MCP tools
MCP tools are the primary output of Spectral. They let AI agents call any discovered API directly — no browser automation, no manual integration code, no protocol-specific knowledge required.
Prerequisites
Section titled “Prerequisites”- At least one capture for the app (see Capture)
- An LLM provider configured (see Installation)
Generating tools
Section titled “Generating tools”Run mcp analyze with the app name:
spectral mcp analyze myappThis produces one tool per business capability discovered in the captures. Tools are stored in managed storage at ~/.local/share/spectral/apps/<app>/tools/.
If the app requires authentication, see Authentication for all available options.
The --debug flag saves all LLM prompts and responses to disk (see Debug Mode).
Re-running analysis
Section titled “Re-running analysis”You can re-run mcp analyze at any time. New captures are merged with previous ones, and tool definitions are overwritten. This lets you iteratively expand coverage by capturing more workflows and re-analyzing.
How it works
Section titled “How it works”Each tool maps a business operation (like “search parking areas” or “get account balance”) to an HTTP request template. Tools are protocol-agnostic: the same format works for REST, GraphQL, REST.li, custom RPC, or any other protocol over HTTP.
The mcp analyze pipeline processes each trace greedily:
- All captures are loaded and merged into a single bundle.
- The LLM identifies the business API origin, filtering out CDN, analytics, and tracker domains.
- For each trace, a lightweight LLM call classifies it as a useful business capability or not (static assets, config endpoints, health checks are skipped).
- For useful traces, a full LLM call builds the tool definition — HTTP method, path pattern, headers, parameters, request body template — using investigation tools (base64/URL/JWT decoding, trace inspection, schema inference).
- Once a trace is claimed by a tool, it is removed from the working set.
When a tool is called at runtime, the server validates arguments against the tool’s JSON Schema (with type coercion), resolves parameter placeholders in the request template, injects auth headers and body params if needed, and makes the HTTP request.