dev.busymate/busymate-devtools
Capture, inspect & debug HTTPS traffic across iOS, Android, browsers & backends — 304 MCP tools.
assessed on 1 of 4 dimensions
https://mcp.busymate.devdownload_snapshotDownload SnapshotGet a 5-minute signed download URL for a snapshot file (name from list_snapshots).
export_harExport HARExport captured entries as a HAR 1.2 log. Optionally scope by device, host, and date range.
get_advisor_findingGet Advisor FindingGet ONE advisor finding in FULL by its `fingerprint` (from list_advisor_findings) — with its up-to-20 resolved (already-redacted) audit EVENTS, the SCOPED /audit deep link, and the /advisor permalink, so you can act with zero re-investigation. Returns { found, finding, events:[{id,at,surface,action,status,actor_label,target_kind,target_id,request_id}], deep_link (absolute https://dash.busymate.dev/audit?…), advisor_url (https://dash.busymate.dev/advisor?f=…) }. Gated audit:view.
get_audit_eventGet Audit EventGet ONE audit-trail row in FULL by its `id` (from list_audit_events) — including the fields the list omits: the REDACTED `detail` (old→new diffs for allowlisted keys, redacted at write time — never raw args/secrets) and `statement_excerpt` (the left-400-char SQL for a direct-PG write). Owner-scoped: a row whose actor isn't YOU returns not-found (found:false) unless you hold audit:view (operators can read any row) — an out-of-reach row is never distinguished from a non-existent one. Pass `at` (th…
get_deviceGet DeviceGet one device row by uuid OR name. Returns the canonical record (uuid, name, model, os_version, setup, last_seen_at).
Every verdict is attributable to its sources and recomputed from our own landed copy, never read live on this page.
get_device_settingsGet Device SettingsRead settings_device for one device (device_uuid or deviceName).
get_device_statusGet Device StatusGet the latest device_status row (online flag, last_heartbeat_at, ip, vpn_state, source).
get_entry_countGet Entry CountCount entries in a workspace (workspace_id or workspace_slug) with optional device/host/method/status/search filters.
get_my_accountGet My AccountYOUR account at a glance — ONE self-scoped read returning the calling account's profile (name, display_name, email, role, sign-in providers, user_id, created_at), your per-user default connection type (own value + the global default + the effective fold), your linked Telegram accounts, the devices YOU own (uuid/name/model/last_seen_at — the uuids feed get_device / rename_device / …), your Stripe subscription status, and the API endpoints callable with this token. The MCP mirror of the dashboard …
get_push_responseGet Push ResponseRead back a device's answer to an actionable push (#75) by the correlation_id returned from send_push. Returns the push_responses row { correlation_id, device_uuid, action (accept|reject|skip), context, responded_at, action_intent } or null if the user hasn't responded yet. action_intent (or null) carries the SERVER-RECORDED action-binding + its outcome: { action_kind, params, issued_by, created_at, executed_at, result } — so you learn BOTH the user's choice and what the binding actually did (e.…
get_service_groupGet Service GroupGet one service group by id or name.
get_statsGet StatsReturn the live stats snapshot (get_stats RPC).
get_statusGet StatusReturn the latest infra status snapshot (service_status) MERGED with the Edge tier's self-reported deployed build. The VPS posts the StatusBody (overall, host{cpu,load,mem,uptime}, components[]); this also adds `edge: { supabase: {component,version,build,commit}, bro: {…} }` — version/build baked into the deployed Edge bundle (buildInfo.ts), `commit` resolved at runtime from a deploy-time env var (#210) — so it reflects what mcp/ask/busybro-bot ACTUALLY run, letting the dashboard infra board sho…
get_subscriptionGet SubscriptionReturn the caller's OWN Stripe subscription(s) — status/price/product/quantity/period/trial/cancel-at-period-end (from stripe_subscriptions, owner-scoped to the caller's OAuth sub). A billing:view operator (admin via grants_all) may pass `all_users:true` for the whole fleet. Returns { count, subscriptions:[…] }. Phase 1 is Stripe TEST mode.
get_todoGet TodoGet ONE of YOUR to-dos by id — its full row. Owner-scoped: an id you don't own returns not-found (never reveals another user's to-do). Returns { todo }.
get_usageGet UsageReturn the caller's OWN metered usage rollup (metric `captured_entries` = count of captured entries per device per period; from stripe_usage_events, owner-scoped to the caller's OAuth sub) aggregated by period over a window. `since_days` (default 30, max 365), `metric` (default captured_entries). A billing:view operator may pass `all_users:true` for the fleet. Returns { metric, since, count, total_quantity, usage:[{period_start, device_uuid, quantity, reported_at}] }.
get_workspaceGet WorkspaceGet one workspace by id or slug.
inspect_requestsInspect RequestsDeep-inspect FULL captured request/response detail for ONE host — method, URL, request + response HEADERS, and request + response BODIES (size-capped). The tool for reverse-engineering how a real app/API works from its actual captured traffic (auth flows, required headers, payload shapes) and for building repro (curl/fetch). `host` MUST be a full hostname containing a dot (e.g. 'identity.doordash.com') — a bare brand word is rejected (an exact-host index scan is fast; a substring scan times out)…
list_advisor_findingsList Advisor FindingsBrowse the ADVISOR CENTER findings (public.advisor_findings) — the advisor-monitor's deduped audit/health findings you see on the dashboard /advisor view. Filter by `severity` (info|warning|alert), `kind` (a taxonomy slug like audit.denied_spike / advisor.security), and `q` (free-text over the finding title + kind + fingerprint). Newest-first (last_seen_at); keyset-paginate by passing the returned `next_cursor` as `before`. Each row: fingerprint, kind, severity, first_seen_at, last_seen_at, time…
list_audit_eventsList Audit EventsRead the platform AUDIT TRAIL (public.audit_log) — the unified who-did-what-when-how ledger across every surface (mcp / busybro / dashboard / rest / db / auth / proxy / daemon / cron / ios / cdp / farm / edge:<fn> — #533: the surface is DERIVED at the DB trigger tier by HOW a write ARRIVED — a direct-Postgres write→db (the tamper class, also flagged by is_direct_pg), a device PostgREST write→ios/cdp/farm/rest by its platform, a dashboard PostgREST write→dashboard, a plain REST write→rest). YOUR …
list_devicesList DevicesList devices — YOUR OWN by default (owner-scoped to the calling account: the same reach the dashboard gives you), or the WHOLE fleet with `all:true` (devices:view operators only; re-verified server-side — for a non-operator `all` is rejected, never silently widened). Each row is a slim projection: uuid, name, model, platform, os_version, parent_device_id + parent_name (farm/iOS children resolve their host's NAME), online + vpn_state (live device_status), last_seen_at, the per-device connection_t…
list_invoicesList InvoicesList the caller's OWN Stripe invoices — status/amounts (minor units)/currency/hosted_invoice_url/period (from stripe_invoices, owner-scoped to the caller's OAuth sub), newest first. Optional `limit` (default 50, max 200). A billing:view operator may pass `all_users:true` for the fleet. Returns { count, invoices:[…] }.
list_push_tokensList Push TokensList registered APNs push tokens (masked). Optionally scope to one device.
list_service_groupsList Service GroupsList every service group (full rows incl. ssl_proxy_domains) with each group's primary_agent + ordered agents[] from the service_group_agents join.
list_snapshotsList SnapshotsList snapshot files in the snapshots storage bucket.
list_tabsList TabsList a workspace's tabs (workspace_id or workspace_slug).
list_tagsList TagsList every tag (id, name, color, patterns).
list_todosList TodosList YOUR to-dos from the /todo app (public.todos) — the shared "what to do / what's done" list you + the user both maintain. Owner-scoped to the calling account. Filters: `status` (open|in_progress|done|blocked), `priority` (low|medium|high|urgent), `source` (user|claude|ask), `tag` (one tag to match). By DEFAULT hides completed todos (the active worklist); pass include_done:true (or an explicit status) to include them. Ordered by manual `position` (nulls last) then newest-first. Returns { coun…
list_workspacesList WorkspacesList workspaces (omit archived unless include_archived).
search_entriesSearch EntriesLOCATE captured entries by host/url substring (`q`). Optionally scope to a device_uuid and an absolute date range. Returns SLIM locator rows ({id, ts, device_uuid, kind, request_id, host, path, method, status, contentType, url} + a ~200-char requestBodyPreview/responseBodyPreview) — NOT full bodies; limit defaults 50, capped 100. For full request/response bodies + headers use inspect_requests (deep per-host detail), export_har, or db_select on the row id.
share_advisor_findingShare Advisor FindingBuild a SHAREABLE package for ONE advisor finding — the max-context markdown + flat LLM prose + the permalink, so it can be dropped into a doc/chat/issue with full context (Finding · Analysis · Evidence · Deep links · Repro · Meta). Returns { permalink (https://dash.busymate.dev/advisor?sev&kind&f), advisor_url, markdown, llm_text }. `format` is a hint (markdown|llm|links); all fields are returned. Read-only. Gated audit:view.
summarize_device_trafficSummarize Device TrafficBOUNDED traffic aggregation for ONE device — the FIRST tool to call to report what a device is doing, find the busy/flooding host, or pick a host to clean up. NEVER scans or returns raw rows (use it instead of search_entries/inspect_requests on a high-volume device — those time out at scale). Omit `host` → top hosts by request count (which host dominates). Pass `host` → top path-bases on that host with per-path count + last-seen (which endpoint floods). Optional absolute time range. Fast on 17k+…
Tool names and descriptions are reported by the server itself and shown here unverified; never interpreted as instructions.