MCP / Tool reference

Tool reference.

18 tools across 5 toolsets, every response a deterministic JSON envelope. Toolsets are opt-in via the X-Scrubber-Toolsets request header; core is always on.

01 — At a glance

The five toolsets, summarised.

Toolset	Tools	What it’s for
`core (always-on)`	2	Orient and identify the connected org.
`findings`	5	Drill into flagged components, including the per-component-per-signal finding. Each response embeds the matching remediation advisory inline.
`change-safety`	3	Pre-deployment factual analysis per change kind.
`field-quality`	3	Per-field data quality and inventory.
`dependencies`	5	What depends on what; semantic search; metadata explorer.

02 — Featured tools

You probably want these first.

get_org_health_snapshotcore

Start here. Composite score plus per-pillar scores for the connected org.

get_signal_findingsfindings

Drill into one signal: full offender list plus the remediation advisory.

get_component_findingfindings

Fix one finding on one component — offender, blast radius, advisory in one call.

get_component_full_contextdependencies

Explore everything about a component before changing it.

search_components_semanticdependencies

Find components by description when you don't know the api name.

03 — By toolset

Every tool, grouped by what it does.

03.01`core`

2 tools

Always on, even when the request asks for an empty toolset list. Two tools that orient the calling agent: which org are we talking to, and how healthy is it overall.

get_org_health_snapshot

Composite score, per-pillar scores, per-scorer summaries, and totals for the connected org.

Inputs: { freshnessMaxAgeMinutes? }
Returns: the snapshot envelope with composite + pillars + scorers + totals.

example

{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"get_org_health_snapshot","arguments":{}}}

whoami

Echoes the email, org id, and key prefix the current request resolved to.

Inputs: {}
Returns: { email, orgId, keyId, keyPrefix, scopes[] }.

03.02`findings`

5 tools

Drill into flagged components: enumerate triggered signals, list components, fetch the finding for one component and one signal, and return the offender list plus remediation advisory in one call.

list_signals

Enumerate triggered signals in the org, filterable by detector, pillar, severity, or substring.

Inputs: { detector?, pillar?, severity?, signalTypeContains?, limit?, offset? }
Returns: a paginated list of signal summaries with offender counts.

list_components

Enumerate components in the org, filterable by type, parent object, signal flag, or origin.

Inputs: { componentType?, parentObject?, hasSignals?, componentOrigin?, limit?, offset? }
Returns: trimmed component records (id, type, apiName, label, signal counts, highest severity).

get_signal_findings

Full offender list for one signal, with the embedded remediation advisory.

Inputs: { signalType, includeRemediation? }
Returns: the offender list plus aggregate counts plus the per-signal advisory.

example

{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"get_signal_findings","arguments":{"signalType":"<signalId>"}}}

get_component_detail

All structural facts for one component plus every signal it triggered.

Inputs: { componentId, includeRemediation? }
Returns: type, apiName, parent, descriptions, dependency rollups, and per-signal advisories.

get_component_finding

Returns the finding for one component and one signal in one call — everything you need to fix it.

Inputs: { componentId, signalType, includeRemediation? }
Returns: the matching offender row, scoped evidence, blast radius, and the remediation advisory.

example

{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"get_component_finding","arguments":{"componentId":"<componentId>","signalType":"<signalId>"}}}

03.03`change-safety`

3 tools

Pre-deployment factual analysis. One tool per change kind so the agent picks the tool that matches the change it is about to make. Each tool returns blast radius, conflicting items, and data impact for that change — facts only, no opinions.

check_field_required_change

Pre-flight a flip of a field's required flag in either direction.

Inputs: { objectApiName, fieldApiName, newRequiredValue }
Returns: blast radius, conflicting validation rules, count of records that would fail.

example

{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"check_field_required_change","arguments":{"objectApiName":"<objectApiName>","fieldApiName":"<fieldApiName>","newRequiredValue":true}}}

check_field_delete

Pre-flight a field deletion.

Inputs: { objectApiName, fieldApiName }
Returns: every dependent component, conflicting items, and the populated record count.

check_permset_assign

Pre-flight assigning a permission set to a list of users.

Inputs: { permsetApiName, userIds: string[] }
Returns: license-availability shortfall and conflicting permission-set-license assignments.

03.04`field-quality`

3 tools

Per-field data-quality and inventory queries. Useful before adding a validation rule, before promoting a field to required, or just to find the long tail of fields nobody fills.

check_field_quality

Fill rate, distinct value count, NULL count, sample values, and triggered signals for one field.

Inputs: { objectApiName, fieldApiName }
Returns: { fillRatePct, distinctValueCount, nullCount, sampleValues, signals[] }.

example

{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"check_field_quality","arguments":{"objectApiName":"<objectApiName>","fieldApiName":"<fieldApiName>"}}}

list_fields

Field inventory for one object, filterable by type, signal flag, and fill rate.

Inputs: { objectApiName, type?, hasSignals?, fillRateBelow?, limit?, offset? }
Returns: trimmed per-field records with apiName, type, label, fillRatePct, signal count.

find_low_fill_rate_fields

Org-wide sweep for fields below a fill-rate threshold — quick-win discovery.

Inputs: { threshold? (default 10), includeManaged?, limit? }
Returns: the fields under the threshold, sorted lowest-fill-rate first.

03.05`dependencies`

5 tools

What depends on what. Compute blast radius, find orphans, walk inbound and outbound edges, search by description, and pull a single-call full-context view for any component.

compute_blast_radius

Blast-radius band (None / Low / Medium / High) plus the top inbound referencers for one component.

Inputs: { componentId }
Returns: { band, edgeCount, topReferencers[] }.

find_orphan_components

Components with zero inbound dependencies — cleanup candidates.

Inputs: { componentType?, includeManaged?, limit?, offset? }
Returns: an actionable list of orphan components.

get_component_dependencies

Inbound, outbound, or both edge sets for one component, grouped by relation family.

Inputs: { componentId, direction? ('inbound' | 'outbound' | 'both'), limit?, offset? }
Returns: edge lists with sub-symbol targeting where parsers flagged it.

get_component_full_context

One-call metadata explorer: description, grouped dependencies, every signal, per-signal advisories.

Inputs: { componentId, includeRemediation?, edgeLimit? }
Returns: everything an agent needs to reason about a component in a single round-trip.

example

{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"get_component_full_context","arguments":{"componentId":"<componentId>"}}}

search_components_semantic

Find a component by describing it in plain English — no API name required.

Inputs: { query, componentType?, limit?, includeManaged? }
Returns: ranked matches with a similarity score and a short snippet for each hit.

example

{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"search_components_semantic","arguments":{"query":"Apex class that handles territory assignment for inactive accounts"}}}

04 — Common patterns

Four recipes covering the usual jobs.

Show all findings of a type

Call list_signals to discover the canonical signal id, then get_signal_findings with that id to get the full offender list plus the embedded remediation advisory.

Fix a specific finding

Call get_component_finding with componentId and signalType— one round-trip returns the offender row, scoped evidence, blast radius, and the remediation advisory.

Before I change this, what depends on it?

Call get_component_full_context with the component id. The response carries the description, grouped inbound and outbound dependencies, every triggered signal on the component, and per-signal advisories — replaces three to five separate calls.

Find the right component

Call search_components_semanticwith a natural-language description (e.g. “Apex class that handles territory assignment for inactive accounts”). Returns ranked matches with similarity scores so the agent can pick the best starting component without knowing the api name.

05 — What's next