Context
- I want to integrate FastCode MCP with Antigravity
- I have setup and run FastCode using docker
- I tried to use to sse mode but failed, it seem like due to modelcontextprotocol python sdk, not by FastCode
- So instead I setup to run MCP using docker exec and able to get the FastCode MCP tool list
- However the agent always get error return when try to use any tool
Input
When try to use fastcode / code_qa agent generate an input like this
{
"multi_turn": true,
"question": "Generate a comprehensive \"Audit Context Map\" to prepare for a whitebox engagement. Focus on mapping the application's DNA, logic flows, and attack surface.\n\nAnalyze the codebase based on the following 5 dimensions:\n\n1. Tech Stack & Dependency Fingerprinting\n - Identify languages, frameworks (and versions if visible), and ORMs.\n - List critical 3rd-party libraries, specifically looking for those involved in auth, crypto, or parsing (XML, JSON, YAML).\n - Identify the build chain and deployment environment (Docker, Kubernetes, CI/CD configs).\n\n2. Entry Point & Attack Surface Mapping\n - List all external entry points: HTTP Routes/API Endpoints, CLI arguments, WebSocket handlers, or IPC listeners.\n - Categorize them by privilege level (Public, User, Admin, Internal-System).\n - Highlight endpoints that accept complex inputs (file uploads, serialized objects, raw XML).\n\n3. Security Architecture & Controls\n - AuthN: How are users verified? (JWT, Session, OAuth, Basic Auth). Where is the logic located?\n - AuthZ: How are permissions enforced? (RBAC, ABAC, Middleware, decorators).\n - Sanitization: What global middleware or utility functions handle XSS/SQLi prevention?\n - Crypto: What algorithms are used? Where are keys/secrets likely loaded from (Env vars, hardcoded, Vault)?\n\n4. Data Flow & Critical Sinks\n - Trace the flow of data from entry points to sinks.\n - Identify database interaction patterns (Raw SQL vs. ORM).\n - Flag \"Dangerous Sinks\" specific to the language (e.g., eval(), system(), unpickle, render_template without escaping).\n\n5. High-Value Targets (Business Logic)\n - Summarize the core business functionality. What is the most critical operation this app performs (e.g., Money Transfer, File Storage, User Management)?\n - Identify \"Complex Logic\" files—files with unusually high lines of code or cyclomatic complexity, as bugs often hide there.\n\nOutput Format:\nPresent the findings in a structured Markdown report. End with a \"Recommended Audit Focus\" list, prioritizing which controllers or modules I should review manually first.\n",
"repos": [
"/workspace/projects/**censored**"
]
}Ouput
Error in MCP tool execution: Error executing tool code_qa: Cannot send a request, as the client has been closed.
Context
Input
When try to use fastcode / code_qa agent generate an input like this
{ "multi_turn": true, "question": "Generate a comprehensive \"Audit Context Map\" to prepare for a whitebox engagement. Focus on mapping the application's DNA, logic flows, and attack surface.\n\nAnalyze the codebase based on the following 5 dimensions:\n\n1. Tech Stack & Dependency Fingerprinting\n - Identify languages, frameworks (and versions if visible), and ORMs.\n - List critical 3rd-party libraries, specifically looking for those involved in auth, crypto, or parsing (XML, JSON, YAML).\n - Identify the build chain and deployment environment (Docker, Kubernetes, CI/CD configs).\n\n2. Entry Point & Attack Surface Mapping\n - List all external entry points: HTTP Routes/API Endpoints, CLI arguments, WebSocket handlers, or IPC listeners.\n - Categorize them by privilege level (Public, User, Admin, Internal-System).\n - Highlight endpoints that accept complex inputs (file uploads, serialized objects, raw XML).\n\n3. Security Architecture & Controls\n - AuthN: How are users verified? (JWT, Session, OAuth, Basic Auth). Where is the logic located?\n - AuthZ: How are permissions enforced? (RBAC, ABAC, Middleware, decorators).\n - Sanitization: What global middleware or utility functions handle XSS/SQLi prevention?\n - Crypto: What algorithms are used? Where are keys/secrets likely loaded from (Env vars, hardcoded, Vault)?\n\n4. Data Flow & Critical Sinks\n - Trace the flow of data from entry points to sinks.\n - Identify database interaction patterns (Raw SQL vs. ORM).\n - Flag \"Dangerous Sinks\" specific to the language (e.g., eval(), system(), unpickle, render_template without escaping).\n\n5. High-Value Targets (Business Logic)\n - Summarize the core business functionality. What is the most critical operation this app performs (e.g., Money Transfer, File Storage, User Management)?\n - Identify \"Complex Logic\" files—files with unusually high lines of code or cyclomatic complexity, as bugs often hide there.\n\nOutput Format:\nPresent the findings in a structured Markdown report. End with a \"Recommended Audit Focus\" list, prioritizing which controllers or modules I should review manually first.\n", "repos": [ "/workspace/projects/**censored**" ] }Ouput