User Stories by Persona
This page organizes all Code Scalpel tool use cases by user persona, helping you quickly find relevant workflows for your role.
Quick Navigation
👤 Sarah (AI User)
Goal: Reduce AI costs and improve code quality without complex setup
Cost Reduction Stories
| Tool | User Story | Benefit |
extract_code | "I need to extract just one function without Claude reading the entire 5,000-line file" | 200x token reduction |
get_file_context | "I want to quickly check if a file is relevant before reading it all" | Avoid unnecessary file reads |
analyze_code | "I need structure (functions/classes) without full content" | Fast analysis, minimal tokens |
get_symbol_references | "Find all usages of a function without grepping every file" | Precise search, no wasted searching |
Code Quality Stories
| Tool | User Story | Benefit |
security_scan | "Validate AI-generated code for SQL injection before deploying" | Catch vulnerabilities early |
simulate_refactor | "Verify my refactor won't break behavior" | Safe code changes |
generate_unit_tests | "Generate test cases for my new function" | Better test coverage |
Setup Stories
| Tool | User Story | Benefit |
| N/A (Setup) | "Install Code Scalpel in Claude Desktop in <2 minutes" | Fast time-to-value |
get_capabilities | "Check what tier I'm on and what tools are available" | Know your capabilities |
🔰 Alex (First-Timer)
Goal: Understand what Code Scalpel does in 10 seconds and get hands-on experience
Learning Stories
| Tool | User Story | Benefit |
analyze_code | "I want to see the structure of a Python file without reading all the code" | Easy first example |
extract_code | "Extract exactly one function by name - no line numbers needed" | Clear value demonstration |
security_scan | "Find security issues in code with clear explanations (CWE, remediation)" | Learn security concepts |
Exploration Stories
| Tool | User Story | Benefit |
get_project_map | "Get a bird's-eye view of an unfamiliar codebase" | Orientation in new projects |
get_call_graph | "Visualize how functions call each other" | Understand code flow |
crawl_project | "Inventory all files in this repository" | See project scope |
🛡️ Marcus (Security Engineer)
Goal: Find real vulnerabilities with <10% false positive rate, map to OWASP Top 10
Vulnerability Detection Stories
| Tool | User Story | Benefit |
security_scan | "Detect SQL injection, XSS, command injection with high confidence (>0.7)" | OWASP Top 10 coverage |
cross_file_security_scan | "Track taint flow across multiple files (user input → SQL query)" | Multi-file vulnerability detection |
unified_sink_detect | "Find dangerous sinks (eval, exec, system) across Python/JS/TS/Java" | Polyglot sink detection |
type_evaporation_scan | "Detect TypeScript type safety violations at runtime boundaries" | Type system integrity |
Dependency Security Stories
| Tool | User Story | Benefit |
scan_dependencies | "Check for CVEs in requirements.txt using OSV database" | Supply chain security |
verify_policy_integrity | "Cryptographically verify policy files haven't been tampered with" | Policy integrity assurance |
Compliance Stories
| Tool | User Story | Benefit |
code_policy_check | "Enforce OWASP secure coding standards across the codebase" | Compliance automation |
security_scan | "Generate security report with CWE mappings for audit" | Audit trail generation |
👥 David (Team Lead)
Goal: Roll out Code Scalpel to 10-person team in <1 hour, demonstrate ROI
Team Onboarding Stories
| Tool | User Story | Benefit |
| N/A (Setup) | "Deploy shared MCP server for team with centralized license" | Simplified team deployment |
get_capabilities | "Show team what tools are available at our tier" | Team awareness |
Code Review Stories
Project Understanding Stories
| Tool | User Story | Benefit |
get_project_map | "Generate project overview for new team members" | Faster onboarding |
get_call_graph | "Show team how modules interact" | Architecture clarity |
crawl_project | "Identify complexity hotspots needing attention" | Technical debt visibility |
ROI Demonstration Stories
| Tool | User Story | Benefit |
extract_code | "Calculate token savings: 5000 lines → 20 lines extracted" | Quantified cost reduction |
security_scan | "Find vulnerabilities before they reach production" | Risk avoidance value |
🏢 Jennifer (Enterprise Architect)
Goal: Deploy to 500-2000 users with SOC2/ISO 27001 compliance, governance controls
Governance Stories
| Tool | User Story | Benefit |
code_policy_check | "Enforce HIPAA/SOC2/PCI-DSS compliance rules automatically" | Regulatory compliance |
verify_policy_integrity | "Ensure policy files haven't been modified (cryptographic verification)" | Audit integrity |
validate_paths | "Pre-validate file access permissions before analysis" | Security boundaries |
Scale Stories
| Tool | User Story | Benefit |
get_project_map | "Map entire monorepo with 1000+ modules" | Enterprise-scale analysis |
get_call_graph | "Trace execution paths across service boundaries" | Distributed system understanding |
cross_file_security_scan | "Scan organization-wide for cross-module vulnerabilities" | Comprehensive security |
Compliance Reporting Stories
| Tool | User Story | Benefit |
code_policy_check | "Generate PDF compliance reports for auditors" | Automated compliance documentation |
security_scan | "Create audit trail of all security findings" | SOC2 evidence generation |
scan_dependencies | "Report all CVEs across organization's dependencies" | Supply chain risk reporting |
Multi-Team Stories
| Tool | User Story | Benefit |
get_capabilities | "Show different teams what tools they have access to (tiered)" | Tiered access control |
code_policy_check | "Enforce different policies per team/project" | Flexible governance |
🔧 Chris (OSS Contributor)
Goal: Understand architecture, contribute features, integrate with other tools
Architecture Understanding Stories
| Tool | User Story | Benefit |
get_project_map | "Generate comprehensive architecture diagram of Code Scalpel itself" | Deep understanding |
get_call_graph | "Trace how MCP tools are implemented" | Implementation patterns |
get_cross_file_dependencies | "Understand module relationships with confidence scoring" | Dependency analysis |
Contribution Stories
| Tool | User Story | Benefit |
analyze_code | "Analyze AST parsing logic for new language support" | Feature development |
extract_code | "Extract specific modules for focused testing" | Targeted development |
simulate_refactor | "Verify my contribution doesn't break existing behavior" | Safe contributions |
Integration Stories
| Tool | User Story | Benefit |
security_scan | "Integrate taint analysis into CI/CD pipeline" | Automation |
scan_dependencies | "Add CVE scanning to pre-commit hooks" | Development workflow integration |
code_policy_check | "Enforce project coding standards automatically" | Quality automation |
Testing Stories
| Tool | User Story | Benefit |
generate_unit_tests | "Generate tests for symbolic execution edge cases" | Comprehensive test coverage |
symbolic_execute | "Explore execution paths systematically" | Edge case discovery |
Cross-Persona Workflows
Some workflows span multiple personas:
Code Quality Workflow (Everyone)
analyze_code - Understand structuresecurity_scan - Find vulnerabilitiessimulate_refactor - Verify fixesgenerate_unit_tests - Add test coverage
Onboarding Workflow (Alex → David → Jennifer)
get_project_map - Project overviewcrawl_project - File inventoryget_call_graph - Execution flowget_cross_file_dependencies - Dependency understanding
Security Audit Workflow (Marcus → Jennifer)
scan_dependencies - CVE checksecurity_scan - Code vulnerabilitiescross_file_security_scan - Multi-file taintcode_policy_check - Compliance verificationverify_policy_integrity - Policy integrity check
🚀 Getting Started (First 5 minutes)
analyze_code - See structureextract_code - Get specific codeget_file_context - Quick overview
💰 Cost Optimization (Sarah's priorities)
extract_code - 200x token reductionget_file_context - Check before readingget_symbol_references - Precise search
🛡️ Security (Marcus's priorities)
security_scan - OWASP Top 10cross_file_security_scan - Multi-file taintscan_dependencies - CVE detectionunified_sink_detect - Polyglot sinks
🏢 Enterprise (Jennifer's priorities)
code_policy_check - Compliance automationverify_policy_integrity - Policy verificationvalidate_paths - Access control
🔍 Code Understanding (Everyone)
get_project_map - Architecture viewget_call_graph - Execution flowget_cross_file_dependencies - Dependency tracingcrawl_project - File inventory