tree Trace NestJS dependency injection tree (what a service injects + who injects it). Use to understand DI wiring Read get_domain_context Get all code related to a specific business domain. Supports Read get_domain_map Get hierarchical map of business domains with key symbols per domain. Auto-builds domain taxonomy on first cal Read get_edge_bottlenecks Find architectural bottleneck edges in the import graph: edges sitting on many shortest paths (edge betweennes Read get_endpoint_analytics Per-route analytics: request count, error rate, latency, caller services. Requires OTLP trace ingestion. Read- Read get_env_vars List environment variable keys from .env files with inferred value types/formats. Never exposes actual values Read get_event_graph Get event/signal/task dispatch graph (Laravel events, Django signals, NestJS events, Celery tasks, Socket.io e Read get_feature_context Search code by keyword/topic → returns ranked source code snippets within a token budget. Use when you need to Read get_git_churn Per-file git churn: commits, unique authors, frequency, volatility assessment. Requires git. Use to identify f Read get_health_trends Time-series health metrics for a file or module: bug score, complexity, coupling, churn over time. Populated b Read get_implementations Find all classes that implement or extend a given interface or base class. Use when you know the interface nam Read get_import_graph Show file-level dependency graph: what a file imports and what imports it (requires reindex for ESM edge resol Read get_index_health Get index status, statistics, health information, and pipeline progress (indexing, summarization, embedding). Read get_livewire_context Get full context for a Livewire component: properties, actions, events, view, child components. Use to underst Read get_middleware_chain Trace middleware chain for a route URL (Express/NestJS/FastAPI/Flask). Use when you only need the middleware s Read get_minimal_context Single-call orientation context (~150 tokens). Returns project shape, top 3 risk hotspots, top 3 PageRank-cent Read get_model_context Get full model context: relationships, schema, and metadata (Eloquent/Mongoose/Sequelize/SQLAlchemy/Prisma/Typ Read get_module_graph Build NestJS module dependency graph (module -> imports -> controllers -> providers -> exports). Use to unders Read get_navigation_graph Build React Native navigation tree from screens, navigators, and deep links. Use to understand app navigation Read get_nova_resource Get full context for a Laravel Nova resource: model, fields, actions, filters, lenses, metrics. Use to underst Read get_outline Get all symbols for a file (signatures only, no bodies). Use instead of Read to understand a file before editi Read get_package_deps Cross-repo package dependency analysis: find which registered projects depend on a package, or what packages a Read get_pagerank File importance ranking via PageRank on the import graph. Shows most central/important files. Use to identify Read get_plugin_registry List all registered indexer plugins and the edge types they emit. Use for debugging indexer behavior or unders Read get_project_health Structural health: coupling instability, dependency cycles, PageRank rankings, refactor candidates. Use for ar Read get_project_map Get project overview: detected frameworks, languages, file counts, structure. Read-only, no side effects. Call Read get_project_memo Return the latest synthesised project memo for a scope. Optionally include up to Read get_refactor_candidates Find functions with high complexity called from many files — candidates for extraction to shared modules. Use Read get_related_symbols Find symbols related via co-location (same file), shared importers, and name similarity. Use when exploring a Read get_request_flow Trace request flow for a URL+method: route → middleware → controller → service (Laravel/Express/NestJS/Fastify Read get_risk_hotspots Code hotspots: files with both high complexity AND high git churn (Adam Tornhill methodology). Score = complex Read get_runtime_call_graph Actual call graph from runtime traces (vs static analysis). Shows observed call paths with call counts and lat Read get_runtime_deps Which external services (databases, caches, APIs, queues) does this code actually call at runtime. Based on OT Read get_runtime_profile Runtime profile for a symbol or route: call count, latency percentiles (p50/p95/p99), error rate, calls per ho Read get_schema Get database schema reconstructed from migrations or ORM model definitions. Use to understand table structure. Read get_screen_context Get full context for a React Native screen: navigator, navigation edges, deep link, platform variants, native Read get_service_deps Get external service dependencies: which services this one calls (outgoing) and which call it (incoming). Use Read get_service_map Get map of all services, their APIs, and inter-service dependencies. Auto-detects services from Docker Compose Read get_session_journal Session history: all tool calls made, files read, zero-result searches, and duplicate queries. Use to avoid re Read get_session_resume Cross-session context carryover: shows what was explored in recent past sessions (files touched, tools used, d Read get_session_snapshot Compact session snapshot (~200 tokens) for context recovery after compaction. Returns focus files (by read cou Read get_state_stores List all Zustand stores and Redux Toolkit slices with their state fields, actions/reducers, and dispatch sites Read get_subproject_clients Find all client calls across subprojects that call a specific endpoint. Shows file, line, call type, and confi Read get_subproject_graph Show all subprojects and their cross-repo connections. A subproject is any working repository in your project Read get_subproject_impact Cross-repo impact analysis: find all client code across subprojects that would break if an endpoint changes. R Read get_suggested_questions Auto-generated, prioritized review questions derived from the analyses we already cache (untested framework en Read get_surprises Rank cross-module file edges by how unexpected they look (deep folder distance + popular target + few edges = Read get_symbol Look up a symbol by symbol_id or FQN and return its source code. Use instead of Read when you need one specifi Read get_symbol_complexity_trend Single symbol complexity over git history: cyclomatic, nesting, params, lines at past commits. Requires git. U Read get_symbol_owners Git blame-based symbol ownership: who wrote which lines of a specific symbol. Requires git. Use for fine-grain Read get_task_context All-in-one context for starting a dev task: execution paths, tests, entry points, adapted by task type. Use as Read get_tech_debt Per-module tech debt score (A–F grade) combining: complexity, coupling instability, test coverage gaps, and gi Read get_tests_for Find test files and test functions that cover a given symbol or file. Use instead of Glob/Grep — understands t Read get_type_hierarchy Walk TypeScript class/interface hierarchy: ancestors (what it extends/implements) and descendants (what extend Read get_untested_exports Find exported public symbols with no matching test file — test coverage gaps. For deeper analysis including no Read get_untested_symbols Find ALL symbols (not just exports) lacking test coverage. Classifies as Read get_wake_up Compact orientation context (~300 tokens) for session start. By default returns a {stable, dynamic} split: sta Read get_workspace_map List all detected monorepo workspaces with file counts, symbol counts, and languages. Returns dependency graph Read graph_query Trace how named symbols relate in the dependency graph → returns subgraph + Mermaid diagram. Input is NATURAL Read list_bundles List installed pre-indexed bundles for dependency libraries. Shows package name, version, symbol/edge counts, Read list_corpora List every corpus saved on disk with its manifest (scope, project_root, sizes, timestamps). Read-only. Use to Read list_graph_snapshots List previously captured graph snapshots, most recent first. Each entry includes its summary so you can inspec Read list_pins List all active ranking pins with weight, scope, target, expiry, and creator. Use to inspect what is currently Read mine_sessions Mine Claude Code / Claw Code session logs for architectural decisions, tech choices, bug root causes, and pref Read name description Read pack_context Pack project context into a single document for external LLMs. Intelligent selection by graph importance, fits Read predict_bugs Predict which files are most likely to contain bugs. Multi-signal scoring: git churn, fix-commit ratio, comple Read query_by_intent Map a business question to domain taxonomy → returns domain ownership and relevance scores (no source code). U Read query_corpus Answer a natural-language question against a saved corpus. Loads the corpus body, primes the configured AI pro Read query_decisions Query the decision knowledge graph. Filter by type, subproject, code symbol, file path, tag, or time. Returns Read regenerate_project_memo Synthesise (or refresh) the project memo — a 250-400 word LLM-written orientation digest over the decision sto Read review_change AI-powered review of a file change — identify issues, risks, and suggestions Read scan_code_smells Find deferred work and shortcuts: TODO/FIXME/HACK/XXX comments, empty functions & stubs, hardcoded values (IPs Read scan_security Scan project files for OWASP Top-10 security vulnerabilities using pattern matching. Detects SQL injection (CW Read search Search symbols by name, kind, or text. Use instead of Grep when looking for functions, classes, methods, or va Read search_bundles Search pre-indexed bundles for symbols from popular libraries (React, Express, etc.). Returns symbol definitio Read search_sessions Search across all past session conversations. Finds what was discussed, decided, or debugged in previous sessi Read search_text Full-text search across all indexed files. Supports regex, glob file patterns, language filter. Use for findin Read search_with_mode search_with_mode Read self_audit Dead code & coverage audit: dead exports, untested public symbols, heritage debt. Use as a one-shot health che Read suggest_queries Onboarding helper: shows top imported files, most connected symbols (PageRank), language stats, and example to Read suggest_tests Suggest test cases for a symbol using AI Read taint_analysis Track flow of untrusted data from sources (HTTP params, env vars, file reads) to dangerous sinks (SQL queries, Read traverse_graph Walk the dependency graph from a starting symbol or file using BFS/DFS, with a hard token budget on the respon Read verify_index Read-only structural check of the local SQLite index: SQLite integrity_check, foreign-key violations, required Read visualize_graph Open interactive HTML graph in browser showing file/symbol dependencies. Supports force/hierarchical/radial la Read audit_config Scan AI agent config files (CLAUDE.md, AGENTS.md, .cursorrules, etc.) for stale references, dead paths, token Read export_decisions Export decisions to JSONL or Markdown. Read-only; no schema mutations. Use for audit, sharing with external to Read export_graph Export the dependency graph in formats external tools understand. Supports GraphML (Gephi/yEd/NetworkX), Cyphe Read export_security_context Export security context for MCP server analysis. Generates enrichment JSON for skill-scan: tool registrations Read generate_insights_report Single-call narrative health snapshot: god files (PageRank), architectural bridges (edge bottlenecks), risk ho Read generate_sbom Generate a Software Bill of Materials (SBOM) from package manifests and lockfiles. Supports npm, Composer, pip Read plan_batch_change Analyze the impact of updating a package/dependency. Shows all affected files, import references, and generate Read plan_refactoring Preview any refactoring (rename, move, extract, signature) without applying. Returns all edits as {old_text, n

RELATED SERVERS

Other MCP servers with similar tools — same risk classification, starter policies for each.

FAQ

Can an AI agent delete data through the Trace MCP server? +

Yes. The Trace server exposes 4 destructive tools including delete_corpus, remove_dead_code, repair_index. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Trace? +

The Trace server has 25 write tools including change_signature, embed_repo, unpin. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Trace.

How many tools does the Trace MCP server expose? +

178 tools across 4 categories: Destructive, Execute, Read, Write. 148 are read-only. 30 can modify, create, or delete data.

How do I enforce a policy on Trace? +

Register the Trace MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Trace

TOOL MAP

MOST DANGEROUS TOOLS

HOW TO CONTROL TRACE

ALL 178 TRACE TOOLS

RELATED SERVERS

FAQ

Enforce policy on every Trace tool call.

Trace

// TOOL MAP

// MOST DANGEROUS TOOLS

// HOW TO CONTROL TRACE

// ALL 178 TRACE TOOLS

// RELATED SERVERS

// FAQ

Enforce policy on every Trace tool call.

TOOL MAP

MOST DANGEROUS TOOLS

HOW TO CONTROL TRACE

ALL 178 TRACE TOOLS

RELATED SERVERS

FAQ