Getting started with the CAST Imaging on Cloud MCP Server

Overview

These instructions explain how to configure GitHub Copilot to interact with CAST Imaging on Cloud’s dedicated MCP server, enabling you to quickly obtain AI-generated insights about your applications.

Prerequisites

An active CAST Imaging on Cloud subscription
Your personal API key (obtain from your CAST Imaging on Cloud dashboard):

Recommended LLMs

Multiple LLM providers are supported; however, not all models perform equally when it comes to tool invocation, reasoning, and response reliability. During internal testing, the Claude Haiku 4.5 and Claude Sonnet 4/4.5 models consistently delivered the best results, especially for a wide range of user queries, from simple to highly complex, with strong consistency and minimal hallucinations. Findings are listed below:

Provider	Recommended model	Notes
Claude (Anthropic)	Claude Haiku 4.5	Most reliable LLM for fast and accurate responses and tool calling and complex user queries. Excellent understanding of natural language, low hallucination rate, and cost effective model.
Claude (Anthropic)	Claude 4/4.5 Sonnet	Equally strong in tool calling and answering user queries (at par with Haiku 4.5), good for complex queries, but a bit less cost effective compared to Haiku 4.5.
ChatGPT (OpenAI)	GPT-5	Good overall at answering medium to complex user queries.
ChatGPT (OpenAI)	GPT-4.1, GPT-5 mini	Lesser token consumption compared to other high end models, decent for answering basic to medium level queries only.

Setup instructions for GitHub Copilot for Visual Studio Code

Refer to https://code.visualstudio.com/docs/copilot/customization/mcp-servers for more information.

Step 1 - Initial configuration

Install the GitHub Copilot extension (see https://marketplace.visualstudio.com/items?itemName=GitHub.copilot ) in Visual Studio Code.
Ensure you are signed in to GitHub and clone the repository you need to work with.
Create an mcp.json configuration file and place it in the .vscode/ folder for your Visual Studio Code workspace. The mcp.json must use the following template:

{
  "inputs": [
    {
      "id": "imaging-key",
      "type": "promptString",
      "description": "CAST Imaging on Cloud API Key"
    }
  ],
  "servers": {
    "CASTImaging": {
      "type": "http",
      "url": "https://castimaging.io/imaging/mcp/",
      "headers": {
        "x-api-key": "${input:imaging-key}"
      }
    }
  }
}

Step 2 - Verify the connection

When the mcp.json file is configured, you can verify the connection:

Launch Github Copilot
Enter your CAST Imaging API key when prompted
Run a test query, for example:

"List all of the apps available"

If configured correctly, your assistant should be able to access your CAST Imaging on Cloud account and respond with your project information, listing all the applications that are available to you.

Example queries

Use the following example queries for the fictional application “Shopizer” as inspiration for your own queries:

Basic application information

Show me all applications available in my Imaging environment.
Which application has the largest number of transactions?

Transaction analysis

Explain about the entire graph of #customer-create-link transaction present in the Shopizer App.

List all the transactions in Shopizer app with the name containing “customer”.

Add a post-it on the transaction named #customer-create-link in Shopizer with title as "MCP post-it" and description as "This is a post-it created by MCP server".

Data flow analysis

Explain about the entire graph of CATEGORIES_DESCRIPTION datagraph present in the Shopizer App.

List all the data call graphs in Shopizer app with the name containing "CATEGORIES".

Add a post-it on the data graph named CENTRAL_CREDIT_CARDS in Shopizer with title as "MCP post-it" and description as "This is a post-it created by MCP server".

Quality insights

List all the ISO-5055 quality insights in the object pageProductReviews in Shopizer app?

List the top 5 structural flaws by occurrence count in app Shopizer.

List some of the green deficiencies present in the app Shopizer app.

Architectural analysis

Provide the high-level architecture view of Shopizer app.

Explain the architecture Shopizer app at  User Interaction Level.

Available Toolsets

Portfolio tools - tools for overall portfolio exploration for cross-application analysis when users want to explore multiple applications, compare metrics across the entire portfolio, or discover available applications before diving into specific ones.
Application tools - tools for application-level exploration for analyzing a single application in depth, covering architecture, quality insights, transactions, data graphs, packages, dependencies, and overall application statistics and structure.
Object tools - Object level exploration for drilling down into specific code artifacts (classes, methods, tables, functions) within an application - examining their properties, relationships, callers/callees, usage in transactions, and associated quality insights. This includes the following tools:

Portfolio tools

all_applications - fetch all available applications.
my_applications - fetch applications belonging to the user only.
applications_transactions - retrieve transactions across all applications available in CAST Imaging with optional filtering.
applications_data_graphs - retrieve Data Call Graph views across all applications available in CAST Imaging with filtering.
applications_dependencies - analyse inter-application dependencies across the applications available showing incoming and outgoing relationships for each app.
applications_quality_insights - get quality insights across all applications in CAST Imaging with selective insight types:
- cve - security vulnerabilities
- cloud - cloud maturity patterns
- green - sustainability patterns
- structural-flaws - architectural issues
- iso-5055 - ISO quality violations
inter_applications_dependencies - analyze dependencies between applications showing inward (apps depending on this) and outward (apps this depends on) relationships.
inter_app_detailed_dependencies - get detailed dependency information between two specific applications showing exact interaction points.

Application tools

stats - get basic statistics for an application including size, complexity, and technology metrics.
architectural_graph - visualize application architecture (nodes/links) for an application at a specific abstraction levels (layer, component, sub-component, technology-category, element-type).
architectural_graph_focus - get architecture focused on specific components for an application, useful for exploring architecture around key areas.
quality_insights - retrieve quality issues and vulnerabilities including CVE, cloud patterns, green patterns, structural flaws, and ISO-5055 violations for an application.
quality_insight_violations - get detailed information about the occurrences (specific locations) for a particular quality related insight type and ID in an application. Returns quality patterns and violating objects and their details.
packages - list external packages, libraries or dependencies used by the application.
package_interactions - analyze interactions between different packages for an application to understand dependency relationships with it.
transactions - fetch transactions for an application with optional filtering capabilities by name or type of the transaction.
transaction_details - get comprehensive details about specific transactions with multiple focus options:
- complexity - list of complex objects in the flow graph of transaction.
- insights - list objects in the transaction flow with Quality insights
- nodes - list of all objects in the transaction graph
- links - list of all links/connections between objects in the transaction graph
- graph - full call graph of the transaction
- type_graph - graph results aggregated by object types
- complexity_graph - reduced version of a transaction graph to represent only most complex objects.
- documents - list documents like post-its attached to a transaction
- summary - fetch the AI-generated summary attached to the transaction (if available)
add_view_document - add document (i.e. post-its) to transactions or data graphs for knowledge capture.
data_graphs - fetch data call graph views for an application with optional filtering capabilities.
data_graph_details - get detailed information about specific data call graph flow with multiple focus options:
- complexity - list of complex objects in the flow graph of a data call graph.
- insights - list objects in the data call graph flow with Quality insights
- nodes - list of all objects in the data call graph.
- links - list of all links/connections between objects in the data call graph
- graph - full call graph for a data graph view.
- type_graph - graph results aggregated by object types.
- complexity_graph - reduced version of a data graph to represent only most complex objects.
- documents - list documents like post-its attached to a data call graph view.
- summary - fetch the AI-generated summary attached to the data call graph (if available)
advisors - list available code improvement advisors (recommendations) for the application.
advisor_occurrences - get occurrences of findings supporting selected advisor for an application.
application_database_explorer - explore database tables and columns in an application with three modes:
- List all tables
- Filter tables by name
- Get columns for specific table(s)
application_iso_5055_explorer - explore ISO 5055 software quality characteristics (Security, Reliability, Performance, Maintainability) and their associated weaknesses.

Object tools

objects - search and filter objects (classes, methods, tables, etc.) in an application. Supports filtering by name, type, and other properties.
object_details - get comprehensive details about specific objects with multiple focus options:
- intra - basic properties and child objects
- inward - incoming dependencies (callers)
- outward - outgoing dependencies (callees)
- testing - fetch related transactions and data graphs.
- code - source code snippets (when IMAGING_CODE=True in the app.config)
- insights - quality issues/insights for object
- documents - fetch attached documents i.e. post-its to an object (if available)
add_object_document - attach document (post-its) to an object for knowledge preservation or note taking.
source_files - find source files that define code objects, matching a specified file path pattern (contains filter).
source_file_details - get detailed dependency analysis for source files with multiple nature options:
- inventory - all defined code elements
- intra - internal dependencies within file
- inward - incoming dependencies to file
- outward - outgoing dependencies from file
- testing - elements requiring tests if file changes
transactions_using_object - identify all transactions that use a specific object based on a criteria.
data_graphs_involving_object - find all data call graphs involving specific objects based on criteria. Essential for understanding data dependencies.

Security best practices

Never share your API key with others or commit it to version control
Rotate your API keys regularly through the CAST Imaging on Cloud dashboard
Revoke unused keys to minimize security risks
Use separate keys for different applications or team members

Troubleshooting

Connection failure

Verify your API key is correct and active
Ensure your network allows connections to CAST Imaging on Cloud
Review your client’s logs for specific error messages

Slow response times

Check your internet connection
Verify the CAST Imaging on Cloud service status
Consider the size of datasets you’re querying