Context7 MCP

@Context7 search our codebase for all functions that handle user authentication and show me their signatures

Found 8 authentication-related functions across 4 files. Main handlers include `authenticateUser()` in auth/login.ts (takes email, password, returns JWT), `validateToken()` in middleware/auth.ts (validates JWT, attaches user to request), `refreshSession()` in auth/session.ts (extends token expiry), and `revokeAccess()` in auth/logout.ts (invalidates tokens). Two helper functions in utils/crypto.ts handle password hashing. All functions follow the same error-handling pattern with try-catch blocks returning standardized error objects.

This example shows semantic code search — finding functions by intent rather than exact naming. Effectiveness depends on your codebase being indexed with Context7. The MCP needs read access to your repository and may take time to index large codebases initially.

@Context7 explain how our payment processing flow works from checkout to confirmation, tracing through the relevant files

The payment flow starts in `pages/checkout.tsx` where the CheckoutForm component collects card details. On submit, it calls `processPayment()` in `services/stripe.ts`, which creates a PaymentIntent via Stripe's API. Success triggers `recordTransaction()` in `db/payments.ts` to log the payment in PostgreSQL, then `sendConfirmationEmail()` in `notifications/email.ts` dispatches a receipt. Finally, the order status updates in `db/orders.ts` via `markOrderPaid()`. Error handling at each step rolls back state and notifies the user through the CheckoutForm's error boundary.

This demonstrates cross-file reasoning about system behavior. The MCP traces execution paths through your codebase to explain workflows. Accuracy depends on code structure clarity — complex async patterns or dynamic imports may be harder to follow. Requires full repository access.

@Context7 find all TODO comments in our API routes and group them by priority based on the surrounding code context

Found 23 TODO comments in `/api` directory. **High priority (7)**: Authentication bypass in legacy endpoints, missing rate limiting on webhook handlers, unvalidated user input in search. **Medium priority (11)**: Pagination not implemented on list endpoints, error messages exposing stack traces, deprecated Stripe API calls. **Low priority (5)**: Code style inconsistencies, missing JSDoc comments, console.log statements left in production code. High-priority items appear in security-sensitive paths or public-facing endpoints.

This shows the MCP's ability to analyze code context around annotations, not just grep for strings. Priority inference is based on surrounding code patterns (auth, validation, error handling) but remains an AI judgment call — always verify critical findings manually before acting on them.

When Context7 helps junior engineers ramp faster

A 6-person startup brings on their first mid-level hire who needs to understand a 2-year-old Rails monolith. Context7 works here because it indexes the entire repo—controllers, models, tests—and surfaces relevant code when the new dev asks "where does user auth happen" or "how do we handle Stripe webhooks." The MCP requires an API key, so your admin sets it once and the whole team shares context. The win is speed: instead of grep-and-guess or bothering the senior engineer every 20 minutes, the new hire gets answers in-thread. The boundary: if your codebase is under 5k lines or extremely well-documented, a simple GitHub search might be enough. If you're onboarding more than one person per quarter, Context7 pays for itself in saved senior time.

When Context7 cuts cross-service debugging time

A 10-person SaaS team runs four microservices—auth, billing, notifications, core API—and a production bug spans two of them. The on-call engineer doesn't know which service owns the failing webhook. Context7 indexes all four repos and lets the engineer ask "where do we retry failed webhooks" without switching between codebases or Slack channels. The MCP surfaces the relevant handler in the notifications service and the retry logic in core. The trade-off: if your services are in separate GitHub orgs or you don't have cross-repo API access, setup gets messy. If your team already uses a unified monorepo or you're debugging across repos more than twice a week, Context7 is the right call. One API key, one workspace, faster incident resolution.

When Context7 helps support answer "can we do this"

A 4-person support team at a B2B tool gets a feature request: "Can your API return historical data for deleted users?" The support lead doesn't write code but needs to know if it's technically possible before escalating to engineering. Context7 lets them ask the question in plain English and get back the relevant API controller and data retention logic. The MCP doesn't write code—it just finds it—so non-technical teammates can verify capabilities without pinging the dev team. The boundary: if your support team never needs to reference implementation details, this is overkill. If you're fielding "is this possible" questions more than once a day and your engineers are tired of being interrupted, Context7 gives support the autonomy to answer first-pass technical questions themselves.