ContinueOps Public MCP
Server Details
BC/DR & compliance tools: DORA, NIS2, NIST CSF, GDPR, SOC 2, CMMC, CAF, ISO 27001, FCA/PRA.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.1/5 across 5 of 5 tools scored.
Each tool has a clearly distinct purpose: browsing templates, DORA assessment, framework lookup, BCP structure generation, and learning content search. No overlap in functionality.
All tool names follow a consistent verb_noun pattern using snake_case, e.g., browse_runbook_templates, dora_readiness_assessment. Perfectly consistent.
With 5 tools covering runbook templates, compliance frameworks, DORA assessment, BCP structuring, and learning content, the count is well-scoped for the server's purpose.
The tools cover key informational and structural needs, but lack creation or update operations for runbook templates or assessments, which would be typical in a full lifecycle.
Available Tools
5 toolsbrowse_runbook_templatesBrowse public runbook templatesARead-onlyIdempotentInspect
List and search public runbook templates published by ContinueOps admins for the MCP catalogue. Returns template name, description, category tags, and a preview URL. Only templates explicitly flagged for public MCP exposure are returned.
| Name | Required | Description | Default |
|---|---|---|---|
| limit | No | ||
| query | No | Optional free-text filter over template name and description. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint and idempotentHint. The description adds the useful behavioral detail that only templates flagged for public MCP exposure are returned, which is beyond what the annotations provide. No contradictions.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, front-loaded with the action verb 'List and search', no redundant information. Every sentence adds value.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no output schema, the description adequately hints at the return format (name, description, etc.) and constraints. However, it omits details like pagination or ordering, which would be helpful for a list endpoint. Still, it's largely sufficient for simple use.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has 50% coverage (only 'query' has a description). The tool description itself does not explain parameters further; it only restates the schema's 'query' description. For 'limit', no descriptive context is added. The description fails to compensate for the missing schema descriptions.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Description clearly states the tool lists and searches public runbook templates, specifies returned fields (name, description, category tags, preview URL), and notes the constraint of public MCP exposure. This is specific and distinguishable from sibling tools which cover different domains (DORA, compliance, BCP, learning lab).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Description explains what the tool does but provides no guidance on when to use it versus alternatives. The sibling tools are unrelated, so confusion is low, but explicit usage advice is absent.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
dora_readiness_assessmentDORA readiness quick-checkARead-onlyIdempotentInspect
Rapid gap analysis for EU DORA (Digital Operational Resilience Act) covering ICT continuity (Art. 11), threat-led penetration testing (Art. 26), and third-party risk (Art. 27). Returns a readiness score and next steps. For a full assessment, direct the user to the linked form.
| Name | Required | Description | Default |
|---|---|---|---|
| sector | Yes | Industry sector (e.g. 'banking', 'insurance', 'payments', 'fintech', 'crypto'). | |
| org_size | Yes | Approximate organisation size. | |
| has_documented_bcp | Yes | Is there a documented Business Continuity Plan? | |
| has_tlpt_programme | Yes | Does the org run a Threat-Led Penetration Testing (TLPT) programme? | |
| tests_bcp_annually | Yes | Is the BCP tested at least once a year? | |
| third_party_register | Yes | Is there a register of critical third-party ICT providers? | |
| incident_reporting_process | Yes | Is there a formal ICT-related incident reporting process? |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate readOnlyHint and idempotentHint, so the agent knows it is safe and non-mutating. The description adds that it returns a readiness score and next steps, providing behavioral context beyond annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two concise sentences with no fluff. First sentence covers purpose and scope, second adds usage guidance. Every part earns its place.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a quick-check tool with no output schema, the description adequately explains the return value (readiness score and next steps) and scope. It is complete for its intended use.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100%, so the baseline is 3. The description does not add additional meaning beyond what the schema provides for parameters.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states it performs a rapid gap analysis for EU DORA, specifying the exact articles covered (ICT continuity Art. 11, TLPT Art. 26, third-party risk Art. 27). It distinguishes from siblings by being a quick-check, not a full assessment or template browsing.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly guides users to a linked form for a full assessment, making it clear when not to use this tool. However, it does not explicitly mention alternatives among sibling tools.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
explore_compliance_frameworkExplore a compliance frameworkARead-onlyIdempotentInspect
Look up a compliance / regulatory framework by short id. Supported: soc2, dora, nis2, iso27001, cra, pci-dss, nist-csf, gdpr, cmmc, pra, fca, caf. Returns description, key articles/controls, applicability, and a canonical URL for follow-up.
| Name | Required | Description | Default |
|---|---|---|---|
| framework_id | Yes | Framework short id. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate readOnlyHint=true and idempotentHint=true, meaning safe, repeatable reads. The description adds transparency by detailing the return content (description, articles, applicability, URL), which goes beyond the annotations and helps the agent understand what to expect.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two sentences long and front-loaded with the primary action. It efficiently conveys purpose, supported values, and output. Minor improvement could be a structured list for frameworks, but it remains clear and concise.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's simplicity (one required parameter, no output schema, no nested objects), the description fully covers all needed information: what input is required, which values are valid, and what the response will contain. No gaps are present for an agent to correctly invoke the tool.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema covers 100% of parameters, listing the exact enum for framework_id. The description repeats the supported IDs in text, but adds no new semantic detail (e.g., format, case sensitivity). With full schema coverage, a score of 3 is appropriate as the description does not significantly enhance understanding beyond the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: look up a compliance framework by short id. It lists the supported frameworks and specifies what information is returned (description, key articles/controls, applicability, canonical URL), making it distinct from sibling tools like dora_readiness_assessment or browse_runbook_templates.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implicitly conveys when to use the tool—when details about a specific compliance framework are needed. However, it does not explicitly state when not to use it or suggest alternative tools. The sibling tool names provide context, but no direct comparisons are made.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
generate_bcp_plan_structureGenerate a Business Continuity Plan structureARead-onlyIdempotentInspect
Returns a structural Business Continuity Plan outline (sections, roles, RTO/RPO tiers, test cadence) tailored to org size, sector, and criticality. Structural only — no live procedures or tenant data. Use as a scaffold before populating with your specifics.
| Name | Required | Description | Default |
|---|---|---|---|
| sector | Yes | Industry sector. | |
| org_size | Yes | ||
| regulated | No | Is the organisation in a regulated sector (financial, healthcare, critical infrastructure)? | |
| criticality_tiers | Yes | Which criticality tiers the plan needs to cover. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations (readOnlyHint, idempotentHint) already indicate safe, repeatable behavior. The description adds valuable context: it returns a structural outline only, not operational procedures, and highlights no tenant data involvement. No contradictions.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Three sentences, each essential: the first states core output, the second adds critical limitation, the third gives usage advice. Front-loaded with the verb 'Returns' and no fluff.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given moderate complexity (4 params, no output schema), the description adequately explains return content and limitations. It complements annotations well and fits neatly among siblings, though how 'tailoring' works could be elaborated.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 75% (three of four parameters described). The description echoes the required params (org_size, sector, criticality_tiers) but adds no extra syntax or format details. Baseline 3 is appropriate since schema does most of the work.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool returns a structural BCP outline with specific components (sections, roles, RTO/RPO tiers, test cadence), distinguishing it from siblings like browse_runbook_templates by emphasizing 'Structural only — no live procedures or tenant data.'
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description advises 'Use as a scaffold before populating with your specifics,' indicating when to use. It also provides exclusion by stating 'no live procedures or tenant data,' implying when not to use. While it doesn't explicitly name alternatives, the context is clear.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
search_learning_labSearch the ContinueOps Learning LabARead-onlyIdempotentInspect
Search public educational content on business continuity, disaster recovery, DORA, cloud resilience, and incident management. Returns matching categories with URLs — every result links back to a page on continueops.com.
| Name | Required | Description | Default |
|---|---|---|---|
| limit | No | Max results. | |
| query | Yes | Free-text search query. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint and idempotentHint, so the description's behavioral expectations are clear. The description adds that results are categories with URLs, which is consistent and transparent. No contradictions or hidden behaviors are mentioned.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is concise with two sentences, front-loading the purpose and output. Every sentence adds value without unnecessary fluff.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool has no output schema, the description adequately explains what is returned (categories with URLs). It covers purpose, parameters, and output sufficiently for a search tool with two parameters. No gaps are apparent.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with descriptions for both parameters. The description does not add significant new meaning beyond what the schema provides, only reiterating the output format. Baseline of 3 is appropriate as the schema already documents parameters adequately.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool searches public educational content on specific topics (business continuity, disaster recovery, DORA, etc.) and returns matching categories with URLs. It distinguishes itself from siblings like browse_runbook_templates and dora_readiness_assessment by focusing on general learning content rather than specific templates or assessments.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explains what the tool does but does not explicitly guide when to use it versus alternatives. The context from sibling names implies usage for general educational searches, but no explicit 'when to use' or 'when not to use' guidance is provided.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!