Tools overview
The MCP server exposes a set of design-time tools that mirror the operations available in the Cockpit. Each tool operates on a specific artifact type. After a client is connected and authorized, an AI assistant can invoke these tools in response to natural-language instructions.
Every tool call runs as the signed-in user and passes through the same validation pipeline, edit-lock checks, and save hooks as the Cockpit. An MCP client cannot bypass platform-level constraints.
Artifact types and required roles
Each group of tools requires a specific access control role on the user account. If the role is absent, the tool fails immediately with an access denied error before any action is performed. Development package permissions apply on top of role checks for non-administrative users.
| Artifact type | Required role | Read / write | Reference page |
|---|---|---|---|
APIs |
|
Read and write |
|
Applications |
|
Read and write |
|
Adaptive entities |
|
Read and write |
|
Development packages |
|
Read and write |
|
npm packages |
|
Read and write |
|
Server scripts |
|
Read and write |
|
System logs |
|
Read only |
|
Tables |
|
Read and write |
|
Web apps |
|
Read and write |
What you can do with MCP
The following table maps common development tasks to the relevant tool page. Use it as a starting point when you are unsure which tools apply to your goal.
| I want to… | Go to… |
|---|---|
Write or edit a server-side JavaScript or TypeScript script |
|
Organize server scripts into a project |
|
Execute a server script and inspect its output |
|
Create or update an application |
|
Activate an application to make changes available at runtime |
|
Build a React or Vue web app |
|
Create or modify a database table definition |
|
Query rows from a database table |
|
Define a custom data structure for the Adaptive Designer |
|
Design or update an API registered on the platform |
|
Add, install, or remove an npm package |
|
Group artifacts into a development package |
|
View or filter system log entries |
|
Diagnose errors or trace script and request activity |
|
Understand why a tool returned an access denied error |
Tool call prerequisites
Before a tool call succeeds, the following conditions must be met:
-
The client holds a valid access token with the
mcp:toolsscope. See Authorization. -
The user account has the role required by the tool group (see table above).
-
For non-administrative users, the target artifact belongs to a development package that the user’s roles grant access to. See Access control.
Related topics
-
Authorization — how tokens are issued and what scope is required.
-
Access control — role and development package enforcement details.
-
Cockpit overview — the web-based interface that exposes the same operations as the MCP tools.