
DeepADB
ā 11from fullread
The deepest Android Debug Bridge MCP server ā 147 tools from UI to baseband.
DeepADB
MCP (Model Context Protocol) server providing full Android Debug Bridge (ADB) integration for AI agents. Enables MCP clients to directly interact with connected Android devices ā inspecting state, running commands, managing apps, capturing logs, controlling device settings, analyzing UI hierarchies, recording screens, managing emulators, running structured test sessions, orchestrating multi-device operations, capturing network traffic, running CI pipelines, auditing accessibility, detecting performance regressions, executing cloud device farm tests, debugging over WiFi, building projects, and managing community plugins.
204 tools, 5 resources, and 4 prompts across 45 modules ā the most comprehensive ADB MCP server available, with triple transport (stdio + HTTP/SSE + WebSocket), optional GraphQL API, defense-in-depth security, modem firmware analysis, workflow marketplace, AT command interface with multi-chipset support, RIL message interception, device profiling, baseband/modem integration, automated test generation, OTA update monitoring, SELinux auditing, thermal/power profiling, network device discovery, visual regression detection, workflow orchestration, accessibility auditing, and contextual truncation.
Architecture
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā MCP Client ā
ā (Claude Code / claude.ai) ā
āāāāāāāāāāāāāāāāāāāāāāāā¬āāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā stdio (JSON-RPC) or HTTP/SSE or WebSocket
āāāāāāāāāāāāāāāāāāāāāāāā¼āāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā DeepADB Server ā
ā ā
ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā
ā ā Tool Modules (45) ā ā
ā ā device ā shell ā packages ā files ā logs ā ā
ā ā diagnostics ā ui ā build ā health ā ā
ā ā wireless ā control ā logcat-watch ā ā
ā ā forwarding ā screen-record ā emulator ā ā
ā ā testing ā multi-device ā snapshot ā ā
ā ā network-capture ā ci ā plugins ā baseband ā ā
ā ā accessibility ā regression ā ā
ā ā device-farm ā registry ā at-commands ā ā
ā ā screenshot-diff ā workflow ā sensors ā ā
ā ā split-apk ā mirroring ā test-gen ā ā
ā ā ota-monitor ā ril-intercept ā ā
ā ā device-profiles ā firmware-analysis ā ā
ā ā workflow-market ā selinux-audit ā ā
ā ā thermal-power ā network-discovery ā ā
ā ā input-gestures ā wireless-firmware ā ā
ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā⤠ā
ā ā Resources (5) ā Prompts (4) ā ā
ā āāāāāāāāāāāāāāāāāāāāā¬āāāāāāāāāāāāāāāāāāāāāāāāāā ā
ā ā ā
ā āāāāāāāāāāāāāāāāāāāāā¼āāāāāāāāāāāāāāāāāāāāāāāāāā ā
ā ā ToolContext (unified DI) ā ā
ā ā server ā bridge ā deviceManager ā ā
ā ā logger ā security ā config ā ā
ā āāāāāāāāāāāāāāāāāāāāā¬āāāāāāāāāāāāāāāāāāāāāāāāāā ā
ā ā ā
ā āāāāāāāāāāāāāāāāāāāāā¼āāāāāāāāāāāāāāāāāāāāāāāāāā ā
ā ā Middleware Layer ā ā
ā ā OutputProcessor ā SecurityMiddleware ā ā
ā ā InputSanitizer ā Logger (stderr-safe) ā ā
ā āāāāāāāāāāāāāāāāāāāāā¬āāāāāāāāāāāāāāāāāāāāāāāāāā ā
ā ā ā
ā āāāāāāāāāāāāāāāāāāāāā¼āāāāāāāāāāāāāāāāāāāāāāāāāā ā
ā ā Bridge Layer (auto-detect) ā ā
ā ā ā ā
ā ā āāāāāāāāāāāāāāā āāāāāāāāāāāāāāāāāāāāāā ā ā
ā ā ā ADB Bridge ā OR ā Local Bridge ā ā ā
ā ā ā (PC mode) ā ā (on-device mode) ā ā ā
ā ā ā via adb.exe ā ā via sh/su direct ā ā ā
ā ā āāāāāāāā¬āāāāāāāā āāāāāāāāāā¬āāāāāāāāāāāā ā ā
ā ā ā ā ā ā
ā ā Retry ā Timeout ā Cache ā Serial routing ā ā
ā āāāāāāāāāāā¼āāāāāāāāāāāāāāāāāāāāāā¼āāāāāāāāāāāāāā ā
āāāāāāāāāāāāāā¼āāāāāāāāāāāāāāāāāāāāāā¼āāāāāāāāāāāāāāāā
ā ā
āāāāāāāāā¼āāāāāāāā āāāāāāāāā¼āāāāāāāā
ā ADB Binary ā ā sh / su ā
ā (USB/WiFi) ā ā (local) ā
āāāāāāāāā¬āāāāāāāā āāāāāāāāā¬āāāāāāāā
ā ā
āāāāāāā¼āāāāāāāāāāāāāāāāāāāāā¼āāāāāā
ā Android Device ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāDual-Mode Architecture
DeepADB operates in two modes, auto-detected at startup:
ADB Mode (default) ā PC-side bridge
AI Agent (PC) āā MCP āā DeepADB (PC) āā ADB (USB) āā Android DeviceStandard mode: DeepADB runs on a PC/Mac/Linux host and communicates with the device over USB via ADB. All 204 tools work through the ADB bridge with automatic retry on transient failures.
On-Device Mode ā direct local execution
AI Agent (Termux) āā MCP (stdio/HTTP) āā DeepADB (Termux) āā sh/su (local)When DeepADB runs directly on the Android device (e.g., inside Termux), it auto-detects the environment and switches to LocalBridge. Commands execute directly via sh/su ā no ADB server, no USB, no serialization overhead. All 204 tools work identically, with significantly lower latency.
Validated on hardware (Pixel 6a, Android 16, Termux + Magisk + QEMU 10.2.1) across a four-cell test matrix ā host (ADB) and on-device (LocalBridge), each with and without a device PIN ā with 0 failures in every cell. The full suite is 577 tests in the host/ADB configuration and 613 on-device; the difference is the QEMU virtualization and Alpine VM-boot suites, which run only on-device:
- ADB mode, no PIN: 556 passed / 0 failed / 21 skipped (577 total). Skips: 5 QEMU (on-device only), 7 gracefulKill unit tests (require POSIX signals, skipped on the Windows host), 3 tcpdump sanitization (tcpdump is root-only and unreachable over a non-root ADB shell), 2 host-shell round-trips (require a POSIX /bin/sh), 4 screen-state (require DA_TEST_PIN).
- ADB mode, with PIN: 560 passed / 0 failed / 17 skipped (577 total). The 4 screen-state tests unlock and run.
- On-device mode, no PIN: 606 passed / 0 failed / 7 skipped (613 total). All QEMU tests run, including Alpine Linux VM boot with KVM acceleration, big.LITTLE CPU topology detection, guest ADB connectivity error handling, and clean VM shutdown; the tcpdump and gracefulKill suites also run here (root + POSIX). Skips: 3 QEMU setup steps that no-op when the Alpine kernel/initrd/disk are already cached, 4 screen-state (require PIN).
- On-device mode, with PIN: 610 passed / 0 failed / 3 skipped (613 total). Every test enabled by the environment runs; the 3 skips are the cached-VM setup steps.
Privilege escalation: In ADB mode, all shell commands run as uid=2000 (the shell user) which has system-level permissions. In Termux, commands run as a regular app user. LocalBridge automatically elevates privileged commands through su when root (Magisk) is available:
- Command allowlist: 16 system commands (
settings,dumpsys,am,input,screencap,screenrecord,uiautomator,app_process,getenforce,setenforce,cmd,pm,wm,svc,ip,ifconfig) are routed throughsu -cto match ADB-mode behavior. - Path-based elevation: Commands referencing
/sdcard,/storage, or/system/paths are elevated to bypass Android scoped storage restrictions. - Root detection: Cached after a single
su -c idprobe at first use. Graceful degradation when root is unavailable. - The elevation allowlist is frozen (
ReadonlySet+Object.freeze) ā not configurable via environment variables or runtime API.
Auto-detection: Checks for /system/build.prop (present on all Android devices, never on hosts). Override with DA_LOCAL=true or DA_LOCAL=false.
On-device setup (Termux):
pkg install nodejs-lts git
git clone <deepadb-repo> && cd deepadb
npm install && npm run build
npm start # stdio ā for local AI agents (Claude Code, OpenCode)
DA_HTTP_PORT=3000 npm start # HTTP/SSE ā for remote AI access over WiFiAvailable Tools (204)
Health (1 tool)
adb_health_checkā Comprehensive toolchain validation: ADB binary, server, device connection, authorization, root access, and storage writability
Device (3 tools)
adb_devicesā List all connected devices with state, model, and product infoadb_device_infoā Detailed device properties (model, OS, SDK, build, security patch, ABI)adb_getpropā Read a specific system property or dump all properties
Shell (2 tools)
adb_shellā Execute arbitrary shell commands with configurable timeout (security-checked)adb_root_shellā Execute commands as root via su (requires rooted device, security-checked)
Packages (12 tools)
adb_installā Install APK with replace/downgrade optionsadb_uninstallā Remove package with optional data retentionadb_list_packagesā List packages filtered by name or type (all/system/third-party)adb_package_infoā Detailed package info (version, permissions, paths)adb_clear_dataā Clear all app data and cacheadb_grant_permissionā Grant a runtime permission to a packageadb_revoke_permissionā Revoke a runtime permission from a package (reset permission state for testing denial flows)adb_list_permissionsā List all declared and granted permissions for a package, filterable by granted/deniedadb_force_stopā Force-stop an app immediatelyadb_start_appā Launch an app by package name (resolves launcher activity)adb_restart_appā Force-stop then re-launch in one call (configurable delay)adb_resolve_intentsā Discover registered activities, services, and receivers with intent filters
Files (18 tools)
adb_pushā Push local file to device (hard-blocked kernel paths, fs-type awareness, storage reporting)adb_pullā Pull file from device to local filesystemadb_lsā List device directory contents (simple or detailed)adb_catā Read text file from device with optional line limitadb_file_writeā Create or overwrite text files via heredoc (buffer limit warning, fs-aware, post-verify)adb_findā Search for files by name/pattern with depth control and result cappingadb_file_statā File metadata: size, permissions, timestamps, ownership, SELinux contextadb_file_checksumā SHA-256/SHA-1/MD5 hash with size-based timeout estimationadb_mkdirā Create directories with parent creation (-p), hard-blocked kernel pathsadb_rmā Delete files/directories with depth-based recursive protection and symlink resolutionadb_file_moveā Move/rename with source depth protection and post-verifyadb_file_copyā Copy with pre-flight size+space check and post-verify size matchadb_file_chmodā Change permissions (Zod-validated octal mode, depth-based recursive protection)adb_file_touchā Create empty files or update timestamps (explicit timestamp support)adb_file_fsinfoā Filesystem report: type, mount, capacity, capabilities, SELinux, limitationsadb_file_chownā Change ownership (root required, depth-based recursive protection)adb_grepā Search file contents with fixed-string default, recursive depth control, result cappingadb_file_replaceā Find/replace text in files (sed-backed, proper escaping, backup option)
Logs ā Snapshots (3 tools)
adb_logcatā Filtered logcat snapshot with tag, priority, grep, and buffer selectionadb_logcat_clearā Clear all logcat buffersadb_logcat_crashā Crash buffer log snapshot
Logs ā Persistent Watchers (4 tools)
adb_logcat_startā Start a background logcat watcher with ring buffer accumulationadb_logcat_pollā Retrieve new lines since last poll from a running watcheradb_logcat_stopā Stop a watcher session (or all sessions)adb_logcat_sessionsā List all active watcher sessions with stats
Diagnostics (9 tools)
adb_dumpsysā Run dumpsys for any service (or list all services)adb_telephonyā Cell info, signal strength, and network registration (parallel query)adb_batteryā Battery status, level, temperature, and charging infoadb_networkā WiFi, cellular, and IP connectivity (parallel query)adb_topā CPU and memory usage snapshotadb_perf_snapshotā Parallel memory, frame stats, and CPU profiling for a packageadb_bugreportā Full bug report zip capture (device state, logs, system info)adb_crash_logsā ANR traces and tombstone crash dumps from /data/anr/ and /data/tombstones/adb_heap_dumpā Capture heap dump (.hprof) from a running process for memory analysis
UI (10 tools)
adb_screencapā Take screenshot with filename sanitization, saves locallyadb_screencap_annotatedā Screenshot with UI element bounding boxes and numbered labels composited onto the PNG. Returns annotated image path plus a text legend. Ideal for LLM workflows that reference elements by numberadb_current_activityā Get focused activity and top window stackadb_inputā Send tap, swipe, text, or keyevent inputadb_start_activityā Launch activities by intent or component nameadb_ui_dumpā Dump full UI hierarchy. Supports three output formats:text(default, human-readable),tsv(compact tab-separated for token-efficient automation loops),xml(raw uiautomator XML)adb_ui_findā Search UI hierarchy by text, resource-id, or content-description (returns tap coordinates)adb_screen_stateā Combined screen state in one call: foreground activity, screen dimensions and density, orientation, battery level, and a TSV list of interactive elements. Replaces 3ā4 separate tool callsadb_screenrecord_startā Start recording the device screen (1-180s, stored on device)adb_screenrecord_stopā Stop recording and pull the mp4 video file locally
Device Control (9 tools)
adb_airplane_modeā Toggle airplane mode with broadcast and verificationadb_airplane_cycleā Cycle airplane mode on/off to force cellular re-registrationadb_wifiā Enable or disable WiFiadb_mobile_dataā Enable or disable mobile dataadb_locationā Set location mode (off/sensors/battery/high)adb_screenā Wake, sleep, toggle, lock, or unlock the screen. Lock verifies keyguard state viadumpsys window. Unlock useswm dismiss-keyguard(works for swipe keyguards); supplypinto perform the full PIN entry sequence: wakes screen, swipes up to reveal keypad, types PIN, confirms, and verifies the keyguard sleep token was releasedadb_settings_getā Read any Android setting from system/secure/global namespaceadb_settings_putā Write any Android setting with read-back verificationadb_rebootā Reboot device (normal, recovery, or bootloader mode)
Wireless Debugging (4 tools)
adb_pairā Pair with device over WiFi using pairing codeadb_connectā Connect to device over WiFi/TCPadb_disconnectā Disconnect wireless device(s)adb_tcpipā Switch USB device to TCP/IP mode (auto-detects device IP)
Port Forwarding (8 tools)
adb_forwardā Forward a local port to a device port (host ā device)adb_reverseā Reverse-forward a device port to the host (device ā host)adb_forward_listā List all active forward and reverse port mappingsadb_forward_removeā Remove a port forward or all forwardsadb_reverse_removeā Remove a reverse forward or all reverse forwardsadb_tunnel_openā Open a managed tunnel with opaque ID. Auto-picks a free host port for forward direction when omitted; registers cleanup so the tunnel is removed on server exitadb_tunnel_listā List active managed tunnels (those opened via adb_tunnel_open). Optional device filter; shows ID, direction, endpoints, and ageadb_tunnel_closeā Close a managed tunnel by ID, or close all at once with id="all"
Emulator Management (3 tools)
adb_avd_listā List available AVDs (PC mode) or detect KVM/QEMU virtualization capabilities (on-device mode)adb_emulator_startā Launch an AVD with headless, cold boot, and GPU options (PC mode) or report QEMU alternative (on-device mode)adb_emulator_stopā Gracefully shut down a running emulator
QEMU/KVM Virtualization (8 tools)
adb_qemu_setupā Check and install QEMU for on-device virtualization. Verifies KVM, reports host CPU/RAM, installs via Termux pkgadb_qemu_imagesā Manage VM disk images: list, create (qcow2/raw), delete. Path containment verification prevents traversaladb_qemu_startā Boot a KVM-accelerated VM with dynamic resource allocation. Auto-detects optimal CPUs (total minus 1, reserving one for host) and memory (65% of physical RAM). Supports kernel/initrd/append for Android boot, ADB port forwardingadb_qemu_stopā Stop a running VM (graceful SIGTERM or force SIGKILL). Auto-disconnects guest ADB before killing. Reports running VMs if no name givenadb_qemu_statusā Full status: KVM/QEMU availability, host resource budget, running VMs with PID/resources/uptime/ports/ADB connection state, image inventoryadb_qemu_connectā Connect to a running VM's guest ADB service. Restricted to localhost only ā port derived from running VM state, never user input. Enables multi-device tools to operate on guest VMsadb_qemu_disconnectā Disconnect from a guest VM's ADB service. Clears connection state and removes guest from device listadb_qemu_guest_shellā Execute shell commands on a guest VM via ADB. Subject to security middleware. Guest serial derived internally ā no user-supplied host/IP reaches the ADB binary
Test Sessions (3 tools)
adb_test_session_startā Start a named test session with organized output directoryadb_test_stepā Capture a numbered step with screenshot and logcat into the sessionadb_test_session_endā End session, write summary manifest, return directory path
Multi-Device Orchestration (4 tools)
adb_multi_shellā Execute a command on all/selected devices in parallel (security-checked)adb_multi_installā Install an APK across multiple devices simultaneouslyadb_multi_compareā Run a command on all devices and highlight output differencesadb_multi_testā Comparative test workflow: run predefined diagnostic profiles (firmware/security/network/identity/full) or custom command lists across all devices including QEMU guests, compare per-check, report matches and differences
Input Gestures & UI Automation (15 tools)
adb_input_dragā Drag from point A to point B (usesdraganddropwith swipe fallback for older Android)adb_input_flingā High-velocity fling gesture for momentum-scrolling through lists and paged views (configurable duration 20-200ms)adb_input_long_pressā Long press at coordinates with configurable hold durationadb_input_double_tapā Double tap with configurable interval between tapsadb_input_textā Dedicated text input with space/special character handlingadb_open_urlā Open a URL on the device via VIEW intentadb_orientationā Get or set screen orientation (auto/portrait/landscape/reverse)adb_clipboardā Read or write device clipboardadb_input_pinchā Multi-touch pinch (zoom out) or spread (zoom in) gesture. Two fingers move symmetrically around a center point. Layered injection: parallelinput swipe(universal, no root) or rawsendeventMT Type B protocol (true multi-touch, root required). Auto-detects touchscreen device and capabilities viagetevent -p. Configurable center, radius, duration, angle, and interpolation stepsadb_tap_elementā Find element by text/resource-id/content-description and tap its centeradb_wait_elementā Poll UI hierarchy until an element appears or disappears (configurable timeout/poll interval)adb_wait_stableā Poll until consecutive UI dumps match (screen stabilization after transitions)adb_scroll_untilā Scroll repeatedly until a target element is found, with optional auto-tapadb_screenshot_compressedā Capture screenshot with size/quality metadata for token-efficient workflowsadb_batch_actionsā Execute multiple input actions (tap/swipe/fling/long_press/double_tap/keyevent/text/drag/pinch/back/home/sleep) in a single tool call with security validation
Device Awareness (3 tools)
adb_screen_sizeā Screen resolution, display density (DPI), aspect ratio, and DP width in one calladb_device_stateā Combined snapshot: battery level/status/temp, network type, WiFi state, screen on/off, orientation, foreground activityadb_notificationsā Parse active notifications with package, title, text, importance, channel, flags, and timestamp (filterable by package)
Snapshot/Restore (3 tools)
adb_snapshot_captureā Save comprehensive device state (packages, settings, properties) to JSONadb_snapshot_compareā Diff current state against a saved snapshot (added/removed packages, changed settings)adb_snapshot_restore_settingsā Restore global/secure settings from a saved snapshot
Network Capture (3 tools)
adb_tcpdump_startā Start background packet capture via tcpdump (requires root)adb_tcpdump_stopā Stop capture and pull pcap file locally for Wireshark analysisadb_network_connectionsā Show active TCP/UDP connections (ss/netstat with /proc/net fallback)
CI/CD Integration (3 tools)
adb_ci_wait_bootā Wait for device/emulator to fully boot with configurable timeoutadb_ci_device_readyā Structured pass/fail readiness check (boot, PM, screen, network, disk)adb_ci_run_testsā Run instrumented tests viaam instrumentwith parsed pass/fail results
Baseband/Modem (6 tools)
adb_baseband_infoā Modem firmware, RIL implementation, chipset, SIM configuration (dual SIM detection with per-slot state), network registration. IMEI retrieval is opt-in only (includeImei=true)adb_cell_identityā Cell ID (CID), TAC/LAC, EARFCN, PCI, PLMN from dumpsys phone for cellular network analysisadb_signal_detailā RSRP, RSRQ, SINR, RSSI, timing advance ā raw radio measurements for signal analysisadb_neighboring_cellsā All visible LTE/5G/WCDMA/GSM cells with identities and signal strengthsadb_carrier_configā Carrier configuration dump, carrier ID, preferred APNadb_modem_logsā RIL radio buffer, telephony framework, RILJ/RILC, kernel dmesg (root) modem logs
Accessibility Auditing (3 tools)
adb_a11y_auditā Automated WCAG audit: missing labels, undersized touch targets (<48dp), duplicate descriptions, unfocusable clickablesadb_a11y_touch_targetsā List all interactive elements with touch target dimensions in dp, flag undersizedadb_a11y_treeā Accessibility-focused UI tree showing only screen-reader-relevant elements with roles, labels, and states
Regression Detection (3 tools)
adb_regression_baselineā Capture performance baseline (memory, CPU, frame stats, battery, network) to JSONadb_regression_checkā Compare current performance against a saved baseline with configurable regression thresholdsadb_regression_historyā List all saved baselines with trends, optionally filtered by package
Device Farm (3 tools)
adb_farm_runā Run instrumented tests on Firebase Test Lab across multiple device models and API levelsadb_farm_resultsā Retrieve results from a Test Lab run or list recent test matricesadb_farm_matrixā List available device models and Android versions on Firebase Test Lab
Plugin Registry (3 tools)
adb_registry_searchā Search the community plugin registry, shows install status and available updatesadb_registry_installā Download and install a plugin from the registry by nameadb_registry_installedā List locally installed plugins with version and update availability
Plugins (2 tools)
adb_plugin_listā List all loaded plugins with paths and load timesadb_plugin_infoā Plugin system documentation and example plugin format
Build (2 tools)
adb_gradleā Run any Gradle task in a project directoryadb_build_and_installā Build debug APK and install via ANDROID_SERIAL targeting
AT Commands (5 tools)
adb_at_detectā Auto-detect modem AT command device node by chipset family (Shannon, Qualcomm, MediaTek, Unisoc, generic). Probes known paths and returns the first responding nodeadb_at_sendā Send a single AT command to the modem with response capture. Auto-detects port or accepts manual override. Dangerous command blocklist with force overrideadb_at_batchā Send multiple AT commands sequentially with per-command results. Configurable inter-command delayadb_at_probeā Run a standard diagnostic probe: modem ID, signal quality, network registration, SIM status, operator, functionality modeadb_at_cross_validateā Cross-validate baseband firmware by comparing AT command responses (ATI, AT+CGMR, AT+CGMM) against system properties. Flags discrepancies as potential firmware tampering, incomplete OTA, or property spoofing. Shannon-specific AT+DEVCONINFO support. Requires root
Screenshot Diffing (3 tools)
adb_screenshot_baselineā Capture and save a named screenshot baseline with metadata (dimensions, SHA-256, timestamp)adb_screenshot_diffā Compare current screen against a saved baseline using pixel-level PNG decoding. Reports changed pixel count/percentage, bounding box of changed region, and supports a tolerance threshold for absorbing dynamic elements like clocksadb_screenshot_historyā List all saved screenshot baselines with metadata
Workflow Orchestration (3 tools)
adb_workflow_runā Execute a JSON-defined workflow: sequential device operations with variable substitution, conditional steps, loops, and result capture. Actions: shell, root_shell, install, screenshot, logcat, getprop, sleepadb_workflow_validateā Validate workflow structure without executing. Shows execution planadb_workflow_listā List saved workflow files in the workflows directory
Split APK Management (4 tools)
adb_install_bundleā Install split APKs (app bundles) viainstall-multiplewith replace and downgrade optionsadb_list_splitsā Show all APK split paths for a package with classification (base, config.density, config.language, etc.) and total sizeadb_extract_apksā Pull all splits for a package to a local directory for analysis or backupadb_apex_listā List installed APEX modules with version info
Device Mirroring (3 tools)
adb_mirror_startā Start live screen mirroring via scrcpy. Supports windowed and headless modes, recording, bitrate/FPS/resolution control, stay-awake, and screen-offadb_mirror_stopā Stop mirroring for a device or all devicesadb_mirror_statusā Check scrcpy availability and list active mirroring sessions
Automated Test Generation (3 tools)
adb_test_gen_from_uiā Analyze the current screen's interactive elements and generate a workflow that taps each one, screenshots, and checks for crashesadb_test_gen_from_intentsā Analyze a package's registered activities and generate a workflow that launches each exported activity with crash detectionadb_test_gen_saveā Save a generated workflow JSON to the workflows directory for later execution
OTA Update Monitoring (3 tools)
adb_ota_fingerprintā Capture system fingerprint: build ID, Android version, security patch, bootloader, baseband firmware, kernel, A/B slotadb_ota_checkā Compare current system state against a saved fingerprint to detect OTA updates. Identifies changed fields and recommends re-baseliningadb_ota_historyā List all saved fingerprints for a device with version progression over time
RIL Message Interception (3 tools)
adb_ril_startā Start capturing RIL messages from the radio logcat buffer. Categorizes registration, cell info, signal, network, security, handover, and NAS eventsadb_ril_pollā Retrieve captured RIL messages with optional category filtering. Shows category distributionadb_ril_stopā Stop a RIL capture session with category summary
Device Profiles (3 tools)
adb_profile_detectā Auto-detect and build a device profile: hardware ID, chipset family, modem nodes, root status, 5G support, dual SIM configuration. Matches against built-in library for known quirksadb_profile_saveā Save a device profile to the profiles libraryadb_profile_listā List built-in and user-saved device profiles
Modem Firmware Analysis (3 tools)
adb_firmware_probeā Comprehensive firmware identification: parses baseband (Shannon/Qualcomm/MediaTek/Unisoc/HiSilicon/Intel), bootloader, and RIL implementation into structured components. Reports kernel, security patch, A/B slot, verified boot state, VBMeta, hypervisor, and OTA partition inventoryadb_firmware_diffā Compare all firmware components (baseband, bootloader, kernel, security patch, build ID, Android version, RIL) between saved fingerprints or live device. Deep parsed diffs for baseband and bootloader when changes detectedadb_firmware_historyā Track firmware progression across all saved OTA fingerprints with multi-component change detection (baseband, bootloader, kernel, security patch, build ID, Android version) and parsed baseband diffs
Wireless Firmware (4 tools)
adb_wifi_firmwareā WiFi chipset and firmware identification: driver version, firmware version, supported bands (2.4/5/6 GHz), WiFi standard detection (5/6/6E/7), current connection info. MAC address opt-in onlyadb_bluetooth_firmwareā Bluetooth firmware and chipset identification: firmware version, BT version (4.0ā5.4 from LMP), adapter state, LE capabilities (2M PHY, Coded PHY, extended advertising), active profiles (A2DP/HFP/HID/LE Audio), bonded device count. MAC/name opt-in onlyadb_nfc_firmwareā NFC controller firmware: controller type (NXP/Broadcom/Samsung/ST), firmware version, supported technologies (NFC-A/B/F/V, MIFARE), secure element (eSE/UICC), HCE supportadb_gps_firmwareā GNSS/GPS chipset and firmware identification: hardware model (manufacturer, chip, firmware), supported constellations (GPS/GLONASS/Galileo/BeiDou/QZSS/NavIC/SBAS), signal types with frequencies, dual-frequency (L1+L5) detection, raw GNSS measurement capabilities, A-GPS modes (MSB/MSA), SUPL server configuration, carrier phase measurements
Workflow Marketplace (3 tools)
adb_market_searchā Search the workflow marketplace for community-shared workflow definitions with keyword and tag filtering. Shows install statusadb_market_installā Download, validate (JSON structure + SHA-256 integrity), and install a marketplace workflow for immediate use with adb_workflow_runadb_market_exportā Package a local workflow with marketplace metadata (author, version, tags, SHA-256) and generate a registry manifest entry for sharing
SELinux & Permission Auditing (3 tools)
adb_selinux_statusā SELinux enforcement mode, policy version, shell context, recent AVC denial count. Root provides kernel dmesg denial statsadb_selinux_denialsā List recent AVC denial messages with parsed source/target contexts, permission classes, and denied operations. Supports process filteringadb_permission_auditā Audit runtime permission grants for a package grouped by dangerous permission category (Camera, Location, Phone, SMS, etc.). Flags high-sensitivity grants
Thermal & Power Profiling (3 tools)
adb_thermal_snapshotā Capture all thermal zone temperatures, per-CPU frequencies/governors, cooling device states, battery temperature/current/voltage/power draw. Optional save as JSON baselineadb_thermal_compareā Compare current thermal state against a saved baseline with per-zone temperature deltas and battery current changesadb_battery_drainā Measure battery drain rate over a configurable duration (3-60s). Reports average mA, mW, estimated %/hour. Optional package-specific batterystats
Network Discovery (3 tools)
adb_network_scanā Scan the local network for ADB-enabled devices via ARP table and optional IP range sweep. Probes ports 5555-5558 with batched parallel TCP probesadb_network_device_ipā Get the WiFi IP of a connected device via multiple methods. Shows ADB TCP status and wireless connection instructionsadb_network_auto_connectā One-step discover + connect: scans for ADB devices and automatically runs adb connect on each found listener
Hardware Sensor Access (2 tools)
adb_sensor_readā Read current hardware sensor values via dumpsys sensorservice. Enumerates all sensors with vendor, type, mode, rate range, and wake capability. Returns last-known readings with timestamps and axis-labeled formatting. Category filter (13 categories) and listOnly discovery mode. No root requiredadb_iio_readā Read raw hardware data from the Linux IIO subsystem. Auto-discovers IIO devices, classifies by kernel driver. On Tensor/Exynos: exposes per-rail ODPM power monitors showing real-time power consumption per SoC subsystem. Generic IIO path handles raw channels with calibrated scale+offset. Root required
Result Handles (3 tools)
adb_result_listā List active result handles in the tempdir-backed cache. Shows tool, name, size, age, and remaining TTL for each handleadb_result_getā Retrieve the content of a stored handle by tool + name. Returns the original content blocks as the source tool produced them; updates last-accessed time. For URI-based retrieval, use theresult://{tool}/{name}MCP Resource insteadadb_result_dropā Delete a stored result handle, or clear all handles in the current namespace. Pass bothtoolandnameto drop one specific handle, orall: trueto drop everything. Useful before changing DA_AUTH_TOKEN (which would otherwise leave orphans under the old token-hash directory)
MCP Resources (5)
Read-only device state surfaces accessible by MCP clients:
device://listā List of all connected devices with state and model infodevice://info/{serial}ā Device properties (model, OS, build, ABI)device://battery/{serial}ā Parsed battery status (level, charging, temperature, voltage)device://telephony/{serial}ā Telephony registry state for cellular analysisresult://{tool}/{name}ā Stored tool result handle. Resolve by URI; created by tools that opt into result-handle storage via theresult_handleparameter. Listed by adb_result_list
MCP Prompts (4)
Pre-built workflow templates for common multi-step debugging tasks:
debug-crashā Clear logcat ā restart app ā wait for reproduction ā capture crash buffer ā analyzedeploy-and-testā Build ā install ā clear logcat ā start watcher ā launch ā screenshot ā reporttelephony-snapshotā Capture telephony state, SIM/network operator, network type ā summarize anomaliesairplane-cycle-testā Start watcher ā baseline telephony ā cycle airplane mode ā compare pre/post state
Key Features
Device Caching
Device discovery results are cached with a configurable TTL (default 5s), eliminating redundant adb devices subprocess calls during rapid tool sequences. Cache auto-invalidates on connection errors and after wireless connect/disconnect/pair operations.
Transient Failure Retry
The ADB bridge automatically retries on transient failures (device offline, connection reset, protocol fault) with configurable retry count and exponential backoff. Diagnostic commands skip retries to surface real issues immediately.
Output Protection
All ADB output passes through the OutputProcessor which normalizes line endings, enforces configurable character limits, and provides contextual truncation at logical boundaries (line breaks, section separators) rather than cutting mid-line. Includes structured parsers for battery, meminfo, and getprop output.
Persistent Logcat Streaming
Background logcat watchers run as spawned processes with ring buffer accumulation. Each poll returns only new lines since the last read. Supports multiple concurrent sessions (up to 10) with independent filters. Process cleanup handlers prevent orphaned adb logcat processes on server exit.
UI Hierarchy Analysis
Full view tree capture via uiautomator dump with parsed XML extraction. Returns structured element data including text, resource-id, content-description, class names, bounds coordinates with tap-ready center points, and interaction flags. Pre-compiled regex attribute extraction for efficient parsing.
Security Middleware
Multi-layered security activated via DA_SECURITY=true. Provides command blocklist/allowlist filtering, rate limiting (commands per minute), and audit logging with automatic credential redaction. Security checks are integrated into adb_shell, adb_root_shell, adb_multi_shell, adb_multi_compare, adb_input, adb_batch_actions, and adb_start_activity. Configurable via environment variables for different deployment scenarios.
Input Sanitization
All tools that interpolate user-supplied parameters into shell command strings validate inputs against shell metacharacters before execution. Package names, property keys, service names, setting keys, test identifiers, network interface names, and tcpdump filters are all validated through a centralized validateShellArg() function that rejects ;, |, &, $, backticks, parentheses, and other injection vectors. File paths use single-quoted shell escaping to prevent $() command substitution. The adb_input tool applies type-specific validation: tap/swipe accept only numeric coordinates, keyevent accepts only alphanumeric keycodes, and text is shell-escaped for literal delivery. The adb_batch_actions tool enforces the same per-action-type validation (digits-only for coordinates, alphanumeric for keycodes, shell-escape for text) and routes every assembled command through the security middleware. Deserialized JSON from snapshot files is validated before shell interpolation. Every z.number() parameter across all 204 tools has explicit .min()/.max() Zod bounds to prevent resource exhaustion from extreme values. The LocalBridge has explicit handlers for every ADB subcommand used by tool modules, preventing unquoted fallthrough to the default shell handler. In on-device mode, privilege escalation uses a frozen 16-command allowlist and restricted-path regex ā the elevation set is ReadonlySet + Object.freeze, not configurable at runtime. The HTTP/SSE transport denies cross-origin requests by default (configurable via DA_HTTP_CORS_ORIGIN), the plugin registry verifies SHA-256 integrity hashes and prevents path traversal via directory containment checks, and the workflow engine enforces step count (200), sleep duration (5 min), and repeat iteration (100) limits. Fetch helpers enforce a 5 MB response body limit. Getprop output parsing handles Windows \r\n line endings via .trim() before regex matching, and dual SIM slot counts are capped at 4 to prevent resource exhaustion from corrupted device properties.
Multi-Device Orchestration
Run commands, install APKs, and compare outputs across multiple connected devices in parallel. Essential for comparative testing across Android versions and device models.
Snapshot/Restore
Capture comprehensive device state snapshots (packages, settings across all namespaces, system properties) to JSON files. Compare current state against saved snapshots to detect drift. Restore settings from snapshots for reproducible test environments.
Network Traffic Capture
On-device packet capture via tcpdump with pcap file pull for Wireshark analysis. Includes active connection listing via ss/netstat with /proc/net fallback for devices without those tools.
CI/CD Integration
Purpose-built tools for automated pipelines: wait for device boot with polling, structured readiness checks, and instrumented test execution with parsed pass/fail results.
Plugin Architecture
Dynamic tool module loading from a configurable plugins directory. Plugins are standard JavaScript ESM modules that export a register(ctx) function receiving the full ToolContext. Loaded at server startup, enabling community contributions without modifying core code.
Community Plugin Registry
Search, install, and manage plugins from a configurable registry URL. Shows install status, version comparison, and available updates. Downloads plugin files with companion metadata into the plugins directory for loading on next restart. Security features include SHA-256 integrity verification (when provided by the registry manifest), path traversal protection, and register() export sanity checking.
Baseband/Modem Integration
Deep cellular radio inspection tools for advanced Android development and research. Extracts modem firmware identification, cell identity parameters (CID, TAC, EARFCN, PCI), raw signal measurements (RSRP, RSRQ, SINR), neighboring cell surveys, carrier configuration, and multi-source modem logs (RIL radio buffer, telephony framework, kernel dmesg). Supports Shannon/Exynos, Qualcomm, MediaTek, and Unisoc chipset families via standard Android telephony APIs. Includes Google Tensor SoC detection (gs101/gs201/zuma/zumapro) for automatic Shannon modem path routing on Pixel 6ā9 devices. Dual SIM detection reports per-slot SIM state, operator, network type, and country for DSDS, DSDA, and TSTS configurations.
Accessibility Auditing
Automated WCAG accessibility checks on the live UI hierarchy. Detects missing labels on interactive elements, undersized touch targets below the 48dp guideline (density-aware), images without content-descriptions, clickable elements missing focusability, and duplicate content-descriptions. Generates structured reports with severity levels. Includes a dedicated accessibility tree view for screen reader debugging.
Regression Detection
Capture performance baselines (memory, CPU, frame stats, battery, network state) and compare subsequent runs against them. Configurable regression thresholds for memory (+20%), CPU (+50%), and jank rate (+25%). Maintains a history of baselines for trend analysis across releases.
Device Farm Integration
Cloud-based test execution via Firebase Test Lab through the gcloud CLI. Run instrumented tests across multiple device models and API levels, retrieve structured results, and list available test matrix configurations. Graceful fallback with setup instructions if gcloud is unavailable.
HTTP/SSE Transport
Alternative to stdio for browser-based MCP clients. Set DA_HTTP_PORT to start an HTTP server with SSE streaming. Provides /sse (client subscription), /message (JSON-RPC), and /health endpoints. Cross-origin requests are denied by default ā set DA_HTTP_CORS_ORIGIN to explicitly allow a specific origin.
Test Session Management
Structured test workflows with numbered steps. Each step captures a screenshot and logcat snapshot into an organized directory with a Markdown manifest. Designed for reproducible test documentation.
AT Command Interface
Direct AT command passthrough to the modem via root access, enabling raw interrogation beyond the Android telephony framework. Multi-chipset support auto-detects device nodes for Samsung Shannon/Exynos, Qualcomm Snapdragon, MediaTek, Unisoc/Spreadtrum, and generic USB modems. Input validation rejects shell metacharacters from both AT command strings and device node paths before root shell interpolation. A safety blocklist prevents accidental execution of dangerous commands (AT+CFUN=0, AT+EGMR, etc.) with an explicit force override.
Screenshot Diffing
True pixel-level visual regression detection. Captures named screenshot baselines and compares the current screen state by decoding PNG pixel data (IHDR parsing, IDAT decompression, all 5 PNG filter types) and comparing actual RGB values. Reports changed pixel count and percentage, bounding box of the changed region with vertical screen position, and dimension/size deltas. Supports a tolerancePercent parameter (0ā100) that absorbs minor dynamic changes like clock displays or notification badges ā a 1% tolerance reliably absorbs nav bar clock changes (~0.5% of pixels) while catching any real UI regression. SHA-256 fast-path for exact matches. Zero external dependencies.
Workflow Orchestration
Declarative JSON workflow engine for repeatable multi-step device operations. Supports variable substitution ({{pkg}}), conditional steps (if expressions with ==, !=, contains), loops (repeat, capped at 100 iterations), and result capture into variables for downstream steps. Actions map directly to ADB bridge operations with full security middleware enforcement. Workflow validation enforces a 200-step maximum and 5-minute sleep cap per step to prevent resource exhaustion from malicious or malformed workflow definitions.
Split APK Management
Support for modern Android delivery formats. Install app bundles via install-multiple, inspect split APK structure (base + config splits for language, density, ABI), extract all splits locally for analysis, and list APEX modules.
Device Mirroring
Live screen mirroring via scrcpy integration. Supports windowed mode for visual feedback and headless mode for recording-only workflows. Per-device session tracking enables simultaneous mirroring of multiple connected devices. Process cleanup handlers prevent orphaned scrcpy processes.
Automated Test Generation
Analyzes live UI hierarchy and package intent registrations to auto-generate test workflow JSON compatible with the workflow orchestration engine. UI-based generation taps each interactive element, screenshots, and checks for crashes. Intent-based generation launches each exported activity with crash detection.
OTA Update Monitoring
Tracks comprehensive system fingerprint (build ID, Android version, security patch, bootloader, baseband firmware, kernel version, A/B partition slot) across sessions. Compares current state against saved fingerprints to detect OTA updates. Identifies exactly which fields changed and recommends re-baselining performance metrics and screenshots after updates.
RIL Message Interception
Persistent Radio Interface Layer message capture from the Android radio logcat buffer. Spawns a background process that accumulates and categorizes RIL messages into: registration, cell_info, signal, network, security, handover, data, radio_state, sms, and NAS events. Poll-based retrieval with category filtering. Useful for passive monitoring of baseband-framework communication for radio diagnostics and cellular network research. Session limit (5) and process cleanup handlers prevent resource exhaustion.
Device Profile Library
Device-specific knowledge base containing hardware identification, chipset family, known modem device nodes, AT command compatibility, root requirements, dual SIM slot count, and quirks. Auto-detects profiles from connected devices and matches against a built-in library of known devices. Saved profiles persist across sessions and improve auto-detection accuracy for tools like adb_at_detect. Community-extensible through saved profile files.
WebSocket Transport
Alternative to stdio and HTTP/SSE for MCP clients that benefit from true bidirectional streaming. Lower latency than SSE polling with better web framework compatibility. Requires the ws npm package as an optional peer dependency. Set DA_WS_PORT to enable.
Modem Firmware Analysis
Comprehensive multi-component firmware identification, diffing, and history tracking. Parses baseband version strings for 6 chipset families: Shannon/Exynos (including Google Pixel/Tensor g5123b-* format and classic Samsung S5123AP_CL* format), Qualcomm MPSS branch/version/build, MediaTek MOLY branch/release/milestone, Unisoc/Spreadtrum SoC model/version, HiSilicon/Kirin model/carrier code, and Intel XMM model/branch. Also parses bootloader versions (Pixel codename/version/build, Samsung model/carrier/revision) and RIL implementation strings (Samsung S.LSI vendor/id/API/build date, Qualcomm, MediaTek). The firmware probe reports 8 sections: baseband, bootloader, RIL, kernel, security/build, partition/boot (A/B slot, secure boot, verified boot, flash lock), VBMeta integrity, and OTA partition inventory. The diff tool compares all firmware components between saved fingerprints or live device state, with deep parsed sub-diffs for baseband and bootloader. The history tool tracks multi-component firmware progression across OTA fingerprints.
Workflow Marketplace
Community sharing layer for the workflow orchestration engine. Search a registry of community-contributed test workflows, diagnostic sequences, and audit procedures. Download and install workflows directly for immediate execution with adb_workflow_run. Export local workflows with marketplace metadata and auto-generated registry manifest entries for submission. SHA-256 integrity verification on download.
GraphQL API
Optional HTTP endpoint serving a GraphQL API for composed device queries. Enables clients to fetch device info, battery, network, and arbitrary properties in a single request instead of multiple MCP tool calls. POST body size limited to 1 MB. Device properties are pre-fetched once per resolution to minimize subprocess calls. Requires the graphql npm package as an optional peer dependency. Set DA_GRAPHQL_PORT to enable.
SELinux & Permission Auditing
Inspects SELinux enforcement mode, queries AVC denials from logcat and kernel audit logs, and audits runtime permission grants per package. Groups granted permissions by dangerous category (Camera, Location, Phone, SMS, etc.) and flags high-sensitivity grants like background location and manage-external-storage. Extends the security auditing surface to the OS permission layer.
Thermal & Power Profiling
Captures thermal zone temperatures from sysfs, per-CPU frequency scaling states and governors, cooling device activity, and battery drain rates. Complements regression detection with thermal/power baselines for issues that manifest as heat or battery drain rather than frame drops. Includes timed drain measurement with mA/mW/estimated-%per-hour calculations.
Network Device Discovery
Scans the local network for ADB-enabled devices via ARP table queries and optional IP range sweeps. Probes common ADB ports (5555-5558) with batched parallel TCP connection attempts. Extracts device WiFi IPs via multiple methods. Auto-connect mode discovers and connects to devices in one step. Streamlines wireless debugging workflows.
QEMU/KVM Virtualization
On-device virtual machine management using QEMU with KVM hardware acceleration. Enables running guest Android VMs directly on the physical device ā a capability unique to DeepADB. Dynamic resource allocation auto-detects host CPU cores and physical RAM, reserving 1 core and 35% of memory for the host OS to prevent starvation. Multi-VM support tracks resource consumption across concurrent VMs, refusing new VMs when the pool is exhausted rather than degrading host performance. Disk image management with qcow2 (sparse, snapshot-capable) and raw formats. ADB port forwarding to guest VMs enables DeepADB's full tool suite to target both host and guest devices simultaneously. Process lifecycle tracked via the centralized cleanup registry with SIGTERM/SIGKILL shutdown. Path containment verification on all image operations prevents directory traversal.
ToolContext Architecture
All 45 tool modules receive a unified ToolContext dependency bundle containing server, bridge, deviceManager, logger, security, and config. Adding new cross-cutting dependencies requires no module signature changes.
Environment Variables
| Variable | Default | Description |
|---|---|---|
DA_LOCAL | Auto-detect | Force on-device mode (true/false). Auto-detects via /system/build.prop |
ADB_PATH | Auto-detect | Path to ADB binary (ignored in on-device mode) |
DA_TIMEOUT | 30000 | Default command timeout in milliseconds |
DA_MAX_OUTPUT | 50000 | Max output characters before truncation |
DA_MAX_LOGCAT | 500 | Max logcat lines per snapshot |
DA_DEVICE | (auto) | Default device serial (auto-selects if single device) |
DA_TEMP_DIR | OS temp | Temp directory for screenshots, pulled files, bug reports, test sessions, snapshots |
DA_CACHE_TTL | 5000 | Device list cache TTL in milliseconds (0 = disabled) |
DA_RETRY_COUNT | 1 | Number of retries for transient ADB failures |
DA_RETRY_DELAY | 500 | Base retry delay in ms (doubles each attempt) |
DA_LOG_LEVEL | info | Log level: debug, info, warn, error |
DA_ASCII_ONLY | (auto-detect) | Set to 1 to force ASCII-only output in the startup warning banner. Default auto-detects via WT_SESSION/TERM_PROGRAM/TERM for Unicode-capable terminals; falls back to ASCII on legacy cmd.exe. |
DA_RESOURCE_CACHE_TTL_MS | 0 (disabled) | MCP Resource cache TTL in ms. Set to a positive value to cache resource reads (device://info, device://battery, etc.) for that duration. |
DA_RESULT_HANDLE_DIR | {tempDir}/result-handles | Storage root for tempdir-backed tool result handles. Override to relocate the store off the default temp directory. |
DA_RESULT_HANDLE_TTL | 43200 (12h) | Per-handle TTL in seconds. Handles older than this are evicted on startup sweep and during periodic eviction. Bounded to [60, 7 days]. |
DA_RESULT_HANDLE_MAX_BYTES | 5242880 (5 MB) | Per-handle size cap. Tools attempting to store a content block larger than this fail with an error. |
DA_RESULT_HANDLE_TOTAL_BYTES | 104857600 (100 MB) | Total result-handle store size cap across all handles. Triggers LRU eviction when exceeded. |
DA_RESULT_HANDLE_MAX_COUNT | 100 | Maximum number of active handles. Triggers LRU eviction when exceeded. |
DA_SECURITY | false | Enable security middleware (command filtering, rate limiting) |
DA_BLOCKED_COMMANDS | (none) | Comma-separated list of blocked shell command substrings |
DA_ALLOWED_COMMANDS | (none) | Comma-separated allowlist (if set, only matching commands run) |
DA_RATE_LIMIT | 0 | Max commands per minute (0 = unlimited) |
DA_CI_PING_TARGET | 1.1.1.1 | Network reachability target used by adb_ci_device_ready (network reachability is one of the readiness checks alongside boot completion, ADB authorization, and package manager availability). Override to point at an internal target if 1.1.1.1 is firewalled. |
DA_AUDIT_LOG | true | Log all executed commands for audit trail (set to false to disable) |
DA_PLUGIN_DIR | {tempDir}/plugins | Directory to scan for plugin .js modules at startup |
DA_REGISTRY_URL | GitHub default | URL of the community plugin registry JSON manifest |
DA_HTTP_PORT | (disabled) | Set to a port number to enable HTTP/SSE transport mode |
DA_HTTP_HOST | 127.0.0.1 | Bind address for HTTP/SSE, WebSocket, and GraphQL servers |
DA_AUTH_TOKEN | (none ā open) | Bearer token for network transports. When set, all HTTP/SSE/WS/GraphQL requests require Authorization: Bearer <token> header. Health endpoints exempt. |
DA_HTTP_CORS_ORIGIN | (none ā deny) | Allowed CORS origin for HTTP/SSE |
DA_WS_PORT | (disabled) | Set to a port number to enable WebSocket transport mode (requires npm install ws) |
DA_WS_CORS_ORIGIN | (none ā deny) | Allowed CORS origin for WebSocket health endpoint |
DA_GRAPHQL_PORT | (disabled) | Set to a port number to enable the GraphQL API endpoint (requires npm install graphql) |
DA_GRAPHQL_CORS_ORIGIN | (none ā deny) | Allowed CORS origin for GraphQL API |
DA_WORKFLOW_REGISTRY_URL | (derived from DA_REGISTRY_URL) | URL of the workflow marketplace JSON manifest |
DA_TEST_PIN | (none) | Numeric PIN used by tests/test-ui-control.mjs to exercise screen-lock/unlock tests. Without it, the 4 lock-state tests skip. Format: DA_TEST_PIN=0000 npm test. |
Project Structure
DeepADB/
āāā src/
ā āāā index.ts # Entry point ā stdio, HTTP/SSE, WebSocket, or GraphQL transport
ā āāā server.ts # MCP server wiring, config, module registration (exports CreateServerResult)
ā āāā http-transport.ts # HTTP/SSE transport server for browser clients
ā āāā ws-transport.ts # WebSocket transport (optional `ws` peer dependency)
ā āāā graphql-api.ts # GraphQL API endpoint (optional `graphql` peer dependency)
ā āāā tool-context.ts # Unified dependency bundle (ToolContext interface)
ā āāā bridge/
ā ā āāā adb-bridge.ts # Core ADB subprocess wrapper, retry logic, error types
ā ā āāā local-bridge.ts # On-device direct execution bridge with privilege escalation (Termux/local mode)
ā ā āāā device-manager.ts # Device discovery, TTL cache, serial routing
ā āāā tools/
ā ā āāā health.ts # Toolchain health check (1 tool)
ā ā āāā device.ts # Device info and properties (3 tools)
ā ā āāā shell.ts # Shell and root command execution (2 tools)
ā ā āāā packages.ts # App lifecycle, install, permissions, intents (12 tools)
ā ā āāā files.ts # File operations ā push, pull, write, find, grep, replace, stat, checksum, chmod, chown, touch, fsinfo (18 tools)
ā ā āāā logs.ts # Logcat snapshots ā filtered (3 tools)
ā ā āāā logcat-watch.ts # Persistent logcat with ring buffer and poll (4 tools)
ā ā āāā diagnostics.ts # dumpsys, telephony, battery, network, perf, bugreport, crash logs, heap dump (9 tools)
ā ā āāā ui.ts # Screenshots, input, activity, UI hierarchy, annotated screencap, screen state (8 tools)
ā ā āāā input-gestures.ts # Drag, long press, double tap, text, URL, orientation, clipboard, tap-element, wait-element, wait-stable, scroll-until, compressed screenshot, batch actions, fling, pinch, screen size, device state, notifications (18 tools)
ā ā āāā screen-record.ts # Screen video recording start/stop (2 tools)
ā ā āāā control.ts # Airplane, WiFi, data, location, screen, settings, reboot (9 tools)
ā ā āāā wireless.ts # WiFi pairing, connect, disconnect, TCP/IP (4 tools)
ā ā āāā forwarding.ts # Port forwarding ā forward, reverse, list, remove, managed tunnels with auto-port-pick (8 tools)
ā ā āāā emulator.ts # AVD list, start, stop with on-device KVM/QEMU detection (3 tools)
ā ā āāā qemu.ts # QEMU/KVM VM management ā setup, images, start, stop, status, guest ADB connect/disconnect/shell (8 tools)
ā ā āāā testing.ts # Structured test sessions with numbered steps (3 tools)
ā ā āāā multi-device.ts # Multi-device shell, install, compare, comparative testing (4 tools)
ā ā āāā snapshot.ts # Device state capture, compare, restore (3 tools)
ā ā āāā network-capture.ts # tcpdump start/stop, network connections (3 tools)
ā ā āāā ci.ts # CI wait-boot, device-ready, run-tests (3 tools)
ā ā āāā plugins.ts # Plugin loader, info, and dynamic tool loading (2 tools)
ā ā āāā baseband.ts # Modem/baseband inspection and radio diagnostics (6 tools)
ā ā āāā accessibility.ts # Automated WCAG accessibility auditing (3 tools)
ā ā āāā regression.ts # Performance baseline and regression detection (3 tools)
ā ā āāā device-farm.ts # Firebase Test Lab integration via gcloud (3 tools)
ā ā āāā registry.ts # Community plugin registry search/install (3 tools)
ā ā āāā at-commands.ts # AT command modem interface, multi-chipset, cross-validation (5 tools)
ā ā āāā screenshot-diff.ts # Visual regression ā screenshot baseline/diff (3 tools)
ā ā āāā workflow.ts # Declarative workflow orchestration engine (3 tools)
ā ā āāā split-apk.ts # App bundles, split APKs, APEX modules (4 tools)
ā ā āāā mirroring.ts # Live screen mirroring via scrcpy (3 tools)
ā ā āāā test-gen.ts # Automated test workflow generation (3 tools)
ā ā āāā ota-monitor.ts # OTA update monitoring and fingerprinting (3 tools)
ā ā āāā ril-intercept.ts # RIL message interception from radio buffer (3 tools)
ā ā āāā device-profiles.ts # Device profile library with built-in entries (3 tools)
ā ā āāā firmware-analysis.ts # Modem firmware version parsing and diffing (3 tools)
ā ā āāā workflow-market.ts # Workflow marketplace ā search, install, export (3 tools)
ā ā āāā selinux-audit.ts # SELinux status, AVC denials, permission auditing (3 tools)
ā ā āāā thermal-power.ts # Thermal zones, CPU frequency, battery drain (3 tools)
ā ā āāā network-discovery.ts # ADB-over-network scanning and auto-connect (3 tools)
ā ā āāā sensors.ts # Hardware sensor enumeration, IIO power monitor reading (2 tools)
ā ā āāā result-handles.ts # Tempdir-backed result handle store ā list, drop, drop-all (3 tools) + the result://{tool}/{name} resource
ā ā āāā wireless-firmware.ts # WiFi, Bluetooth, NFC, GPS firmware identification (4 tools)
ā ā āāā build.ts # Gradle build and install (2 tools)
ā ā āāā resources.ts # MCP Resources ā 4 device-state surfaces: device://info|battery|telephony|list (5th, result://, lives in result-handles.ts)
ā ā āāā prompts.ts # MCP Prompts ā workflow templates (4 prompts)
ā āāā middleware/
ā ā āāā auth.ts # Bearer token authentication for network transports (DA_AUTH_TOKEN)
ā ā āāā output-processor.ts # Contextual truncation, structured parsers, settledValue helper
ā ā āāā security.ts # Command filtering, rate limiting, audit logging with redaction
ā ā āāā sanitize.ts # Shell injection prevention ā validateShellArg/validateShellArgs/shellEscape
ā ā āāā chipset.ts # Shared chipset family detection, modem path mapping, SIM config detection
ā ā āāā fetch-utils.ts # Shared HTTP helpers with 5 MB streaming response size limit
ā ā āāā png-utils.ts # Zero-dependency PNG decode/encode/draw primitives for screenshot annotation and diffing
ā ā āāā ui-dump.ts # Shared uiautomator XML capture with concurrent-safe paths, on-device /data/local/tmp routing, and cleanup
ā ā āāā cleanup.ts # Centralized process cleanup registry for SIGINT/SIGTERM/exit
ā ā āāā logger.ts # stderr-safe logging (MCP-compliant)
ā ā āāā fs-utils.ts # Filename sanitization, atomic write, private-dir helpers, within-dir containment check
ā ā āāā parse-utils.ts # Shared parseIntSafe for env-var numeric parsing (single source of truth)
ā ā āāā result-handle.ts # Tempdir-backed tool result content cache with TTL, LRU, and token-hash isolation
ā āāā config/
ā āāā config.ts # Configuration, env vars, startup validation
āāā package.json
āāā tsconfig.json
āāā server.json # MCP Registry metadata (io.github.fullread/deepadb)
āāā .gitignore
āāā README.md
āāā SECURITY.md # Threat model, security architecture, deployment hardening, vulnerability reporting
āāā CHANGELOG.md # Version history from v0.1.0 to current
āāā LICENSE # Apache 2.0 license
āāā tests/
āāā run-all.mjs # Run all test suites sequentially with summary (tracks skipped counts)
āāā test-hw.mjs # Hardware core: health, identity, baseband, thermal, profiles, wireless firmware, crash analysis (34 tests)
āāā test-shell-files.mjs # Shell, filesystem, packages, diagnostics (24 tests)
āāā test-ui-control.mjs # UI hierarchy, screenshots, settings, input gestures, UI automation, device awareness, accessibility, screen lock/unlock, multi-touch (46 tests)
āāā test-monitoring.mjs # Logcat watchers, snapshots, OTA, regression, workflows (43 tests)
āāā test-security.mjs # Input sanitization, shell injection, AT command safety, QEMU shell escaping, heap-dump validation (116 on-device, 105 host)
āāā test-lifecycle.mjs # App lifecycle, file push/pull, input, port forwarding, screen recording, test sessions (24 tests)
āāā test-analysis.mjs # Thermal/snapshot/regression comparison, firmware diff, screenshot diff, test gen, RIL intercept, AT cross-validation, permission management (23 tests)
āāā test-boundaries.mjs # Zod bounds enforcement, input injection, error paths, sensitive data protection, wireless ADB coverage, multi-device basics, tunnel automation, device-free coverage boundaries (78 tests)
āāā test-sensors.mjs # HAL sensors, IIO power monitors, category filters, formatting, wake-up, rate display (30 tests)
āāā test-files-extended.mjs # File tool coverage ā write, find, stat, checksum, mkdir, rm, move, copy, chmod, touch, fsinfo, chown, grep, replace; push safety; sed-escape regression (95 tests)
āāā test-result-handles.mjs # Result handle store ā listing, retrieval, drop, isolation, eviction (19 tests)
āāā test-qemu.mjs # QEMU/KVM setup, image management, VM status, guest connectivity errors (13 on-device tests)
āāā test-qemu-boot.mjs # QEMU Alpine VM boot with auto-fetch of kernel/initrd, KVM acceleration, topology detection, guest ADB connectivity (17 on-device tests)
āāā test-supply-chain.mjs # Supply-chain hardening checks for fetch and network paths (24 tests)
āāā test-sanitize-fuzz.mjs # Property-based fuzzing of shell sanitizers ā shellQuote/shellEscape round-trip, validateShellArg rejection (19 tests)
āāā test-transports.mjs # Transport smoke ā HTTP/SSE + WebSocket MCP round-trip, GraphQL health query (8 tests)
āāā lib/
āāā harness.mjs # Shared test harness (stdio JSON-RPC transport, assertion primitives)Tech Stack
- Runtime: Node.js ā„22 (ES2024, ESM)
- Language: TypeScript 6.0 (strict mode, NodeNext module resolution)
- MCP SDK:
@modelcontextprotocol/sdk^1.24.0 (currently resolves to 1.29.0) - Validation: Zod ^4.4.3
- Transport: stdio (JSON-RPC), HTTP/SSE, WebSocket (optional
ws), GraphQL API (optionalgraphql)
pkg install nodejs-lts git
git clone && cd deepadb
npm install && npm run build
npm start # stdio ā for local AI agents (Claude Code, OpenCode)
DA_HTTP_PORT=3000 npm start # HTTP/SSE ā for remote AI access over WiFiQuick Start
npm install
npm run build
npm run inspector # Test with MCP Inspector
npm start # Run directly (stdio mode)
# HTTP/SSE mode for browser-based clients
DA_HTTP_PORT=3000 npm start
# WebSocket mode (requires: npm install ws)
DA_WS_PORT=3001 npm start
# GraphQL API (requires: npm install graphql) ā runs alongside any transport
DA_GRAPHQL_PORT=4000 npm startClaude Code Configuration
{
"mcpServers": {
"deepadb": {
"command": "node",
"args": ["/path/to/DeepADB/build/index.js"]
}
}
}No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.
Licensed under Apache-2.0ā you can use, modify, and redistribute it under that license's terms.
License
Apache License 2.0 ā see LICENSE and NOTICE. The v1.1.2 release migrated from MIT to Apache 2.0 for the explicit patent grant and contributor attribution requirements; existing forks/installs remain valid under the prior MIT terms.