Overview

Code Pathfinder exposes 12 MCP tools to AI assistants — 8 for code intelligence (Python, Java, Go) and 4 for Docker analysis (Dockerfiles, docker-compose).

All tools support pagination via limit and cursor parameters where applicable.

Quick Reference

#ToolCategoryDescription
1get_index_infoCodeCodebase statistics and index health
2find_symbolCodeSearch symbols by name, type, or module
3find_moduleCodeSearch Python modules by name
4list_modulesCodeList all modules in the project
5get_callersCodeReverse call graph — who calls this?
6get_calleesCodeForward call graph — what does this call?
7get_call_detailsCodeDetailed call site between two functions
8resolve_importCodeResolve Python imports to file locations
9find_dockerfile_instructionsDockerSearch Dockerfile instructions
10find_compose_servicesDockerSearch docker-compose services
11get_dockerfile_detailsDockerFull Dockerfile breakdown
12get_docker_dependenciesDockerDocker entity dependency graph

Tool 1: get_index_info

Retrieves project statistics and index metadata. Use this at the start of analysis to understand project scope.

Purpose

  • Get high-level project overview
  • Check if indexing is complete
  • Retrieve build performance metrics
  • Understand codebase scale

Input Parameters

None required.

Response Schema

json
{
  "project_path": "/absolute/path/to/project",
  "python_version": "3.11",
  "indexed_at": "2026-01-10T10:30:00Z",
  "build_duration_ms": 1234,
  "stats": {
"total_functions": 456,
"total_call_edges": 1203,
"total_modules": 89,
"total_files": 67,
"taint_summaries": 234
  }
}

Example

User Query:

Get project information and stats

AI Response:

text
Your project at /Users/you/backend has:
• 456 functions across 67 files
• 89 modules with 1203 call relationships
• Indexed 5 minutes ago in 1.2 seconds
• Python 3.11 detected

Tool 2: find_symbol

Locates functions, classes, or methods by name with partial matching support.

Purpose

  • Find symbols by name (exact or fuzzy)
  • Discover functions matching a pattern
  • Get symbol metadata (types, decorators, parameters)
  • Navigate to symbol definitions

Input Parameters

ParameterTypeRequiredDescription
namestringYesSymbol name or pattern to search for
limitintegerNoMax results to return (default: 20)
cursorstringNoPagination cursor for next page

Response Schema

json
{
  "symbols": [
{
  "name": "validate_user",
  "fully_qualified_name": "app.auth.validate_user",
  "type": "function",
  "file_path": "/project/app/auth.py",
  "line_number": 45,
  "metadata": {
    "return_type": "bool",
    "parameters": ["username", "password"],
    "decorators": ["@require_auth"],
    "is_async": false
  }
}
  ],
  "next_cursor": "abc123",
  "total_matches": 5
}

Example Queries

text
Find all functions named validate_user
text
Find symbols matching process_*
text
Locate the User class definition

Example Response

text
Found 3 matches for "validate_*":

1. validate_user (function)
   Location: app/auth.py:45
   FQN: app.auth.validate_user
   Parameters: username, password
   Returns: bool

2. validate_email (function)
   Location: app/utils.py:123
   FQN: app.utils.validate_email

3. validate_token (function)
   Location: app/auth.py:89
   FQN: app.auth.validate_token

Tool 3: get_callers

Identifies all functions that invoke a target function (reverse call graph analysis). Answers "Who uses this function?"

Purpose

  • Find all callers of a function
  • Understand function usage
  • Identify impact of changes
  • Trace backwards in call graph

Input Parameters

ParameterTypeRequiredDescription
function_fqnstringYesFully qualified name of target function
limitintegerNoMax results to return (default: 20)
cursorstringNoPagination cursor for next page

Response Schema

json
{
  "target_function": "app.auth.validate_user",
  "callers": [
{
  "caller_fqn": "app.api.login_endpoint",
  "caller_file": "/project/app/api.py",
  "caller_line": 78,
  "call_sites": [
    {
      "file": "/project/app/api.py",
      "line": 82,
      "column": 12
    }
  ]
}
  ],
  "next_cursor": "xyz789",
  "total_callers": 12
}

Example Queries

text
What functions call validate_user?
text
Show me all callers of process_payment
text
Who uses the deprecated authenticate function?

Example Response

text
Found 12 functions that call app.auth.validate_user:

1. app.api.login_endpoint (app/api.py:82)
2. app.api.register_endpoint (app/api.py:145)
3. app.middleware.auth_middleware (app/middleware.py:34)
4. app.cli.login_command (app/cli.py:67)

... and 8 more (use pagination to see all)

Tool 4: get_callees

Lists all functions invoked by a given function (forward call graph). Answers "What does this function depend on?"

Purpose

  • Find function dependencies
  • Understand what a function calls
  • Trace forward in call graph
  • Analyze function complexity

Input Parameters

ParameterTypeRequiredDescription
function_fqnstringYesFully qualified name of source function
limitintegerNoMax results to return (default: 20)
cursorstringNoPagination cursor for next page

Response Schema

json
{
  "source_function": "app.api.login_endpoint",
  "callees": [
{
  "callee_fqn": "app.auth.validate_user",
  "callee_file": "/project/app/auth.py",
  "callee_line": 45,
  "resolution_status": "resolved",
  "call_site": {
    "file": "/project/app/api.py",
    "line": 82,
    "column": 12
  },
  "type_inference": {
    "confidence": "high",
    "method": "static_analysis"
  }
}
  ],
  "unresolved_calls": [
{
  "name": "external_api_call",
  "reason": "Dynamic import or external library"
}
  ],
  "next_cursor": "def456",
  "total_callees": 8
}

Example Queries

text
What functions does login_endpoint call?
text
Show dependencies of process_payment
text
What does the authenticate function depend on?

Example Response

text
app.api.login_endpoint calls 8 functions:

Resolved (6):
1. app.auth.validate_user (app/auth.py:45)
2. app.db.get_user_by_email (app/db.py:123)
3. app.auth.generate_token (app/auth.py:89)
4. app.utils.log_event (app/utils.py:34)
5. app.db.update_last_login (app/db.py:156)
6. app.api.send_response (app/api.py:23)

Unresolved (2):
- redis.set (external library)
- some_dynamic_function (dynamic resolution)

Tool 5: get_call_details

Provides granular information about a specific call between two functions.

Purpose

  • Get precise call site locations
  • Analyze call arguments
  • Understand type resolution
  • Debug specific call relationships

Input Parameters

ParameterTypeRequiredDescription
caller_fqnstringYesFully qualified name of caller function
callee_fqnstringYesFully qualified name of callee function

Response Schema

json
{
  "caller": "app.api.login_endpoint",
  "callee": "app.auth.validate_user",
  "call_details": {
"file": "/project/app/api.py",
"line": 82,
"column": 12,
"arguments": [
  { "name": "username", "value": "request.form['username']" },
  { "name": "password", "value": "request.form['password']" }
],
"resolution": {
  "status": "resolved",
  "confidence": "high",
  "method": "static_type_inference"
},
"context": {
  "in_try_block": true,
  "in_loop": false,
  "is_conditional": false
}
  }
}

Example Queries

text
Show me details of the call from login_endpoint to validate_user
text
Get call site information between process_payment and charge_card

Example Response

text
Call from app.api.login_endpoint to app.auth.validate_user:

Location: app/api.py:82:12
Arguments:
  - username: request.form['username']
  - password: request.form['password']

Resolution: High confidence (static type inference)
Context: Inside try-except block

Tool 6: resolve_import

Maps Python import paths to actual file locations.

Purpose

  • Resolve import statements
  • Find module file paths
  • Handle ambiguous imports
  • Navigate import chains

Input Parameters

ParameterTypeRequiredDescription
import_pathstringYesImport path to resolve (e.g., "app.auth")

Response Schema

json
{
  "import_path": "app.auth",
  "matches": [
{
  "file_path": "/project/app/auth.py",
  "module_fqn": "app.auth",
  "match_type": "exact"
}
  ],
  "match_status": "exact" | "partial" | "ambiguous" | "not_found",
  "suggestions": [
"app.authentication",
"app.auth_utils"
  ]
}

Example Queries

text
Where is the import "app.auth" located?
text
Resolve the import path for utils.validators
text
Find the file for django.contrib.auth import

Example Response

text
Import "app.auth" resolves to:
  File: /project/app/auth.py
  Module: app.auth
  Match: Exact

No ambiguity found.

Tool 7: find_module

Search for Python modules by name. Returns module information including file path and function counts.

Purpose

  • Find module file locations
  • Understand module structure and size
  • Navigate between modules
  • Discover modules by partial name

Input Parameters

ParameterTypeRequiredDescription
namestringYesModule name — FQN (myapp.auth) or short name (auth)

Example Queries

text
Find the auth module
text
Where is the models.user module?

Example Response

text
Found 2 modules matching "auth":

1. myapp.auth
   File: /project/myapp/auth.py
   Functions: 12

2. myapp.api.auth
   File: /project/myapp/api/auth.py
   Functions: 8

Tool 8: list_modules

List all modules in the indexed project with their file paths and function counts.

Purpose

  • Get a complete overview of project modules
  • Understand project structure
  • Find the largest/most complex modules

Input Parameters

None required.

Example Queries

text
List all modules in the project
text
Show me the project structure

Tool 9: find_dockerfile_instructions

Search Dockerfile instructions with semantic filtering. Supports instruction-specific filters for FROM, RUN, USER, EXPOSE, COPY, ADD, and more.

Purpose

  • Find unpinned base images (has_digest: false)
  • Locate specific instruction types
  • Audit exposed ports
  • Check USER directives for non-root enforcement

Input Parameters

ParameterTypeRequiredDescription
instruction_typestringNoFilter by type: FROM, RUN, USER, EXPOSE, COPY, ADD, WORKDIR, etc.
file_pathstringNoFilter by Dockerfile path (partial matching)
base_imagestringNoFilter FROM instructions by base image name (e.g., python, alpine)
portintegerNoFilter EXPOSE instructions by port number
has_digestbooleanNoFilter FROM instructions by digest pinning (true = pinned, false = unpinned)
userstringNoFilter USER instructions by username
limitintegerNoMax results (default: 100)

Example Queries

text
Find all Dockerfiles with unpinned base images
text
Show me all EXPOSE instructions on port 8080
text
Which Dockerfiles use the python base image?

Example Response

text
Found 3 unpinned FROM instructions:

1. Dockerfile:1 — FROM python:3.11-slim (no digest)
2. services/api/Dockerfile:1 — FROM node:18-alpine (no digest)
3. services/worker/Dockerfile:1 — FROM golang:1.21 (no digest)

Tool 10: find_compose_services

Search docker-compose services with configuration filters. Find services by name, privileged mode, volumes, or exposed ports.

Purpose

  • Find privileged containers (security risk)
  • Locate services exposing specific ports
  • Find services mounting sensitive volumes (e.g., Docker socket)
  • Audit service configurations

Input Parameters

ParameterTypeRequiredDescription
service_namestringNoFilter by service name (partial matching)
file_pathstringNoFilter by docker-compose.yml path
has_privilegedbooleanNoFilter by privileged mode (true = privileged only)
exposes_portintegerNoFilter services exposing a specific port
has_volumestringNoFilter services with a specific volume path
limitintegerNoMax results (default: 100)

Example Queries

text
Find all privileged containers in docker-compose
text
Which services mount the Docker socket?
text
Show services exposing port 443

Example Response

text
Found 1 privileged service:

1. web (docker-compose.yml:5)
   Image: nginx:latest
   Privileged: true
   Network mode: host
   Volumes: /var/run/docker.sock:/var/run/docker.sock
   Capabilities: SYS_ADMIN, NET_ADMIN

Tool 11: get_dockerfile_details

Get a complete breakdown of a single Dockerfile with all instructions and multi-stage build analysis.

Purpose

  • Understand full Dockerfile structure
  • Analyze multi-stage build dependencies
  • Check for security best practices (USER, HEALTHCHECK)
  • Identify unpinned images

Input Parameters

ParameterTypeRequiredDescription
file_pathstringYesPath to the Dockerfile

Example Queries

text
Show me the full breakdown of the API Dockerfile
text
Analyze the multi-stage build in services/app/Dockerfile

Example Response

text
Dockerfile: services/api/Dockerfile
Total instructions: 15
Multi-stage: Yes (2 stages: builder, runtime)

Summary:
  ✓ Has USER instruction (appuser)
  ✗ Missing HEALTHCHECK
  ⚠ 1 unpinned base image

Stages:
  1. builder (golang:1.21-alpine)
  2. runtime (alpine:3.19)

Tool 12: get_docker_dependencies

Retrieve dependency information for Docker entities — compose services (depends_on) or Dockerfile stages (COPY --from). Traverses upstream and downstream dependency chains.

Purpose

  • Map service dependencies in docker-compose
  • Analyze multi-stage Dockerfile build order
  • Understand deployment topology
  • Trace dependency chains

Input Parameters

ParameterTypeRequiredDescription
typestringYesEntity type: compose or dockerfile
namestringYesEntity name: service name or stage name
file_pathstringNoFilter to specific file path
directionstringNoupstream (dependencies), downstream (dependents), or both (default)
max_depthintegerNoMaximum traversal depth (default: 10)

Example Queries

text
Show me all dependencies for the web service
text
What depends on the database service?
text
Show the build dependency chain for the Dockerfile builder stage

Example Response

text
Service: web (docker-compose.yml:12)
Direction: both

Upstream (web depends on):
  → api (docker-compose.yml:5)
  → redis (docker-compose.yml:20)

Downstream (depends on web):
  → nginx (docker-compose.yml:30)

Chain: redis → api → web → nginx

Pagination

Most tools support pagination for large result sets:

json
{
  "limit": 20,
  "cursor": "next_page_token_here"
}

To get the next page, use the next_cursor from the previous response:

text
Get callers of validate_user (next page with cursor abc123)

Error Handling

All tools return structured errors:

json
{
  "error": {
"code": "SYMBOL_NOT_FOUND",
"message": "Symbol 'invalid_function' not found in index",
"details": {
  "searched_name": "invalid_function",
  "suggestions": ["validate_function", "valid_function"]
}
  }
}

Common error codes:

  • SYMBOL_NOT_FOUND - Symbol doesn't exist
  • INVALID_FQN - Malformed fully qualified name
  • INDEX_NOT_READY - Project not yet indexed
  • PAGINATION_ERROR - Invalid cursor

Best Practices

  1. Start with get_index_info to verify the server is ready
  2. Use find_symbol for fuzzy matching before get_callers/callees
  3. Paginate large results instead of requesting everything at once
  4. Cache results when possible to reduce server load
  5. Use fully qualified names (FQN) for precise targeting