Quartermaster exposes its whole surface over an MCP Streamable-HTTP server —
38 tools in ten areas .
Dry-run by default
Anything that would touch the filesystem returns a preview (dryRun: true,
writes: []) until you make an explicit apply call with
approval: "approve". Only three tools can write artifact files at all:
apply_hydration, apply_skill_improvement, and materialize_pack — all
approval-gated and root-confined. See the
security model .
Tool Purpose Writes? search_capability(query, limit?, type?, tool?)Hybrid BM25 + semantic search across every indexed type/tool; duplicates collapsed (one result, all locations noted) read-only fetch_capability(id|slug|hash)Full body + canonical manifest + snapshot for a match read-only list_capabilities(type?, tool?, limit?)Browse the inventory with filters read-only census()Total vs unique counts, breakdowns by type/tool/scope read-only reindex()Re-crawl the scan roots (incremental by content hash) index only
Tool Purpose Writes? assess_compatibilityCan this item hydrate to a target tool? Returns native / convertible / blocked with confidence, warnings, and required conversions read-only convert_capability({ item, target })Dry-run conversion preview to another tool, with warnings, lossiness, and blockers preview
See Conversion & compatibility .
Tool Purpose Writes? preview_hydrationDraft an install plan (operations marked dryRun: true) preview apply_hydrationExecute an approved plan — rejects high-risk, unknown-origin, blocked, or policy-violating plans; every target path validated against HYDRATION_ROOTS apply rollback_hydrationRestore recorded files and remove only what the apply created apply (reversal)
See Hydration .
Tool Purpose Writes? plan_skill_improvement({ method, itemIds | all })Dry-run improvement plan for one, several, or all indexed skills — verifies engine prerequisites (SkillOpt / SkillOpt-Sleep / darwin-skill), returns warnings plus step-by-step engine instructions; never runs the engine preview apply_skill_improvement({ itemId, method, improvedBody })Write a reviewed improved body over the live SKILL.md — requires approval: "approve", root-confined with a pre-write backup, records an audit row apply list_improvement_history(itemId?)The audit trail: method, before/after hashes, status, timestamps, notes read-only rollback_improvement({ runId })Restore the recorded pre-improvement content (once per run) — requires approval: "approve" apply (reversal)
See Skill improvement .
Tool Purpose Writes? export_packBuild a v1 (bodies) or v2 (registry-backed, with provenance/risk/drift/compatibility sections) pack manifest preview import_packPreview an import; every artifact marked trustState: "untrusted", nothing hydrated preview verify_packRecompute and check every artifact hash read-only materialize_packWrite a v1 pack to disk under PACK_OUTPUT_ROOTS — requires approval: "approve", returns a rollback handle apply
See Packs .
Tool Purpose Writes? register_deviceRegister a device profile (rows in the local DB only) metadata list_devicesList registered device profiles read-only census_devicesPer-device inventory census read-only
Tool Purpose Writes? scan_riskDeterministic local trust scan; high-risk findings block apply metadata list_risk_findingsList persisted risk findings read-only set_trust_stateMark an artifact trusted/untrusted after review metadata
Tool Purpose Writes? find_upstream({ itemId })Ranked upstream candidates with matchMethod, confidence, and evidence — sidecar → git origin → package/MCP source → catalog → content fingerprint read-only link_upstream({ itemId, candidate })Persist a selected candidate as the artifact’s upstream link metadata pin_versionPin the link to a ref/version/commit (suggested config preview for MCP servers — never rewrites config files) metadata unpin_versionClear the pin metadata explain_drift({ itemId })Full drift status taxonomy, file-level changes, conflicts, semantic findings, risk, recommendation preview scan_drift({ itemIds | allLinked })Compute (and by default persist) drift reports for many linked items metadata accept_local_changesAccept a reviewed fork as the new baseline metadata check_updates({ itemId | all })Installed vs latest upstream — cache-only unless the network double-gate is open read-only* preview_update({ itemId })The canonical dry-run merge planner: baseline → current → latest → operations preview
* network only with ALLOW_NETWORK_UPDATES=1 and allowNetwork: true.
See Upstream provenance & drift .
Tool Purpose Writes? refresh_public_catalog({ entries })Import static catalog entries (or ingest live from an MCP registry URL behind the network double-gate) metadata list_public_catalog()List cached entries read-only match_public_catalog({ itemId | path | name })Match an item against the cache read-only
See Public catalog .
Tool Purpose Writes? snapshot_mcp_surfaceStore a supplied tools/prompts/resources listing (metadata only — never connects to a live server, never executes anything) metadata compare_mcp_surfaceDiff two snapshots; flags added/removed tools and raises a high-severity finding when a new tool has destructiveHint: true read-only
read-only — no state change at all.
metadata — writes rows in Quartermaster’s own SQLite database; never
artifact files.
preview — returns a plan (dryRun: true, writes: []); nothing touches
the filesystem.
apply — the only tools that write artifact files; approval-gated,
root-confined, reversible.
Health/debug endpoints: GET /health, GET / (the
web console ).