Tool Reference¶
Overwatch exposes 60+ MCP tools organized by function. Each tool uses Zod schemas for input validation and returns structured JSON.
Tool Overview¶
| Tool | Purpose | Read-only |
|---|---|---|
get_state |
Full engagement briefing from graph | Yes |
run_lab_preflight |
Aggregate lab-readiness checks | Yes |
run_graph_health |
Full graph integrity report | Yes |
recompute_objectives |
Re-evaluate objective achievement status | No |
get_history |
Full activity log | Yes |
export_graph |
Complete graph dump | Yes |
next_task |
Filtered frontier candidates for scoring | No |
validate_action |
Pre-execution sanity check | No |
log_action_event |
Record action lifecycle events | No |
report_finding |
Submit new nodes/edges to the graph | No |
get_evidence |
Retrieve full-fidelity evidence by ID or list stored evidence records | Yes |
parse_output |
Parse supported tool output into findings | No |
query_graph |
Open-ended graph exploration | Yes |
find_paths |
Shortest paths to objectives | Yes |
register_agent |
Dispatch a sub-agent task (TTL-leased) | No |
dispatch_agents |
Batch-dispatch agents from frontier | No |
get_agent_context |
Scoped subgraph for an agent | Yes |
update_agent |
Mark agent task complete/failed | No |
agent_heartbeat |
Sub-agent liveness ping (extends lease) | No |
dispatch_subnet_agents |
Dispatch one agent per scope CIDR for parallel enumeration | No |
dispatch_campaign_agents |
Dispatch agents for a campaign's grouped frontier items | No |
manage_campaign |
Create, monitor, pause, resume, or abort campaigns | No |
get_decision_log |
Per-decision timeline (frontier → completed) over the activity log | Yes |
explain_action |
"Why did the agent do X?" — full chain for an action_id | Yes |
get_timeline |
Per-node/edge "what was true at time T" view | Yes |
get_skill |
RAG search over skill library | Yes |
suggest_inference_rule |
Add a custom inference rule | No |
ingest_bloodhound |
Import BloodHound JSON collections | No |
check_tools |
Inspect installed offensive tooling | Yes |
track_process |
Register a long-running scan | No |
check_processes |
Inspect tracked process state | Yes |
correct_graph |
Transactional graph repair | No |
run_retrospective |
Post-engagement analysis | Yes |
open_session |
Create persistent interactive session (SSH, PTY, socket) | No |
write_session |
Write raw bytes to a session | No |
read_session |
Cursor-based read from session buffer | Yes |
send_to_session |
[Experimental] Write + wait + read | No |
list_sessions |
List sessions with metadata | Yes |
update_session |
Update capabilities, title, ownership | No |
resize_session |
Resize terminal dimensions | No |
signal_session |
Send signal to session process | No |
close_session |
Close and destroy a session | No |
update_scope |
Confirmation-gated runtime scope expansion/contraction | No |
get_system_prompt |
Generate dynamic agent instructions from engagement state | Yes |
generate_report |
Full pentest report with findings, narrative, evidence, remediation | Yes |
ingest_azurehound |
Import AzureHound / ROADtools JSON collections | No |
register_mock_service |
Register an operator-controlled decoy / listener / relay as a graph node | No |
Tool Categories¶
State & Health¶
Tools for understanding the current engagement state and verifying system health.
Scoring & Validation¶
The core action loop — get frontier items, validate proposed actions, log execution.
Findings & Parsing¶
How new information enters the graph — manual findings or deterministic parsing.
Graph Exploration¶
Direct graph access for creative analysis beyond the scored frontier.
Agents¶
Sub-agent lifecycle — register, scope, heartbeat, and track parallel work. Frontier leases (register_agent) prevent agent races; the watchdog reaps silent agents past their heartbeat_ttl_seconds.
Visibility & Introspection¶
"What did the agent do, and why?" — the decision log, explain_action for a single action's full chain, and get_timeline for per-node/edge "what was true at time T" queries. All read-only and derived from the activity log.
Skills & Inference¶
Methodology guidance and dynamic rule creation.
Ingestion¶
Bulk data import from external tools (BloodHound, AzureHound/ROADtools).
Utilities¶
System-level checks and process tracking.
Sessions¶
Persistent interactive sessions — SSH, local PTY, and TCP socket (reverse shell). Cursor-based I/O with ownership enforcement.
Reporting¶
Pentest report generation with per-finding detail, attack narrative, evidence chains, and HTML export.
Operator Infrastructure¶
First-class graph nodes for decoys, listeners, and relays the operator stands up — Responder, ntlmrelayx, fake LDAP, redirectors, reverse-shell catchers — so captured credentials, baited callers, and relay chains attribute back to the listener that caused them. See register_mock_service.
Analysis¶
Post-engagement retrospective and training data export.