High-risk tools in Make

Runs conda commands (list, info, env-list, create, remove, update) and returns structured JSON output.

Runs go mod tidy to add missing and remove unused module dependencies.

Bazel build system operations: build, test, query, info, run, clean, fetch.

Runs a build command and returns structured success/failure with errors and warnings.

CMake build system operations: configure, build, test, list-presets, install, clean.

Builds Docker Compose service images and returns structured per-service build status.

Executes arbitrary commands inside a running Docker container and returns structured output. WARNING: may execute untrusted code.

Runs

Runs Lerna monorepo commands (list, run, changed, version) and returns structured package information.

Runs

Syncs files between local and remote locations using rsync. WARNING: Defaults to dry-run mode for safety — set dryRun=false to actually transfer files. Returns structured transf...

Runs a script or file with

Re-runs a workflow run by ID. Optionally re-runs only failed jobs or a specific job. Returns structured result with run ID, status, and URL.

Executes a command on a remote host via SSH. WARNING: This runs commands on a remote machine. Ensure the host and command are correct before executing. Returns structured output...

Runs a command in a uv-managed environment and returns structured output.

Runs Vite production build and returns structured output files with sizes.

Runs webpack build with JSON stats output and returns structured assets, errors, and warnings.

Installs or lists Ansible collections and roles from Galaxy or a requirements file.

Runs an Ansible playbook and returns structured play recap with per-host results.

Makes arbitrary GitHub API calls via

Runs cargo audit and returns structured vulnerability data.

Runs Biome check (lint + format) and returns structured diagnostics (file, line, rule, severity, message).

Binary search for the commit that introduced a bug. Returns structured data with action taken, current commit, remaining steps estimate, and result.

Runs Black code formatter and returns structured results (files changed, unchanged, would reformat).

Executes a command in the context of the Gemfile bundle using

Runs cargo check (type check without full build) and returns structured diagnostics. Faster than build for error checking.

Applies specific commits to the current branch. Returns structured data with applied commits, any conflicts, and new commit hash.

Runs cargo clippy and returns structured lint diagnostics.

Starts Docker Compose services and returns structured status.

Runs tests with coverage and returns structured coverage summary per file.

Enters or queries a Nix dev shell. When a command is provided, runs it inside the dev shell and returns the result.

Generates Rust documentation and returns structured output with warning count.

Runs the esbuild bundler and returns structured errors, warnings, and output files.

Checks a Nix flake for errors and returns structured check results, warnings, and errors.

Checks or fixes Rust formatting and returns structured output.

Downloads and installs Go packages and their dependencies.

Runs Gitleaks to detect hardcoded secrets in git repositories. Returns structured finding data with redacted secrets.

Runs golangci-lint and returns structured lint diagnostics (file, line, linter, severity, message).

Runs

Runs Hadolint (Dockerfile linter) and returns structured diagnostics (file, line, rule, severity, message).

Runs

Initializes a Terraform working directory. Downloads providers, configures backend, and prepares for plan/apply.

Processes and transforms JSON using jq expressions. Accepts JSON from a file path or inline string. Returns the transformed result.

Runs

Runs

Runs

Evaluates a MongoDB expression via mongosh and returns the output.

Runs mypy and returns structured type-check diagnostics (file, line, severity, message, code).

Executes a MySQL query and returns structured tabular output.

Manages Node.js versions via nvm.

Runs Nx workspace commands and returns structured per-project task results with cache status.

Runs

Runs Oxlint and returns structured diagnostics (file, line, column, rule, severity, message).

Runs pip-audit and returns a structured vulnerability report.

Runs Playwright tests with JSON reporter and returns structured results with pass/fail status, duration, and error messages.

Runs

Runs Poetry commands and returns structured output.

Executes a PostgreSQL query via psql and returns structured tabular output.

Pulls a Docker image from a registry and returns structured result with digest info.

Manages Python versions via pyenv.

Runs pytest and returns structured test results (passed, failed, errors, skipped, failures).

Rebases the current branch onto a target branch. Supports abort, continue, skip, and quit for conflict resolution. Returns structured data with success status, branch info, conf...

Executes a Redis command via redis-cli and returns the response.

Tests Redis connectivity by sending a PING command.

Rebuilds the MCP server (or a specified project) and sends a

Clones a GitHub repository. Returns structured data with success status, repo name, target directory, and message.

Makes an HTTP request via curl and returns structured response data (status, headers, body, timing).

Runs Rollup bundler and returns structured bundle output with errors and warnings.

Runs ruff check and returns structured lint diagnostics (file, line, code, message).

Runs ruff format and returns structured results (files changed, file list).

Runs Semgrep static analysis with structured rules and findings. Returns structured finding data with severity summary.

Makes packages available in the environment and optionally runs a command. Returns stdout, stderr, exit code, and duration.

Runs ShellCheck (shell script linter) and returns structured diagnostics (file, line, column, rule, severity, message).

Tests SSH connectivity to a remote host using

Runs Stylelint and returns structured diagnostics (file, line, column, rule, severity, message).

Runs a named task from deno.json via

Runs

Runs Trivy vulnerability/misconfiguration scanner on container images, filesystems, or IaC configs. Returns structured vulnerability data with severity summary.

Runs the TypeScript compiler and returns structured diagnostics (file, line, column, code, message).

Runs Turborepo tasks and returns structured per-package results with cache hit/miss info.

Runs go vet and returns structured static analysis diagnostics with analyzer names. Uses -json flag for native JSON output with automatic text fallback.

Processes and transforms YAML, JSON, XML, TOML, and properties files using yq expressions. Accepts input from a file path or inline string. Returns the transformed result.

Runs

Runs dotnet add package to add a NuGet package and returns structured results. WARNING: may execute untrusted code.

Applies a Kubernetes manifest file.

Installs Gemfile dependencies using

Installs a Ruby gem using

Runs go generate directives in Go source files. WARNING: may execute untrusted code.

Manages Helm releases (install, upgrade, list, status, history, template). Returns structured JSON output.

Runs

Merges a branch into the current branch. Supports abort, continue, and quit actions. Returns structured data with merge status, fast-forward detection, conflicts, and commit hash.

Resolves Swift package dependencies and returns structured resolution results.

Updates Swift package dependencies and returns structured update results.

Runs pip install and returns a structured summary of installed packages. WARNING: may execute untrusted code.

Makes an HTTP POST request via curl and returns structured response data. Convenience wrapper for the request tool with required body.

Runs dotnet publish for deployment and returns structured output with output path and diagnostics.

Pushes commits to a remote repository. Returns structured data with success status, remote, branch, summary, and whether the remote branch was newly created.

Runs dotnet restore to restore NuGet dependencies and returns structured results.

Manages git submodules. Supports list (default), add, update, sync, and deinit actions. List returns structured submodule data with path, SHA, branch, and status.

Runs uv pip install and returns a structured summary of installed packages. WARNING: may execute untrusted code.