Skip to content

MCP tools

Quartermaster exposes its whole surface over an MCP Streamable-HTTP server — 38 tools in ten areas.

ToolPurposeWrites?
search_capability(query, limit?, type?, tool?)Hybrid BM25 + semantic search across every indexed type/tool; duplicates collapsed (one result, all locations noted)read-only
fetch_capability(id|slug|hash)Full body + canonical manifest + snapshot for a matchread-only
list_capabilities(type?, tool?, limit?)Browse the inventory with filtersread-only
census()Total vs unique counts, breakdowns by type/tool/scoperead-only
reindex()Re-crawl the scan roots (incremental by content hash)index only
ToolPurposeWrites?
assess_compatibilityCan this item hydrate to a target tool? Returns native / convertible / blocked with confidence, warnings, and required conversionsread-only
convert_capability({ item, target })Dry-run conversion preview to another tool, with warnings, lossiness, and blockerspreview

See Conversion & compatibility.

ToolPurposeWrites?
preview_hydrationDraft an install plan (operations marked dryRun: true)preview
apply_hydrationExecute an approved plan — rejects high-risk, unknown-origin, blocked, or policy-violating plans; every target path validated against HYDRATION_ROOTSapply
rollback_hydrationRestore recorded files and remove only what the apply createdapply (reversal)

See Hydration.

ToolPurposeWrites?
plan_skill_improvement({ method, itemIds | all })Dry-run improvement plan for one, several, or all indexed skills — verifies engine prerequisites (SkillOpt / SkillOpt-Sleep / darwin-skill), returns warnings plus step-by-step engine instructions; never runs the enginepreview
apply_skill_improvement({ itemId, method, improvedBody })Write a reviewed improved body over the live SKILL.md — requires approval: "approve", root-confined with a pre-write backup, records an audit rowapply
list_improvement_history(itemId?)The audit trail: method, before/after hashes, status, timestamps, notesread-only
rollback_improvement({ runId })Restore the recorded pre-improvement content (once per run) — requires approval: "approve"apply (reversal)

See Skill improvement.

ToolPurposeWrites?
export_packBuild a v1 (bodies) or v2 (registry-backed, with provenance/risk/drift/compatibility sections) pack manifestpreview
import_packPreview an import; every artifact marked trustState: "untrusted", nothing hydratedpreview
verify_packRecompute and check every artifact hashread-only
materialize_packWrite a v1 pack to disk under PACK_OUTPUT_ROOTS — requires approval: "approve", returns a rollback handleapply

See Packs.

ToolPurposeWrites?
register_deviceRegister a device profile (rows in the local DB only)metadata
list_devicesList registered device profilesread-only
census_devicesPer-device inventory censusread-only
ToolPurposeWrites?
scan_riskDeterministic local trust scan; high-risk findings block applymetadata
list_risk_findingsList persisted risk findingsread-only
set_trust_stateMark an artifact trusted/untrusted after reviewmetadata
ToolPurposeWrites?
find_upstream({ itemId })Ranked upstream candidates with matchMethod, confidence, and evidence — sidecar → git origin → package/MCP source → catalog → content fingerprintread-only
link_upstream({ itemId, candidate })Persist a selected candidate as the artifact’s upstream linkmetadata
pin_versionPin the link to a ref/version/commit (suggested config preview for MCP servers — never rewrites config files)metadata
unpin_versionClear the pinmetadata
explain_drift({ itemId })Full drift status taxonomy, file-level changes, conflicts, semantic findings, risk, recommendationpreview
scan_drift({ itemIds | allLinked })Compute (and by default persist) drift reports for many linked itemsmetadata
accept_local_changesAccept a reviewed fork as the new baselinemetadata
check_updates({ itemId | all })Installed vs latest upstream — cache-only unless the network double-gate is openread-only*
preview_update({ itemId })The canonical dry-run merge planner: baseline → current → latest → operationspreview

* network only with ALLOW_NETWORK_UPDATES=1 and allowNetwork: true. See Upstream provenance & drift.

ToolPurposeWrites?
refresh_public_catalog({ entries })Import static catalog entries (or ingest live from an MCP registry URL behind the network double-gate)metadata
list_public_catalog()List cached entriesread-only
match_public_catalog({ itemId | path | name })Match an item against the cacheread-only

See Public catalog.

ToolPurposeWrites?
snapshot_mcp_surfaceStore a supplied tools/prompts/resources listing (metadata only — never connects to a live server, never executes anything)metadata
compare_mcp_surfaceDiff two snapshots; flags added/removed tools and raises a high-severity finding when a new tool has destructiveHint: trueread-only
  • read-only — no state change at all.
  • metadata — writes rows in Quartermaster’s own SQLite database; never artifact files.
  • preview — returns a plan (dryRun: true, writes: []); nothing touches the filesystem.
  • apply — the only tools that write artifact files; approval-gated, root-confined, reversible.

Health/debug endpoints: GET /health, GET / (the web console).