From 5 Servers to 9
When CrowVault launched, it shipped with five MCP servers covering the core full-stack workflow: fullstack application scaffolding, database schema design, DevOps automation, API configuration, and AWS infrastructure. Those 183 tools handled the majority of the boilerplate that slows down backend and infrastructure work.
What they left uncovered was equally large. Writing tests, hardening authentication, building frontend components, and provisioning Google Cloud infrastructure all still required the same manual process — look up the pattern, find a template, adapt it to your project, repeat. These are not edge cases. They are daily tasks for every development team.
As of today, CrowVault offers 320 AI-powered developer tools across nine specialized MCP servers. Four new servers cover the gaps directly: Testing, Security, Frontend, and GCP. The AWS server has also been extended with three additional tools. Everything is available immediately on existing plans at no extra cost.
Testing MCP Server — 31 Tools
The testing server covers the full testing pyramid: unit, integration, end-to-end, and performance — plus the quality tooling that turns a test suite into a reliable signal.
Unit test generation supports Jest, Vitest, pytest, Go's testing package, and JUnit 5. Each tool takes a description of the code under test and returns a complete test file with setup, teardown, mocks, and edge cases. The output follows the conventions of the target framework — describe/it blocks for Jest, @Test annotations for JUnit, table-driven tests for Go.
Integration testing tools target the boundary between services. The generate_contract_tests tool produces Pact consumer and provider tests for API contracts. The generate_api_integration_tests tool generates supertest suites for Express routes with database fixtures included. Both are designed to run in CI without external dependencies.
End-to-end testing is covered by Playwright and Cypress generators. Provide a user flow — login, navigate to a page, submit a form, assert the result — and the tool returns a complete test file with selectors, assertions, and retry configuration. The Playwright output includes multi-browser configuration and screenshot-on-failure setup by default.
Performance testing uses k6 and Artillery. The generate_load_test tool produces a complete k6 script with ramp-up stages, thresholds, and scenario configuration. For teams measuring the impact of code changes on response time, this closes the loop between deploy and measurement.
Quality tools include mutation testing configuration (Stryker for JavaScript, mutmut for Python), coverage reporting with enforced thresholds, and CI pipeline generators that wire all of the above into a GitHub Actions or GitLab CI workflow.
Security MCP Server — 31 Tools
The security server addresses the full spectrum of application security: authentication, authorization, encryption, transport security, secrets management, and static analysis.
Authentication generation covers OAuth2 (authorization code flow with PKCE), SAML 2.0 service provider configuration, Passkeys (WebAuthn), and multi-factor authentication flows including TOTP and SMS fallback. Each tool produces implementation code, not just configuration — the OAuth2 tool returns a complete authorization server integration including token refresh, revocation, and introspection endpoints.
Authorization tools generate RBAC and ABAC policy schemas, Open Policy Agent (OPA) Rego policies, and middleware that enforces them at the route level. The generate_rbac_middleware tool takes a role hierarchy and returns Express middleware, FastAPI dependencies, or Go middleware depending on the target stack.
Encryption tools cover symmetric encryption (AES-256-GCM), TLS configuration for Nginx and Node.js, and field-level encryption for databases — useful when regulatory requirements demand that specific columns be encrypted at rest independently of the database's storage-level encryption. The output includes key rotation procedures.
Web security tools generate Content Security Policy headers, CORS configurations with environment-aware origin lists, and CSRF protection middleware. The CSP generator produces a policy tuned to the frameworks in use — a Next.js app with Google Fonts and Stripe has a meaningfully different CSP than a plain Express API.
Secrets management tools generate HashiCorp Vault policies and AppRole configurations, SOPS encryption rules for secret files in version control, and environment variable auditing scripts that flag secrets accidentally committed to source. The audit trail tools produce structured audit log schemas and query patterns for compliance reporting.
Frontend MCP Server — 36 Tools
The frontend server generates production-ready UI code across the major frameworks: React, Vue 3, Svelte 5, Angular 17, and Next.js 14. It covers components, forms, state management, styling, routing, testing, and performance.
Component generation follows the conventions of each framework. React components are typed with TypeScript interfaces, use forwardRef where appropriate, and include displayName for DevTools. Vue components use the Composition API with defineProps and defineEmits. Svelte components use runes. Angular components use standalone mode with signals. Each generator accepts a component description and returns a file you can drop into an existing project without modification.
Form tools generate complete form implementations for React Hook Form with Zod validation, Formik with Yup, and Vue's VeeValidate. The output includes the schema definition, field components, error display, submission handler, and loading state — the full working form, not just the scaffolding.
State management covers the major libraries: Zustand stores with slices and middleware, Redux Toolkit slices with async thunks, Pinia stores for Vue, and TanStack Query configurations with query keys, stale time settings, and optimistic update patterns. The tools are aware of common state shapes — authentication state, pagination, list with selection — and produce idiomatic implementations for each.
Styling tools generate Tailwind CSS component classes with design token integration, CSS custom property themes, and design token files in W3C Design Tokens format. The generate_design_tokens tool produces tokens that are consumable by Tailwind, Style Dictionary, or raw CSS — whichever pipeline the project uses.
Frontend testing tools generate React Testing Library test suites and Storybook stories. The RTL generator produces tests that follow the guiding principle of testing behavior over implementation — queries by role and label, not by class name. The Storybook generator produces *.stories.ts files with controls, accessibility checks, and interaction tests using @storybook/test.
Performance tools generate code splitting configurations, lazy loading wrappers, virtualized list implementations (TanStack Virtual), and bundle analysis scripts. The generate_lazy_route tool wraps route components in React.lazy with a typed Suspense boundary and an error boundary — the pattern that Next.js handles automatically but that Vite-based projects require manually.
GCP MCP Server — 41 Tools
The GCP server is the largest of the four new additions, with 41 tools covering compute, storage, networking, messaging, and CI/CD on Google Cloud Platform.
Compute tools generate Cloud Run service configurations (YAML and Terraform), GKE cluster definitions with Workload Identity and node pool autoscaling, and Cloud Functions gen2 with event trigger bindings. The Cloud Run generator includes memory and CPU limits, concurrency settings, VPC connector configuration, and Cloud Armor security policy attachment — the defaults that a raw gcloud run deploy leaves unconfigured.
Storage tools cover Firestore collection schemas with composite index definitions, Cloud SQL instance Terraform modules (PostgreSQL and MySQL) with private IP and Cloud SQL Auth Proxy IAM bindings, BigQuery dataset and table schemas with partitioning and clustering configuration, and Spanner instance and schema definitions. The BigQuery tool is aware of cost implications — it generates partitioned tables with partition expiration by default, which prevents runaway storage costs on high-volume data pipelines.
Networking tools generate HTTP(S) Load Balancer configurations with backend services, Cloud Armor WAF policies with preconfigured rule sets (OWASP top 10, rate-based banning), VPC firewall rules, and Shared VPC configurations for multi-project architectures. The Cloud Armor generator produces rule sets tuned to the application type — API traffic has different threat patterns than web application traffic.
Messaging and workflow tools generate Pub/Sub topic and subscription configurations with dead-letter topics and retry policies, Cloud Tasks queue definitions with rate limiting, and Workflows YAML definitions for multi-step serverless orchestration. The Pub/Sub generator includes push subscription configurations with OIDC authentication — the pattern for triggering Cloud Run services from events without an always-on worker.
CI/CD tools generate Cloud Build trigger configurations, cloudbuild.yaml pipelines with substitution variables and caching, and Cloud Deploy delivery pipeline definitions for staged rollouts to GKE and Cloud Run. The Cloud Deploy generator produces the full pipeline — delivery pipeline, target definitions, and a release promotion workflow — so teams can implement staged rollouts without learning the full GCP CI/CD surface area.
The generate_gcp_serverless_fullstack flagship tool generates a complete serverless application on GCP: Cloud Run backend, Firestore database, Cloud Storage for assets, Identity Platform for authentication, and Cloud CDN-backed bucket for the frontend. One API call, one complete production-ready stack in Terraform.
AWS Server Extended — 3 New Tools
The existing AWS MCP server has been extended with three tools that address common patterns not covered by the original 50.
The generate_step_functions_workflow tool generates AWS Step Functions state machine definitions in Amazon States Language. It accepts a workflow description — sequential steps, parallel branches, retry conditions, and error catchers — and returns a complete state machine definition with IAM execution role. The output includes X-Ray tracing and CloudWatch log group configuration.
The generate_eventbridge_patterns tool generates EventBridge event bus configurations, event pattern rules, and target bindings. It handles the common patterns: scheduled rules (cron), event routing from AWS services, and custom event buses for decoupled application architecture.
The generate_bedrock_integration tool generates integration code for Amazon Bedrock — model invocation, streaming responses, Knowledge Base retrieval, and Agents for Bedrock configuration. It supports the major foundation models available through Bedrock and produces integration code in Python (Boto3) or Node.js (AWS SDK v3).
How to Access the New Tools
All 320 tools are available through the same API surface. No plan changes, no new keys. If you have an existing CrowVault API key, the new tools are accessible immediately.
Tool discovery works the same way. A GET /v1/tools/list request returns all 320 tools with their input schemas. The new servers appear as testing-mcp, security-mcp, frontend-mcp, and gcp-mcp in the server field. If you are using the MCP endpoint at https://api.crowvault.ai/mcp, the tools are automatically aggregated — your MCP client sees all 320 tools in a single server configuration with no changes required.
The API documentation has been updated with the new server names, tool lists, and example requests. Each tool's input schema is documented with field descriptions and example values.
For Claude Code users, the MCP configuration has not changed:
{
"mcpServers": {
"crowvault": {
"type": "streamable-http",
"url": "https://api.crowvault.ai/mcp",
"headers": {
"Authorization": "Bearer YOUR_API_KEY"
}
}
}
}Claude Code will automatically discover the full set of 320 tools on its next tool listing request.
What Is Coming Next
A free tier is in progress. It will provide a fixed number of tool calls per month with no credit card required — enough to evaluate the platform and integrate it into a development workflow before committing to a paid plan.
The CrowVault CLI is being prepared for public release on npm. The CLI wraps the REST API with a local developer experience: crowvault tools call generate_unit_tests --args '{"framework":"vitest"}'. It supports batch operations, raw output mode for piping into files, and a watch mode for iterative generation.
RAG indexing is expanding. The Vertex AI Search corpus currently holds 258 technical documents used to augment tool output. We are adding framework-specific documentation — Playwright test patterns, Zod schema composition, OPA policy examples, GCP Terraform module conventions — to improve the accuracy and specificity of generated output for the new servers.
If you have not tried CrowVault yet, sign up for a Developer plan and start generating. The first tool call takes about thirty seconds to set up.