38 tools from the Devbox MCP Server, categorised by risk level.
View the Devbox policy →devbox_approvals Approvals. action: list | decide | approve_all. When suggested_action is DECIDE_APPROVAL, call decide with approve or deny. approve_all requires co... devbox_audit List audit events. action: list. Optionally scope by run_id, limit. devbox_ci_checks CI/PR checks. action: run_pr_checks | github_pr_checks | run_pr_check_logs | github_check_logs. Use run_* when you have run_id; github_* for owner/... devbox_context_search Search context artifacts by keyword, semantic similarity, or hybrid mode. Returns ranked results with relevance scores and trust tiers. 2/5 devbox_poll_all Poll all active runs across all projects in one call. Returns status of every run that is queued, planning, executing, awaiting_delegation, or awai... 2/5 devbox_status Get overall project health in one call: last run per project, active runs, pending approvals, project_state (branches, PRs, orphans, merge_order, s... devbox_tool_catalog Machine-readable catalog of MCP tools, actions, and conventions. Use for onboarding, query planning, and selecting the right tool/action with examp... devbox_context_annotate Add an annotation (comment, tag, or link) to a context artifact. Annotations are lightweight metadata additions that do not create a new version. 2/5 devbox_context_register Register a new context artifact with metadata, trust tier, and sensitivity classification. Triggers DLP scan and trust assessment. 3/5 devbox_context_resolve_contradiction Resolve a detected contradiction between two context artifacts. Accepts a resolution strategy (keep_a, keep_b, merge, defer) and optional merged co... 2/5 devbox_planner Planner. action: generate | analyze | rank_files | health | intent_review | plan_review. generate: codebase-aware plan. analyze: project structure.... 2/5 devbox_plans_sync Sync plan files from ~/.cursor/plans/ and ~/.claude/plans/ to project .cursor/plans/. Makes plans visible to roadmap/health-map. Set DEVBOX_PLANS_D... 2/5 devbox_setup Setup and integrations. action: setup_status | auth_add | auth_list | stripe_products | stripe_prices | stripe_create_product | stripe_create_price... 3/5 devbox_admin Admin operations. action: invite_alpha | list_alpha_users | transition_alpha | stripe_platform_setup | stripe_platform_status | stripe_set_key | di... 3/5 devbox_agent_handoff Agent handoff: send summary + context to DevBox, get next action (continue, create_run, done, wait). Use when about to summarize for user — DevBox ... 3/5 devbox_billing Billing and subscription management. action: subscription_status | usage | checkout | portal | entitlements | refunds | budget. Requires authentica... 3/5 devbox_context_bundle Resolve a canonical bundle into provenance-heavy derived context. Returns ordered semantic sections, inline provenance, and compact supporting evid... 3/5 devbox_context_compile Compile a context bundle from a set of artifacts, applying layering (base, project, session, ephemeral), deduplication, and budget trimming. Return... 3/5 devbox_context_explain Explain why a context bundle was compiled the way it was. Returns a human-readable explanation of layering decisions, deduplication, trimming, and ... 3/5 devbox_deploy Deploy and rollback. action: deploy | rollback. deploy requires step_id, image_uri, digest, service_name, environment. Requires prior approval for ... 3/5 devbox_health_map Project Health Map. action: get | analyze | feature | summary | prompt | outcome | delta | infer_goals. get: latest analysis with all features. ana... 3/5 devbox_help Get DevBox tool documentation for a topic. Topics: turn_start, workflow, deploy, runs, projects, approvals, ci, logs, planner, memory, project_stat... 3/5 devbox_memory Project memory for agents. action: search | store | bootstrap | bootstrap_status. search: semantic retrieval. store: add a memory. bootstrap: start... 4/5 devbox_ops Ops and diagnostics. action: runner_health | worker_stats | ecs_status | logs_control_plane_tail | trace_by_run_id. Use trace_by_run_id for run-lev... 3/5 devbox_project_plans Project plans for multi-stage work. action: create_plan | get_plan | update_plan_stage | list_plans. Coordinates multiple DevBox runs under a singl... 3/5 devbox_project_state Project state and pipeline. action: state | pipeline_status. state returns run_branches, open_prs, orphans, pipeline_summary. pipeline_status retur... 3/5 devbox_quality_graph Quality Graph queries — the unified verification chain from outcome to evidence. action: chain (full chain for a feature) | gaps (all gap nodes by ... 3/5 devbox_run_code_result Submit code result or instruction feedback. action: code_result_submit | instruction_feedback. code_result_submit: REQUIRED workspace_path when bra... 3/5 devbox_run_guidance Get full run guidance in one call: run status, next instruction, pending approvals, and suggested_action (APPLY_CODE_INSTRUCTION, DECIDE_APPROVAL, ... 3/5 devbox_run_lifecycle Run lifecycle control. action: cancel | close_with_note | report | diff | advance | next_instruction | events_poll. Use close_with_note when agent ... 3/5 devbox_run_link_pr Link an existing PR to a run. Use when PR was opened from a different branch than the run's repo_ref. Syncs run with PR so the run page shows the P... 3/5 devbox_run_logs Run step logs. action: step_log_get | logs_tail | step_fail_orphan. step_fail_orphan marks stuck step as orphaned when control plane restarted. 3/5 devbox_run_step Step control. action: retry | complete | rewind. retry: reset failed step to queued so worker re-executes. complete: manually mark step success (e.... 3/5 devbox_run_validations DP-05: Run validations. action: review_code | review_architecture | uat_simulate | validate_logs | run_checks | check_coverage | generate_checks | ... 4/5 devbox_runs Run discovery and creation. action: list | create | get | plan | steps. list discovers runs with awaiting_delegation; create starts a new run. REQU... 3/5 devbox_surfaces Surface verification. action: surfaces_dashboard | surfaces_crawl | surfaces_verify | surfaces_fix | get_next_fix | list_issues. get_next_fix: retu... 3/5 The Devbox MCP server exposes 38 tools across 4 categories: Read, Write, Destructive, Execute.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Devbox server.
Devbox tools are categorised as Read (7), Write (6), Destructive (2), Execute (23). Each category has a recommended default policy.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept