Xcode

69 tools. 46 can modify or destroy data without limits.

4 destructive tools with no built-in limits. Policy required.

Last updated:

46 can modify or destroy data
23 read-only
69 tools total

Community server · catalogue entry checked 11/06/2026

How to control Xcode ↓

What Xcode exposes to your agents

Read (23) Write / Execute (42) Destructive / Financial (4)
Critical Risk

The most dangerous Xcode tools

46 of Xcode's 69 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Xcode

PolicyLayer is an MCP gateway — it sits between your AI agents and Xcode, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_file": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "add_file_to_project": {
    "limits": [
      {
        "counter": "add_file_to_project_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "check_cocoapods": {
    "limits": [
      {
        "counter": "check_cocoapods_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Xcode — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON XCODE →

Instant setup, no code required.

All 69 Xcode tools

EXECUTE 25 tools
Execute boot_simulator Boot an iOS simulator by UDID or name Execute build_spm_package Builds a Swift Package Manager package directly using Execute build_swift_package Builds a Swift Package using Swift Package Manager. Execute change_directory Changes the active directory for relative path operations. Execute clean_swift_package Cleans the build artifacts of a Swift Package. Execute compile_asset_catalog Compiles an asset catalog (.xcassets) using actool Execute export_archive Export an Xcode archive for distribution (App Store, Ad Hoc, Enterprise, Development) Execute install_app Install an app on a simulator Execute launch_app Launch an installed app on a simulator Execute open_url Open a URL in a simulator Execute pod_install Runs Execute pod_repo_update Updates the local clone of the CocoaPods spec repositories. Execute pod_update Runs Execute pop_directory Pops a directory from the stack and changes to it. Execute push_directory Pushes the current directory onto a stack and changes to a new directory. Execute run_lldb Launches the LLDB debugger with optional arguments Execute run_xcrun Executes a specified Xcode tool via xcrun Execute shutdown_simulator Shutdown a simulator by UDID, or shutdown all running simulators Execute swift_package_command Executes Swift Package Manager commands in the active project directory. Execute switch_xcode Switch the active Xcode version Execute terminate_app Terminate a running app on a simulator Execute test_spm_package Runs tests for a Swift Package Manager package directly using Execute test_swift_package Tests a Swift Package using Swift Package Manager. Execute trace_app Captures a performance trace of an application using xctrace Execute validate_app Validate an app for App Store submission using altool
WRITE 17 tools
Write add_file_to_project Adds a file to the active Xcode project. Write add_project_to_workspace Adds an existing project to the active workspace. Write add_swift_package Adds a Swift Package dependency to the active project. Note: Your project must already be set up for Swift Pac Write copy_file Copies a file or directory to a new location within allowed directories. Write create_directory Creates a new directory within allowed directories. Write create_workspace Creates a new Xcode workspace and optionally adds existing projects to it. Write create_xcode_project Creates a new Xcode project using a template. Write edit_package_swift Directly edit the Package.swift file of the active SPM project. This is useful for making changes that aren Write generate_icon_set Generate an app icon set from a source image Write generate_swift_docs Generates documentation for a Swift Package using DocC. Write init_swift_package Initializes a new Swift Package Manager project in the current directory. Use this tool first if your project Write move_file Moves a file or directory to a new location within allowed directories. Write pod_init Generate a Podfile for the current project directory. Write set_project_path Sets the active Xcode project by specifying the path to its .xcodeproj directory. Write set_projects_base_dir Sets the base directory where your Xcode projects are stored. Write update_swift_package Updates the dependencies of your Swift project using Swift Package Manager. Write write_file Writes or updates the content of a file within the active project or allowed directories.
READ 23 tools
Read check_cocoapods Checks if the active project uses CocoaPods and returns setup information. Read check_file_exists Checks if a file or directory exists at the specified path. Read detect_active_project Attempts to automatically detect the active Xcode project. Read dump_swift_package Dumps the Package.swift manifest as JSON. Read find_files Searches for files matching a pattern in a directory. Read find_projects Finds Xcode projects in the specified directory. Read get_active_project Retrieves detailed information about the currently active Xcode project. Read get_current_directory Returns the current active directory. Read get_file_info Gets detailed information about a file or directory. Read get_package_info Gets detailed information about a Swift Package Manager package. Read get_project_configuration Retrieves configuration details for the active project, including schemes and targets. Read get_xcode_info Get information about Xcode installations on the system Read list_booted_simulators List all currently booted iOS simulators Read list_directory Lists the contents of a directory, showing both files and subdirectories. Read list_installed_apps List all installed applications on a simulator Read list_project_files Lists all files within an Xcode project. Read list_simulators List all available iOS simulators with filtering options Read pod_outdated Shows outdated pods in the current project and their available updates. Read read_file Reads the contents of a file within the active project or allowed directories. Read resolve_path Resolves a path, taking into account the active directory and current project. Read search_in_files Searches for text content within files in a directory. Read show_swift_dependencies Shows the resolved dependencies of a Swift Package. Read take_screenshot Take a screenshot of a simulator

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Xcode

Can an AI agent delete data through the Xcode MCP server? +

Yes. The Xcode server exposes 4 destructive tools including delete_file, pod_deintegrate, remove_swift_package. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Xcode? +

The Xcode server has 17 write tools including add_file_to_project, add_project_to_workspace, add_swift_package. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Xcode.

How many tools does the Xcode MCP server expose? +

69 tools across 4 categories: Destructive, Execute, Read, Write. 23 are read-only. 46 can modify, create, or delete data.

How do I enforce a policy on Xcode? +

Register the Xcode MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Xcode tool call.

Deterministic rules across all 69 Xcode tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

69 Xcode tools catalogued and risk-classified — across an index of 46,500+ MCP servers.

// WHERE THIS COMES FROM

These policies come from Xcode's registry record.

The record behind this page: verified identity, auth posture, risk grade, every tool classified, recommended policy — re-checked continuously.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.