// MCP TOOL REFERENCE

CORTEX TOOLS

32 tools from the Cortex MCP Server, categorised by risk level.

// ALL 32 CORTEX TOOLS

READ 19 tools

Read audit.query Search the enterprise audit log by date range, tool name, and limit. Read context.get_related Return related entities and graph edges for a context entity id. Read context.get_rules List indexed rules filtered by scope and active status. Read context.impact Traverse likely impact paths across config, code and SQL starting from an entity id or query. Read context.reload Reload RyuGraph connection after graph updates or maintenance. Read context.search Search ranked context documents and code using semantic, graph and trust weighting. Read enterprise.status Return Cortex Enterprise overview: version, feature status, and policy health. Read frontend-builder Frontend-only profile Read human Sentinel capability for human approval stages. The harness does not Read policy.list List all active policies (org + local merged). Org rules override local rules with same ID. Read reviewer Read-only profile for review stages. Same access as planner; the Read search-only Only Read + Grep allowed Read security-reviewer Security review profile. Read-only across the repo. Produces a Read security.scan Scan text for prompt injection attempts. Returns a risk score and matched patterns. Read telemetry.status Return telemetry configuration and current aggregated metrics. Read workflow.approve Approve the workflow only after the plan is approved and the latest code review passes. Read workflow.note Persist a durable workflow note in .context/workflow/state.json. Read workflow.start Mark the workflow as actively implementing after the plan has been approved. Read workflow.status Return the governed workflow state persisted in .context/workflow/state.json.

WRITE 6 tools

Write planner Read-only profile for stages that produce planning artifacts. Write tester Mutation/test profile. Read-only on production code, may edit only Write workflow.plan Create or update the implementation plan. Resets approval until the plan is reviewed again. Write workflow.review_plan Review and approve or reject the current plan before implementation starts. Write workflow.todo Add or complete workflow TODOs persisted in .context. Write workflow.update Record an implementation or iteration update without mutating the plan itself.

EXECUTE 7 tools

Execute builder Build profile. May edit source and test files but not config, Execute context.review Run enterprise policy validators against the current project. Execute cortex.workflow.advance Complete the current stage of a workflow run by writing its artifact and advancing the run pointer. Returns... Execute cortex.workflow.envelope Compose the prompt envelope for a workflow stage without advancing the run. Defaults to the run Execute cortex.workflow.start Start a Cortex Harness workflow run for a task. Creates .agents/<task_id>/state.json and returns the first ... Execute cortex.workflow.status Read the current run state for a task (current stage, completed stages, outcome). Returns null state when n... Execute policy.sync Trigger manual policy sync. Connected: pulls from cloud API. Air-gapped: reloads local org-rules.yaml.

// RUNNING THIS SERVER

The managed route: connect Cortex through the PolicyLayer gateway — every tool call above is checked against your policy before it runs, with a full audit log.

DIRECT INSTALL (UNMANAGED) npx -y @danielblomma/cortex-mcp

// FAQ

How many tools does the Cortex MCP server have? +

The Cortex MCP server exposes 32 tools across 3 categories: Read, Write, Execute.

How do I enforce policies on Cortex tools? +

Route the Cortex server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard — they are enforced on every call before it reaches the server.

What risk categories do Cortex tools fall into? +

Cortex tools are categorised as Read (19), Write (6), Execute (7). Each category has a recommended default policy.

Let agents act without letting them run wild.

Route your MCP servers through PolicyLayer and every tool call is checked against your policy before it runs — allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

SECURE YOUR MCP →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.