mcp
Server Details
Create, manage, and query your Google Cloud SQL resources.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.1/5 across 15 of 15 tools scored. Lowest: 3.2/5.
Most tools have distinct purposes targeting specific Cloud SQL resources and actions, such as instance management, user management, SQL execution, and backups. However, there is some potential confusion between execute_sql and execute_sql_readonly, as both execute SQL but differ only in read-only vs. general execution, which might cause misselection if the agent doesn't carefully note the distinction.
All tool names follow a consistent snake_case pattern with clear verb_noun structures, such as create_instance, list_users, update_user, and get_operation. There are no deviations in naming conventions, making the set predictable and easy to understand.
With 15 tools, the server is well-scoped for Cloud SQL management, covering instance lifecycle, user management, SQL operations, backups, and maintenance tasks. Each tool has a clear role, and the count is appropriate for the domain without being overwhelming or insufficient.
The tool set provides comprehensive coverage for Cloud SQL operations, including CRUD for instances and users, SQL execution, backups, imports, and upgrades. Minor gaps exist, such as no explicit tool for deleting instances or users, but agents can infer these from context or use other operations, and core workflows are well-supported.
Available Tools
15 toolsclone_instanceAInspect
Create a Cloud SQL instance as a clone of a source instance.
This tool returns a long-running operation. Use the
get_operationtool to poll its status until the operation completes.The clone operation can take several minutes. Use a command line tool to pause for 30 seconds before rechecking the status.
| Name | Required | Description | Default |
|---|---|---|---|
| body | Yes | ||
| project | Yes | Required. Project ID of the source Cloud SQL instance. | |
| instance | Yes | Required. The ID of the Cloud SQL instance to be cloned (source). This does not include the project ID. |
Output Schema
| Name | Required | Description |
|---|---|---|
| kind | No | This is always `sql#operation`. |
| name | No | An identifier that uniquely identifies the operation. You can use this identifier to retrieve the Operations resource that has information about the operation. |
| user | No | The email address of the user who initiated this operation. |
| error | No | If errors occurred during processing of this operation, this field will be populated. |
| status | No | The status of an operation. |
| endTime | No | The time this operation finished in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| selfLink | No | The URI of this resource. |
| targetId | No | Name of the resource on which this operation runs. |
| startTime | No | The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| apiWarning | No | An Admin API warning message. |
| insertTime | No | The time this operation was enqueued in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| targetLink | No | |
| backupContext | No | The context for backup operation, if applicable. |
| exportContext | No | The context for export operation, if applicable. |
| importContext | No | The context for import operation, if applicable. |
| operationType | No | The type of the operation. Valid values are: * `CREATE` * `DELETE` * `UPDATE` * `RESTART` * `IMPORT` * `EXPORT` * `BACKUP_VOLUME` * `RESTORE_VOLUME` * `CREATE_USER` * `DELETE_USER` * `CREATE_DATABASE` * `DELETE_DATABASE` |
| targetProject | No | The project ID of the target instance related to this operation. |
| subOperationType | No | Optional. The sub operation based on the operation type. |
| acquireSsrsLeaseContext | No | The context for acquire SSRS lease operation, if applicable. |
| preCheckMajorVersionUpgradeContext | No | This field is only populated when the operation_type is PRE_CHECK_MAJOR_VERSION_UPGRADE. The PreCheckMajorVersionUpgradeContext message itself contains the details for that pre-check, such as the target database version for the upgrade and the results of the check (including any warnings or errors found). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
The description adds valuable behavioral context beyond annotations: it discloses that this returns a long-running operation requiring polling, takes several minutes, and suggests a 30-second pause strategy. Annotations already indicate it's not read-only, destructive, or idempotent, but the description provides operational timing and polling requirements that aren't captured in structured fields.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is perfectly structured: a clear purpose statement followed by two bullet points with essential operational guidance. Every sentence earns its place with zero waste, making it front-loaded and highly efficient for an AI agent to parse.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's complexity (clone operation with long-running nature), rich annotations, and the presence of an output schema, the description is complete. It covers the core purpose, operational behavior, and polling requirements without needing to explain return values (handled by output schema) or repeat what annotations already state about safety.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
With 67% schema description coverage, the schema already documents most parameters well. The description doesn't add specific parameter semantics beyond what's in the schema, but it doesn't need to compensate significantly given the decent coverage. The baseline of 3 is appropriate since the schema handles the heavy lifting for parameter documentation.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the specific action ('Create a Cloud SQL instance as a clone') and resource ('of a source instance'), distinguishing it from siblings like create_instance (new instance) or restore_backup (from backup). It precisely defines the tool's function without ambiguity.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly provides usage guidance: it instructs to use get_operation to poll status, recommends pausing 30 seconds before rechecking, and notes the operation can take several minutes. This gives clear procedural context for when and how to use this tool versus alternatives like create_instance.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
create_backupBInspect
Takes a backup on a Cloud SQL instance. Always populate the project and instance fields on the request. The location (region) and description of the backup may also be optionally provided, in which case the corresponding request fields should also be populated.
| Name | Required | Description | Default |
|---|---|---|---|
| project | Yes | Required. Project ID of the project that contains the instance. | |
| instance | Yes | Required. Cloud SQL instance ID. This does not include the project ID. | |
| location | No | Optional. Location of the backup run. | |
| description | No | Optional. The description of this backup run. |
Output Schema
| Name | Required | Description |
|---|---|---|
| kind | No | This is always `sql#operation`. |
| name | No | An identifier that uniquely identifies the operation. You can use this identifier to retrieve the Operations resource that has information about the operation. |
| user | No | The email address of the user who initiated this operation. |
| error | No | If errors occurred during processing of this operation, this field will be populated. |
| status | No | The status of an operation. |
| endTime | No | The time this operation finished in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| selfLink | No | The URI of this resource. |
| targetId | No | Name of the resource on which this operation runs. |
| startTime | No | The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| apiWarning | No | An Admin API warning message. |
| insertTime | No | The time this operation was enqueued in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| targetLink | No | |
| backupContext | No | The context for backup operation, if applicable. |
| exportContext | No | The context for export operation, if applicable. |
| importContext | No | The context for import operation, if applicable. |
| operationType | No | The type of the operation. Valid values are: * `CREATE` * `DELETE` * `UPDATE` * `RESTART` * `IMPORT` * `EXPORT` * `BACKUP_VOLUME` * `RESTORE_VOLUME` * `CREATE_USER` * `DELETE_USER` * `CREATE_DATABASE` * `DELETE_DATABASE` |
| targetProject | No | The project ID of the target instance related to this operation. |
| subOperationType | No | Optional. The sub operation based on the operation type. |
| acquireSsrsLeaseContext | No | The context for acquire SSRS lease operation, if applicable. |
| preCheckMajorVersionUpgradeContext | No | This field is only populated when the operation_type is PRE_CHECK_MAJOR_VERSION_UPGRADE. The PreCheckMajorVersionUpgradeContext message itself contains the details for that pre-check, such as the target database version for the upgrade and the results of the check (including any warnings or errors found). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
The annotations cover key behavioral traits (readOnlyHint=false, destructiveHint=false, etc.), so the description's burden is lower. It adds some useful context by emphasizing that project and instance fields are always required, but doesn't disclose operational details like backup duration, impact on instance performance, rate limits, or authentication needs. With annotations providing a basic safety profile, a score of 3 reflects moderate added value without contradictions.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is concise and well-structured in two sentences, with the first stating the purpose and the second providing field usage guidance. There's no unnecessary repetition or fluff, and it's front-loaded with the core action. A slight deduction because the second sentence could be more streamlined, but overall it's efficient.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's moderate complexity (a write operation with 4 parameters), rich annotations (covering safety and idempotency), and the presence of an output schema, the description is reasonably complete. It covers the basic action and field requirements, though it could benefit from more behavioral context (e.g., backup implications) or usage scenarios. The output schema reduces the need to explain return values, supporting adequacy.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100%, so the schema already fully documents all parameters (project, instance, location, description). The description reiterates that project and instance are always required and that location and description are optional, but doesn't add meaningful semantic context beyond what's in the schema (e.g., format examples, constraints, or real-world usage). Baseline 3 is appropriate when the schema does the heavy lifting.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: 'Takes a backup on a Cloud SQL instance.' This specifies the verb ('takes a backup') and resource ('Cloud SQL instance'), making it immediately understandable. However, it doesn't explicitly differentiate from sibling tools like 'restore_backup' or 'clone_instance' beyond the obvious action difference, which prevents a perfect score.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides minimal usage guidance, focusing only on which fields to populate ('Always populate the project and instance fields...'). It doesn't explain when to use this tool versus alternatives like 'restore_backup' or 'clone_instance', nor does it mention prerequisites, dependencies, or typical scenarios for backup creation. This leaves the agent with insufficient context for optimal tool selection.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
create_instanceAInspect
Initiates the creation of a Cloud SQL instance.
The tool returns a long-running operation. Use the
get_operationtool to poll its status until the operation completes.The instance creation operation can take several minutes. Use a command line tool to pause for 30 seconds before rechecking the status.
After you use the
create_instancetool to create an instance, you can use thecreate_usertool to create an IAM user account for the user currently logged in to the project.IMPORTANT: Set
ipv4_enabledto 'false' if creating a Private Service Connect or a Private Service Access instance.The value of
data_api_accessis set toALLOW_DATA_APIby default. This setting lets you execute SQL statements using theexecute_sqltool and theexecuteSqlAPI.Unless otherwise specified, a newly created instance uses the default instance configuration of a development environment.
The following is the default configuration for an instance in a development environment:
{
"tier": "db-perf-optimized-N-2",
"data_disk_size_gb": 100,
"region": "us-central1",
"database_version": "POSTGRES_18",
"edition": "ENTERPRISE_PLUS",
"availability_type": "ZONAL",
"tags": [{"environment": "dev"}]
}The following configuration is recommended for an instance in a production environment:
{
"tier": "db-perf-optimized-N-8",
"data_disk_size_gb": 250,
"region": "us-central1",
"database_version": "POSTGRES_18",
"edition": "ENTERPRISE_PLUS",
"availability_type": "REGIONAL",
"tags": [{"environment": "prod"}]
}The following instance configuration is recommended for SQL Server:
{
"tier": "db-perf-optimized-N-8",
"data_disk_size_gb": 250,
"region": "us-central1",
"database_version": "SQLSERVER_2022_STANDARD",
"edition": "ENTERPRISE",
"availability_type": "REGIONAL",
"tags": [{"environment": "prod"}]
}| Name | Required | Description | Default |
|---|---|---|---|
| name | Yes | Required. Name of the Cloud SQL instance. This does not include the project ID. | |
| tags | No | Optional. Input only. Tag keys and tag values that are bound to this instance. You must represent each item in the map as: `"" : ""`. For example, a single resource can have the following tags: ``` "environment": "prod", ``` | |
| tier | No | Optional. The tier (or machine type) for this instance. If not specified: - For `ENTERPRISE_PLUS` edition, the default tier is `db-perf-optimized-N-2`, which gives you 2 vCPUs and 16 GB of RAM. - For `ENTERPRISE` edition, the default tier is `db-custom-2-3840`, which gives you 2 vCPUs and 3.75 GB of RAM. ENTERPRISE_PLUS edition needs to use N2 machine series. ENTERPRISE edition can use custom machine type names use the following format: db-custom-{CPUs}-{Memory}. | |
| region | No | Optional. The geographical region of the Cloud SQL instance. For example, `us-central1`, `europe-west1`, and `asia-east1`. If not specified, the default value is `us-central1`. | |
| edition | No | Optional. The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS. If not specified: - For Postgres and Mysql, the default value is ENTERPRISE_PLUS. - For SQL Server, the default value is ENTERPRISE. | |
| project | Yes | Required. Project ID of the project to which the newly created Cloud SQL instances should belong. | |
| ipv4Enabled | No | Optional. Whether to enable public IP for the instance. Enabling this flag makes the resource accessible from the public internet, which is a security risk if not properly managed. It is recommended to keep resources private whenever possible. This field defaults to 'false' if either `psc_mcp_config` or `psa_mcp_config` is set, or creating a Private Service Connect (PSC) or Private Service Access (PSA) instance. | |
| psaMcpConfig | No | Optional. Use this to connect to the Cloud SQL instance using Private Service Access. | |
| pscMcpConfig | No | Optional. Configuration for Private Service Connect (PSC) instance creation. | |
| dataDiskSizeGb | No | Optional. Data disk size in GB. Default value is 100. | |
| databaseVersion | No | Optional. The database engine type and version. The default value is `POSTGRES_18`. For Mysql, it can be `MYSQL_8_4`, `MYSQL_8_0`, `MYSQL_5_7`, etc. For Postgres, it can be `POSTGRES_18`, `POSTGRES_17`, `POSTGRES_16`, etc. For SQL Server, it can be SQLSERVER_2022_STANDARD, SQLSERVER_2022_EXPRESS, SQLSERVER_2022_ENTERPRISE, etc. | |
| availabilityType | No | Optional. Availability type. Potential values: * `ZONAL`: The instance serves data from only one zone. Outages in that zone affect data accessibility. This is the default value. * `REGIONAL`: The instance can serve data from more than one zone in a region (it is highly available). | |
| dataCacheEnabled | No | Optional. Whether data cache is enabled for the instance. | |
| enableGoogleMlIntegration | No | Optional. When this parameter is set to true, Cloud SQL instances can connect to Vertex AI to pass requests for real-time predictions and insights to the AI. The default value is false. This applies only to Cloud SQL for MySQL and Cloud SQL for PostgreSQL instances. |
Output Schema
| Name | Required | Description |
|---|---|---|
| kind | No | This is always `sql#operation`. |
| name | No | An identifier that uniquely identifies the operation. You can use this identifier to retrieve the Operations resource that has information about the operation. |
| user | No | The email address of the user who initiated this operation. |
| error | No | If errors occurred during processing of this operation, this field will be populated. |
| status | No | The status of an operation. |
| endTime | No | The time this operation finished in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| selfLink | No | The URI of this resource. |
| targetId | No | Name of the resource on which this operation runs. |
| startTime | No | The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| apiWarning | No | An Admin API warning message. |
| insertTime | No | The time this operation was enqueued in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| targetLink | No | |
| backupContext | No | The context for backup operation, if applicable. |
| exportContext | No | The context for export operation, if applicable. |
| importContext | No | The context for import operation, if applicable. |
| operationType | No | The type of the operation. Valid values are: * `CREATE` * `DELETE` * `UPDATE` * `RESTART` * `IMPORT` * `EXPORT` * `BACKUP_VOLUME` * `RESTORE_VOLUME` * `CREATE_USER` * `DELETE_USER` * `CREATE_DATABASE` * `DELETE_DATABASE` |
| targetProject | No | The project ID of the target instance related to this operation. |
| subOperationType | No | Optional. The sub operation based on the operation type. |
| acquireSsrsLeaseContext | No | The context for acquire SSRS lease operation, if applicable. |
| preCheckMajorVersionUpgradeContext | No | This field is only populated when the operation_type is PRE_CHECK_MAJOR_VERSION_UPGRADE. The PreCheckMajorVersionUpgradeContext message itself contains the details for that pre-check, such as the target database version for the upgrade and the results of the check (including any warnings or errors found). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
The description adds valuable behavioral context beyond annotations: it discloses that the operation returns a long-running operation requiring polling, takes several minutes, and has specific security considerations (ipv4_enabled defaults). While annotations cover basic safety (destructiveHint=false), the description provides crucial operational details about timing and async behavior.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is excessively long with multiple JSON configuration examples that could be referenced elsewhere. While the first few bullet points are valuable, the detailed configuration blocks (development, production, SQL Server) could be condensed or moved to documentation, making the description less front-loaded and efficient.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's complexity (14 parameters, long-running operation) and the presence of both comprehensive schema descriptions and output schema, the description is complete. It covers the async nature, timing expectations, security considerations, and provides practical configuration guidance, addressing all critical aspects for proper tool invocation.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
With 100% schema description coverage, the baseline is 3. The description adds some value by explaining default configurations and providing example JSON structures, but doesn't significantly enhance understanding of individual parameters beyond what the comprehensive schema already documents.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the specific action ('Initiates the creation') and resource ('Cloud SQL instance'), distinguishing it from siblings like clone_instance, create_backup, and update_instance. It establishes this as the primary instance creation tool rather than modification or cloning.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides explicit guidance on when to use this tool vs alternatives: it mentions using get_operation to poll status, create_user for subsequent IAM setup, and gives specific configuration examples for development vs production environments. It also distinguishes from execute_sql for data operations.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
create_userAInspect
Create a database user for a Cloud SQL instance.
This tool returns a long-running operation. Use the
get_operationtool to poll its status until the operation completes.When you use the
create_usertool, specify the type of user:CLOUD_IAM_USER,CLOUD_IAM_SERVICE_ACCOUNT, orBUILT_IN.By default the newly created user is assigned the
cloudsqlsuperuserrole, unless you specify other database roles explicitly in the request.You can use a newly created user with the
execute_sqltool if the user is a currently logged in IAM user. Theexecute_sqltool executes the SQL statements using the privileges of the database user logged in using IAM database authentication.
The create_user tool has the following limitations:
To create a built-in user with password, use the
password_secret_versionfield to provide password using the Google Cloud Secret Manager. The value ofpassword_secret_versionshould be the resource name of the secret version, likeprojects/12345/locations/us-central1/secrets/my-password-secret/versions/1orprojects/12345/locations/us-central1/secrets/my-password-secret/versions/latest. The caller needs to havesecretmanager.secretVersions.accesspermission on the secret version.The
create_usertool doesn't support creating a user for SQL Server.
To create an IAM user in PostgreSQL:
The database username must be the IAM user's email address and all lowercase. For example, to create user for PostgreSQL IAM user
example-user@example.com, you can use the following request:
{
"name": "example-user@example.com",
"type": "CLOUD_IAM_USER",
"instance":"test-instance",
"project": "test-project"
}The created database username for the IAM user is example-user@example.com.
To create an IAM service account in PostgreSQL:
The database username must be created without the
.gserviceaccount.comsuffix even though the full email address for the account isservice-account-name@project-id.iam.gserviceaccount.com. For example, to create an IAM service account for PostgreSQL you can use the following request format:
{
"name": "test@test-project.iam",
"type": "CLOUD_IAM_SERVICE_ACCOUNT",
"instance": "test-instance",
"project": "test-project"
}The created database username for the IAM service account is test@test-project.iam.
To create an IAM user or IAM service account in MySQL:
When Cloud SQL for MySQL stores a username, it truncates the @ and the domain name from the user or service account's email address. For example,
example-user@example.combecomesexample-user.For this reason, you can't add two IAM users or service accounts with the same username but different domain names to the same Cloud SQL instance.
For example, to create user for the MySQL IAM user
example-user@example.com, use the following request:
{
"name": "example-user@example.com",
"type": "CLOUD_IAM_USER",
"instance": "test-instance",
"project": "test-project"
}The created database username for the IAM user is example-user.
For example, to create the MySQL IAM service account
service-account-name@project-id.iam.gserviceaccount.com, use the following request:
{
"name": "service-account-name@project-id.iam.gserviceaccount.com",
"type": "CLOUD_IAM_SERVICE_ACCOUNT",
"instance": "test-instance",
"project": "test-project"
}The created database username for the IAM service account is
service-account-name.
| Name | Required | Description | Default |
|---|---|---|---|
| name | Yes | Required. The name of the user in the Cloud SQL instance. | |
| type | Yes | Required. The user type. It determines the method to authenticate the user during login. Use type CLOUD_IAM_USER when authenticating with a Cloud IAM user. Use type CLOUD_IAM_SERVICE_ACCOUNT when authenticating with a Cloud IAM service account. | |
| project | Yes | Required. Project ID of the project that contains the instance. | |
| instance | Yes | Required. Database instance ID. This does not include the project ID. | |
| databaseRoles | No | Optional. Role memberships of the user. Default value is [cloudsqlsuperuser]. | |
| passwordSecretVersion | No | Optional. Input only. The resource name of the Secret Manager secret holding the password for the user, only needed if `type` is `BUILT_IN`. The expected format is `projects/{project}/secrets/{secret}/versions/{secret_version}`. The secret resource name will not be stored. |
Output Schema
| Name | Required | Description |
|---|---|---|
| kind | No | This is always `sql#operation`. |
| name | No | An identifier that uniquely identifies the operation. You can use this identifier to retrieve the Operations resource that has information about the operation. |
| user | No | The email address of the user who initiated this operation. |
| error | No | If errors occurred during processing of this operation, this field will be populated. |
| status | No | The status of an operation. |
| endTime | No | The time this operation finished in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| selfLink | No | The URI of this resource. |
| targetId | No | Name of the resource on which this operation runs. |
| startTime | No | The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| apiWarning | No | An Admin API warning message. |
| insertTime | No | The time this operation was enqueued in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| targetLink | No | |
| backupContext | No | The context for backup operation, if applicable. |
| exportContext | No | The context for export operation, if applicable. |
| importContext | No | The context for import operation, if applicable. |
| operationType | No | The type of the operation. Valid values are: * `CREATE` * `DELETE` * `UPDATE` * `RESTART` * `IMPORT` * `EXPORT` * `BACKUP_VOLUME` * `RESTORE_VOLUME` * `CREATE_USER` * `DELETE_USER` * `CREATE_DATABASE` * `DELETE_DATABASE` |
| targetProject | No | The project ID of the target instance related to this operation. |
| subOperationType | No | Optional. The sub operation based on the operation type. |
| acquireSsrsLeaseContext | No | The context for acquire SSRS lease operation, if applicable. |
| preCheckMajorVersionUpgradeContext | No | This field is only populated when the operation_type is PRE_CHECK_MAJOR_VERSION_UPGRADE. The PreCheckMajorVersionUpgradeContext message itself contains the details for that pre-check, such as the target database version for the upgrade and the results of the check (including any warnings or errors found). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
The description adds valuable behavioral context beyond annotations: it explains the long-running operation nature requiring polling, default role assignment, authentication requirements for using with execute_sql, and specific limitations (SQL Server unsupported, allowlist requirements for password secrets). While annotations cover basic safety (readOnlyHint=false, destructiveHint=false), the description provides operational details that help the agent understand how to work with this tool effectively.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
While well-structured with clear sections, the description is quite lengthy with extensive examples and limitations. Some information could be more efficiently presented, and the examples (while helpful) make the description verbose. However, the information is generally relevant and organized logically.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given this is a complex creation tool with 6 parameters and significant behavioral considerations, the description provides comprehensive context: it covers prerequisites, operational patterns (polling), limitations, authentication implications, and database-specific behaviors. With an output schema available, it appropriately focuses on usage rather than return values, making it complete for agent decision-making.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Despite 100% schema description coverage, the description adds significant practical meaning: it explains how the 'type' parameter affects authentication methods, provides concrete examples of how 'name' formatting differs between PostgreSQL and MySQL, clarifies the purpose of 'password_secret_version', and shows how parameters work together in complete request examples. This goes beyond the schema's technical definitions to show real-world usage.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the specific action ('Create a database user') and resource ('for a Cloud SQL instance'), distinguishing it from siblings like 'list_users' or 'update_user'. The opening sentence directly communicates the tool's function without ambiguity.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides explicit guidance on when to use this tool versus alternatives: it mentions using 'get_operation' to poll status, specifies when to use 'execute_sql' with the created user, and explicitly states limitations like not supporting SQL Server. It also distinguishes between user types and provides clear examples for different scenarios.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
execute_sqlADestructiveInspect
Execute any valid SQL statement, including data definition language (DDL), data control language (DCL), data query language (DQL), or data manipulation language (DML) statements, on a Cloud SQL instance.
To support the execute_sql tool, a Cloud SQL instance must meet
the following requirements:
The value of
data_api_accessmust be set toALLOW_DATA_API.For built_in users password_secret_version must be set.
Otherwise, for IAM users, for a MySQL instance, the database flag
cloudsql_iam_authenticationmust be set toon. For a PostgreSQL instance, the database flagcloudsql.iam_authenticationmust be set toon.After you use the
create_instancetool to create an instance, you can use thecreate_usertool to create an IAM user account for the user currently logged in to the project.The
execute_sqltool has the following limitations:If a SQL statement returns a response larger than 10 MB, then the response will be truncated.
The
execute_sqltool has a default timeout of 30 seconds. If a query runs longer than 30 seconds, then the tool returns aDEADLINE_EXCEEDEDerror.The
execute_sqltool isn't supported for SQL Server.
If you receive errors similar to "IAM authentication is not enabled for the instance",
then you can use the get_instance tool to check the value of the IAM
database authentication flag for the instance.
If you receive errors like "The instance doesn't allow using executeSql to access this
instance", then you can use get_instance tool to check the data_api_access setting.
When you receive authentication errors:
Check if the currently logged-in user account exists as an IAM user on the instance using the
list_userstool.If the IAM user account doesn't exist, then use the
create_usertool to create the IAM user account for the logged-in user.If the currently logged in user doesn't have the proper database user roles, then you can use
update_usertool to grant database roles to the user. For example,cloudsqlsuperuserrole can provide an IAM user with many required permissions.Check if the currently logged in user has the correct IAM permissions assigned for the project. You can use
gcloud projects get-iam-policy [PROJECT_ID]command to check if the user has the proper IAM roles or permissions assigned for the project.The user must have
cloudsql.instance.loginpermission to do automatic IAM database authentication.The user must have
cloudsql.instances.executeSqlpermission to execute SQL statements using theexecute_sqltool orexecuteSqlAPI.Common IAM roles that contain the required permissions: Cloud SQL Instance User (
roles/cloudsql.instanceUser) or Cloud SQL Admin (roles/cloudsql.admin)
When receiving an ExecuteSqlResponse, always check the message and status fields
within the response body. A successful HTTP status code doesn't guarantee full success of
all SQL statements.
The message and status fields will indicate if there were any partial errors or
warnings during SQL statement execution.
| Name | Required | Description | Default |
|---|---|---|---|
| user | No | Optional. The name of an existing database user to connect to the database. When `auto_iam_authn` is set to true, this field is ignored and the API caller's IAM user is used. | |
| project | Yes | Required. Project ID of the project that contains the instance. | |
| database | No | Optional. Name of the database on which the statement will be executed. For Postgres it's required, for MySQL it's optional. For Postgres, if your query is not scoped to an existings database, like list databases / create new database / grant roles, you can pass in default value as postgres. | |
| instance | Yes | Required. Database instance ID. This does not include the project ID. | |
| sqlStatement | Yes | Required. SQL statements to run on the database. It can be a single statement or a sequence of statements separated by semicolons. | |
| passwordSecretVersion | No | Optional. The resource name of the Secret Manager secret holding the password for the user to log into the database. The expected format is `projects/{project}/secrets/{secret}/versions/{secret_version}`. The secret resource name will not be stored. |
Output Schema
| Name | Required | Description |
|---|---|---|
| status | No | Contains the error from the database if the SQL execution failed. |
| results | No | The list of results after executing all the SQL statements. |
| messages | No | A list of notices and warnings generated during query execution. For PostgreSQL, this includes all notices and warnings. For MySQL, this includes warnings generated by the last executed statement. To retrieve all warnings for a multi-statement query, `SHOW WARNINGS` must be executed after each statement. |
| metadata | No | The additional metadata information regarding the execution of the SQL statements. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
The description adds significant behavioral context beyond annotations. While annotations indicate destructiveHint=true (implying mutations), the description details specific limitations (10MB response truncation, 30-second timeout, SQL Server unsupported), authentication requirements, error handling procedures, and response interpretation guidance. This goes well beyond what annotations provide.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is comprehensive but lengthy and could be more front-loaded. While all content is valuable (prerequisites, limitations, troubleshooting), it spans multiple sections and could benefit from better organization. Some sentences are verbose, though none are wasteful.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's complexity (destructive SQL execution with authentication requirements) and the presence of annotations and output schema, the description provides excellent completeness. It covers prerequisites, limitations, error handling, authentication workflows, and response interpretation, making it highly informative for safe and effective use.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
With 100% schema description coverage, the input schema already documents all 6 parameters thoroughly. The description doesn't add parameter-specific information beyond what's in the schema, so it meets the baseline of 3. The description focuses on behavioral context rather than parameter details.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: 'Execute any valid SQL statement... on a Cloud SQL instance.' It specifies the scope (DDL, DCL, DQL, DML) and distinguishes it from sibling tools like execute_sql_readonly by not having read-only restrictions.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides explicit guidance on when to use this tool versus alternatives. It mentions prerequisites (instance requirements, user setup), troubleshooting steps for errors, and references sibling tools like get_instance, list_users, create_user, and update_user for related operations.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
execute_sql_readonlyARead-onlyIdempotentInspect
Execute any valid read only SQL statement on a Cloud SQL instance.
To support the execute_sql_readonly tool, a Cloud SQL instance must meet
the following requirements:
The value of
data_api_accessmust be set toALLOW_DATA_API.For a MySQL instance, the database flag
cloudsql_iam_authenticationmust be set toon. For a PostgreSQL instance, the database flagcloudsql.iam_authenticationmust be set toon.An IAM user account or IAM service account (
CLOUD_IAM_USERorCLOUD_IAM_SERVICE_ACCOUNT) is required to call theexecute_sql_readonlytool. The tool executes the SQL statements using the privileges of the database user logged with IAM database authentication.After you use the
create_instancetool to create an instance, you can use thecreate_usertool to create an IAM user account for the user currently logged in to the project.The
execute_sql_readonlytool has the following limitations:If a SQL statement returns a response larger than 10 MB, then the response will be truncated.
The tool has a default timeout of 30 seconds. If a query runs longer than 30 seconds, then the tool returns a
DEADLINE_EXCEEDEDerror.The tool isn't supported for SQL Server.
If you receive errors similar to "IAM authentication is not enabled for the instance",
then you can use the get_instance tool to check the value of the IAM
database authentication flag for the instance.
If you receive errors like "The instance doesn't allow using executeSql to access this
instance", then you can use get_instance tool to check the data_api_access setting.
When you receive authentication errors:
Check if the currently logged-in user account exists as an IAM user on the instance using the
list_userstool.If the IAM user account doesn't exist, then use the
create_usertool to create the IAM user account for the logged-in user.If the currently logged in user doesn't have the proper database user roles, then you can use
update_usertool to grant database roles to the user. For example,cloudsqlsuperuserrole can provide an IAM user with many required permissions.Check if the currently logged in user has the correct IAM permissions assigned for the project. You can use
gcloud projects get-iam-policy [PROJECT_ID]command to check if the user has the proper IAM roles or permissions assigned for the project.The user must have
cloudsql.instance.loginpermission to do automatic IAM database authentication.The user must have
cloudsql.instances.executeSqlpermission to execute SQL statements using theexecute_sql_readonlytool orexecuteSqlAPI.Common IAM roles that contain the required permissions: Cloud SQL Instance User (
roles/cloudsql.instanceUser) or Cloud SQL Admin (roles/cloudsql.admin)
When receiving an ExecuteSqlResponse, always check the message and status fields
within the response body. A successful HTTP status code doesn't guarantee full success of
all SQL statements.
The message and status fields will indicate if there were any partial errors or
warnings during SQL statement execution.
| Name | Required | Description | Default |
|---|---|---|---|
| user | No | Optional. The name of an existing database user to connect to the database. When `auto_iam_authn` is set to true, this field is ignored and the API caller's IAM user is used. | |
| project | Yes | Required. Project ID of the project that contains the instance. | |
| database | No | Optional. Name of the database on which the statement will be executed. For Postgres it's required, for MySQL it's optional. For Postgres, if your query is not scoped to an existings database, like list databases / create new database / grant roles, you can pass in default value as postgres. | |
| instance | Yes | Required. Database instance ID. This does not include the project ID. | |
| sqlStatement | Yes | Required. SQL statements to run on the database. It can be a single statement or a sequence of statements separated by semicolons. | |
| passwordSecretVersion | No | Optional. The resource name of the Secret Manager secret holding the password for the user to log into the database. The expected format is `projects/{project}/secrets/{secret}/versions/{secret_version}`. The secret resource name will not be stored. |
Output Schema
| Name | Required | Description |
|---|---|---|
| status | No | Contains the error from the database if the SQL execution failed. |
| results | No | The list of results after executing all the SQL statements. |
| messages | No | A list of notices and warnings generated during query execution. For PostgreSQL, this includes all notices and warnings. For MySQL, this includes warnings generated by the last executed statement. To retrieve all warnings for a multi-statement query, `SHOW WARNINGS` must be executed after each statement. |
| metadata | No | The additional metadata information regarding the execution of the SQL statements. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Despite annotations indicating read-only, idempotent, and non-destructive behavior, the description adds significant behavioral context: limitations (10MB response truncation, 30-second timeout, no SQL Server support), authentication requirements (IAM user/service account), and response handling (checking 'message' and 'status' fields for partial errors). This goes well beyond what annotations provide.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is lengthy and includes extensive troubleshooting steps, which may be useful but reduces conciseness. It is front-loaded with core functionality but could be more streamlined, as some sections (e.g., detailed error handling) might be better placed elsewhere.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's complexity, rich annotations, and output schema, the description is highly complete. It covers prerequisites, limitations, error handling, authentication details, and integration with sibling tools, leaving no significant gaps for an AI agent to understand and use the tool effectively.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
With 100% schema description coverage, the baseline is 3. The description adds value by clarifying parameter interactions (e.g., 'auto_iam_authn' ignoring the 'user' field) and database-specific requirements (Postgres vs. MySQL for 'database' parameter). However, it doesn't fully detail all parameter semantics beyond the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: 'Execute any valid read only SQL statement on a Cloud SQL instance.' It specifies the verb ('Execute'), resource ('read only SQL statement'), and target ('Cloud SQL instance'), and distinguishes it from its sibling 'execute_sql' by emphasizing the read-only nature.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides explicit guidance on when to use this tool, including prerequisites (e.g., IAM authentication setup, instance requirements) and alternatives (e.g., using 'get_instance' to check settings, 'create_user' for IAM setup). It also details error scenarios and troubleshooting steps, offering comprehensive usage context.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_instanceBRead-onlyInspect
Get the details of a Cloud SQL instance.
| Name | Required | Description | Default |
|---|---|---|---|
| project | Yes | Required. Project ID of the project that contains the instance. | |
| instance | Yes | Required. Database instance ID. This does not include the project ID. |
Output Schema
| Name | Required | Description |
|---|---|---|
| etag | No | This field is deprecated and will be removed from a future version of the API. Use the `settings.settingsVersion` field instead. |
| kind | No | This is always `sql#instance`. |
| name | No | Name of the Cloud SQL instance. This does not include the project ID. |
| tags | No | Optional. Input only. Immutable. Tag keys and tag values that are bound to this instance. You must represent each item in the map as: `"" : ""`. For example, a single resource can have the following tags: ``` "123/environment": "production", "123/costCenter": "marketing", ``` For more information on tag creation and management, see https://cloud.google.com/resource-manager/docs/tags/tags-overview. |
| nodes | No | Output only. Entries containing information about each read pool node of the read pool. |
| state | No | The current serving state of the Cloud SQL instance. |
| region | No | The geographical region of the Cloud SQL instance. It can be one of the [regions](https://cloud.google.com/sql/docs/mysql/locations#location-r) where Cloud SQL operates: For example, `asia-east1`, `europe-west1`, and `us-central1`. The default value is `us-central1`. |
| dnsName | No | Output only. The dns name of the instance. |
| gceZone | No | The Compute Engine zone that the instance is currently serving from. This value could be different from the zone that was specified when the instance was created if the instance has failed over to its secondary zone. WARNING: Changing this might restart the instance. |
| project | No | The project ID of the project containing the Cloud SQL instance. The Google apps domain is prefixed if applicable. |
| dnsNames | No | Output only. The list of DNS names used by this instance. |
| selfLink | No | The URI of this resource. |
| settings | No | The user settings. |
| nodeCount | No | The number of read pool nodes in a read pool. |
| createTime | No | Output only. The time when the instance was created in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| backendType | No | The backend type. `SECOND_GEN`: Cloud SQL database instance. `EXTERNAL`: A database server that is not managed by Google. This property is read-only; use the `tier` property in the `settings` object to determine the database type. |
| ipAddresses | No | The assigned IP addresses for the instance. |
| ipv6Address | No | The IPv6 address assigned to the instance. (Deprecated) This property was applicable only to First Generation instances. |
| maxDiskSize | No | The maximum disk size of the instance in bytes. |
| geminiConfig | No | Gemini instance configuration. |
| instanceType | No | The instance type. |
| replicaNames | No | The replicas of the instance. |
| rootPassword | No | Initial root password. Use only on creation. You must set root passwords before you can connect to PostgreSQL instances. |
| satisfiesPzi | No | Output only. This status indicates whether the instance satisfies PZI. The status is reserved for future use. |
| satisfiesPzs | No | This status indicates whether the instance satisfies PZS. The status is reserved for future use. |
| serverCaCert | No | SSL configuration. |
| writeEndpoint | No | Output only. The dns name of the primary instance in a replication group. |
| connectionName | No | Connection name of the Cloud SQL instance used in connection strings. |
| primaryDnsName | No | Output only. DEPRECATED: please use write_endpoint instead. |
| currentDiskSize | No | The current disk usage of the instance in bytes. This property has been deprecated. Use the "cloudsql.googleapis.com/database/disk/bytes_used" metric in Cloud Monitoring API instead. Please see [this announcement](https://groups.google.com/d/msg/google-cloud-sql-announce/I_7-F9EBhT0/BtvFtdFeAgAJ) for details. |
| databaseVersion | No | The database engine type and version. The `databaseVersion` field cannot be changed after instance creation. |
| failoverReplica | No | The name and status of the failover replica. |
| outOfDiskReport | No | This field represents the report generated by the proactive database wellness job for OutOfDisk issues. * Writers: * the proactive database wellness job for OOD. * Readers: * the proactive database wellness job |
| secondaryGceZone | No | The Compute Engine zone that the failover instance is currently serving from for a regional instance. This value could be different from the zone that was specified when the instance was created if the instance has failed over to its secondary/failover zone. |
| suspensionReason | No | If the instance state is SUSPENDED, the reason for the suspension. |
| maintenanceVersion | No | The current software version on the instance. |
| masterInstanceName | No | The name of the instance which will act as primary in the replication setup. |
| replicationCluster | No | Optional. A primary instance and disaster recovery (DR) replica pair. A DR replica is a cross-region replica that you designate for failover in the event that the primary instance experiences regional failure. Applicable to MySQL and PostgreSQL. |
| diskEncryptionStatus | No | Disk encryption status specific to an instance. |
| replicaConfiguration | No | Configuration specific to failover replicas and read replicas. |
| scheduledMaintenance | No | The start time of any upcoming scheduled maintenance for this instance. |
| sqlNetworkArchitecture | No | |
| onPremisesConfiguration | No | Configuration specific to on-premises instances. |
| databaseInstalledVersion | No | Output only. Stores the current database version running on the instance including minor version such as `MYSQL_8_0_18`. |
| pscServiceAttachmentLink | No | Output only. The link to service attachment of PSC instance. |
| serviceAccountEmailAddress | No | The service account email address assigned to the instance.\This property is read-only. |
| upgradableDatabaseVersions | No | Output only. All database versions that are available for upgrade. |
| diskEncryptionConfiguration | No | Disk encryption configuration specific to an instance. |
| availableMaintenanceVersions | No | Output only. List all maintenance versions applicable on the instance |
| includeReplicasForMajorVersionUpgrade | No | Input only. Determines whether an in-place major version upgrade of replicas happens when an in-place major version upgrade of a primary instance is initiated. |
| switchTransactionLogsToCloudStorageEnabled | No | Input only. Whether Cloud SQL is enabled to switch storing point-in-time recovery log files from a data disk to Cloud Storage. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate read-only, non-destructive, and closed-world behavior, so the description doesn't need to repeat these. It adds minimal context by specifying 'details' retrieval, but doesn't elaborate on rate limits, authentication needs, or error handling beyond what annotations provide.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single, direct sentence that efficiently conveys the core action without unnecessary words. It is front-loaded and appropriately sized for its purpose, with no wasted information.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's low complexity (simple retrieval), rich annotations (read-only, non-destructive), and the presence of an output schema, the description is reasonably complete. However, it could benefit from slight elaboration on usage context to fully compensate for the lack of guidance.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
With 100% schema description coverage, the input schema fully documents both parameters ('project' and 'instance'). The description adds no additional meaning or clarification beyond what the schema provides, such as format examples or constraints, meeting the baseline for high coverage.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the verb ('Get') and resource ('details of a Cloud SQL instance'), making the purpose evident. However, it doesn't explicitly distinguish this tool from its sibling 'list_instances', which might retrieve multiple instances rather than details of a specific one.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides no guidance on when to use this tool versus alternatives like 'list_instances' for multiple instances or 'get_operation' for operation details. It lacks context on prerequisites or exclusions, leaving usage unclear.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_operationARead-onlyInspect
Get the status of a long-running operation. A long-running operation can take several minutes to complete. If an operation takes an extended amount of time, then use a command line tool to pause for 30 seconds before rechecking the status of the operation.
| Name | Required | Description | Default |
|---|---|---|---|
| project | Yes | Required. Project ID of the project that contains the instance. | |
| operation | Yes | Required. Instance operation ID. |
Output Schema
| Name | Required | Description |
|---|---|---|
| kind | No | This is always `sql#operation`. |
| name | No | An identifier that uniquely identifies the operation. You can use this identifier to retrieve the Operations resource that has information about the operation. |
| user | No | The email address of the user who initiated this operation. |
| error | No | If errors occurred during processing of this operation, this field will be populated. |
| status | No | The status of an operation. |
| endTime | No | The time this operation finished in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| selfLink | No | The URI of this resource. |
| targetId | No | Name of the resource on which this operation runs. |
| startTime | No | The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| apiWarning | No | An Admin API warning message. |
| insertTime | No | The time this operation was enqueued in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| targetLink | No | |
| backupContext | No | The context for backup operation, if applicable. |
| exportContext | No | The context for export operation, if applicable. |
| importContext | No | The context for import operation, if applicable. |
| operationType | No | The type of the operation. Valid values are: * `CREATE` * `DELETE` * `UPDATE` * `RESTART` * `IMPORT` * `EXPORT` * `BACKUP_VOLUME` * `RESTORE_VOLUME` * `CREATE_USER` * `DELETE_USER` * `CREATE_DATABASE` * `DELETE_DATABASE` |
| targetProject | No | The project ID of the target instance related to this operation. |
| subOperationType | No | Optional. The sub operation based on the operation type. |
| acquireSsrsLeaseContext | No | The context for acquire SSRS lease operation, if applicable. |
| preCheckMajorVersionUpgradeContext | No | This field is only populated when the operation_type is PRE_CHECK_MAJOR_VERSION_UPGRADE. The PreCheckMajorVersionUpgradeContext message itself contains the details for that pre-check, such as the target database version for the upgrade and the results of the check (including any warnings or errors found). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate this is a read-only, non-destructive operation (readOnlyHint: true, destructiveHint: false). The description adds useful context about the long-running nature and recommended polling behavior, which goes beyond the annotations. However, it does not disclose other behavioral traits like rate limits, authentication needs, or error handling, leaving some gaps.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is appropriately sized and front-loaded, starting with the core purpose. The second sentence adds necessary context about operation duration, and the third provides actionable guidance. Each sentence earns its place, but it could be slightly more streamlined by combining ideas without losing clarity.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's complexity (simple status check), rich annotations (read-only, non-destructive), and the presence of an output schema (which handles return values), the description is mostly complete. It covers the purpose, usage context, and behavioral advice. However, it lacks details on prerequisites or error scenarios, which could enhance completeness for an agent.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has 100% description coverage, clearly documenting both required parameters ('project' and 'operation'). The description does not add any semantic details about these parameters beyond what the schema provides. According to the rules, with high schema coverage (>80%), the baseline score is 3, as the description does not compensate with extra parameter insights.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: 'Get the status of a long-running operation.' It specifies the verb ('Get') and resource ('status of a long-running operation'), making it easy to understand what the tool does. However, it does not explicitly distinguish this from sibling tools like 'get_instance' or 'list_instances,' which slightly reduces clarity in context.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides clear context on when to use this tool: for checking the status of operations that 'take several minutes to complete.' It also offers guidance on handling extended durations by suggesting a pause before rechecking. However, it does not explicitly state when not to use it or name alternatives among sibling tools, such as for immediate operations.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
import_dataAInspect
Import data into a Cloud SQL instance.
If the file doesn't start with gs://, then the assumption is that the file is stored
locally. If the file is local, then the file must be uploaded to Cloud Storage
before you can make the actual import_data call. To upload the file to Cloud Storage,
you can use the gcloud or gsutil commands.
Before you upload the file to Cloud Storage, consider whether you want to use an existing bucket or create a new bucket in the provided project.
After the file is uploaded to Cloud Storage, the instance service account must have sufficient permissions to read the uploaded file from the Cloud Storage bucket.
This can be accomplished as follows:
Use the
get_instancetool to get the email address of the instance service account. From the output of the tool, get the value of theserviceAccountEmailAddressfield.Grant the instance service account the
storage.objectAdminrole on the provided Cloud Storage bucket. Use a command likegcloud storage buckets add-iam-policy-bindingor a request to the Cloud Storage API. It can take from two to up to seven minutes or more for the role to be granted and the permissions to be propagated to the service account in Cloud Storage. If you encounter a permissions error after updatingthe IAM policy, then wait a few minutes and try again.
After permissions are granted, you can import the data. We recommend that you leave optional
parameters empty and use the system defaults. The file type can typically be determined by
the file extension. For example, if the file is a SQL file, .sql or .csv for CSV file.
The following is a sample SQL importContext for MySQL.
{
"uri": "gs://sample-gcs-bucket/sample-file.sql",
"kind": "sql#importContext",
"fileType": "SQL"
}There is no database parameter present for MySQL since the database name is
expected to be present in the SQL file. Specify only one URI.
No other fields are required outside of importContext.
For PostgreSQL, the database field is required. The following is a sample
PostgreSQL importContext with the database field specified.
{
"uri": "gs://sample-gcs-bucket/sample-file.sql",
"kind": "sql#importContext",
"fileType": "SQL",
"database": "sample-db"
}The import_data tool returns a long-running operation. Use the get_operation tool
to poll its status until the operation completes.
| Name | Required | Description | Default |
|---|---|---|---|
| body | No | ||
| project | No | Project ID of the project that contains the instance. | |
| instance | No | Cloud SQL instance ID. This does not include the project ID. |
Output Schema
| Name | Required | Description |
|---|---|---|
| kind | No | This is always `sql#operation`. |
| name | No | An identifier that uniquely identifies the operation. You can use this identifier to retrieve the Operations resource that has information about the operation. |
| user | No | The email address of the user who initiated this operation. |
| error | No | If errors occurred during processing of this operation, this field will be populated. |
| status | No | The status of an operation. |
| endTime | No | The time this operation finished in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| selfLink | No | The URI of this resource. |
| targetId | No | Name of the resource on which this operation runs. |
| startTime | No | The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| apiWarning | No | An Admin API warning message. |
| insertTime | No | The time this operation was enqueued in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| targetLink | No | |
| backupContext | No | The context for backup operation, if applicable. |
| exportContext | No | The context for export operation, if applicable. |
| importContext | No | The context for import operation, if applicable. |
| operationType | No | The type of the operation. Valid values are: * `CREATE` * `DELETE` * `UPDATE` * `RESTART` * `IMPORT` * `EXPORT` * `BACKUP_VOLUME` * `RESTORE_VOLUME` * `CREATE_USER` * `DELETE_USER` * `CREATE_DATABASE` * `DELETE_DATABASE` |
| targetProject | No | The project ID of the target instance related to this operation. |
| subOperationType | No | Optional. The sub operation based on the operation type. |
| acquireSsrsLeaseContext | No | The context for acquire SSRS lease operation, if applicable. |
| preCheckMajorVersionUpgradeContext | No | This field is only populated when the operation_type is PRE_CHECK_MAJOR_VERSION_UPGRADE. The PreCheckMajorVersionUpgradeContext message itself contains the details for that pre-check, such as the target database version for the upgrade and the results of the check (including any warnings or errors found). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
The description adds significant behavioral context beyond annotations. Annotations indicate non-read-only, non-destructive, non-idempotent, and closed-world hints, but the description elaborates on practical aspects: the need for file uploads to Cloud Storage, IAM permission requirements, propagation delays for permissions, file type detection from extensions, database parameter differences between MySQL and PostgreSQL, and the return of a long-running operation requiring polling. This provides crucial operational details not covered by annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is comprehensive but lengthy, with some redundancy. While it efficiently covers prerequisites, permissions, and usage examples, it includes detailed step-by-step instructions and multiple code samples that could be streamlined. The information is well-structured but could be more front-loaded, as key usage guidelines are embedded in the middle rather than highlighted upfront.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's complexity (data import with permissions, file handling, and database engine variations), the description is highly complete. It addresses prerequisites, permissions, parameter usage, database-specific behaviors, and output handling (long-running operations). With an output schema present, it appropriately focuses on operational context rather than return value details, making it sufficient for effective tool invocation.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The description adds meaningful context beyond the input schema. With 67% schema description coverage, the schema documents parameters like 'uri', 'database', and 'fileType', but the description clarifies semantics: it explains URI format expectations (gs:// vs local files), when 'database' is required (PostgreSQL vs MySQL), how file types are inferred from extensions, and provides sample importContext structures for different database engines. This compensates well for the schema's partial coverage.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: 'Import data into a Cloud SQL instance.' It specifies the verb ('import'), resource ('data'), and target ('Cloud SQL instance'), distinguishing it from siblings like 'create_instance', 'execute_sql', or 'restore_backup' which perform different operations on Cloud SQL resources.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides explicit guidance on when to use this tool versus alternatives. It mentions prerequisites like uploading files to Cloud Storage and granting permissions, and explicitly names alternative tools for related tasks: 'get_instance' to obtain service account details and 'get_operation' to poll the import status. It also advises on when to use system defaults for optional parameters.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
list_instancesBRead-onlyInspect
List all Cloud SQL instances in the project.
| Name | Required | Description | Default |
|---|---|---|---|
| filter | No | A filter expression that filters resources listed in the response. The expression is in the form of field:value. For example, 'instanceType:CLOUD_SQL_INSTANCE'. Fields can be nested as needed as per their JSON representation, such as 'settings.userLabels.auto_start:true'. Multiple filter queries are space-separated. For example. 'state:RUNNABLE instanceType:CLOUD_SQL_INSTANCE'. By default, each expression is an AND expression. However, you can include AND and OR expressions explicitly. | |
| project | No | Project ID of the project for which to list Cloud SQL instances. | |
| pageToken | No | A previously-returned page token representing part of the larger set of results to view. | |
| maxResults | No | The maximum number of instances to return. The service may return fewer than this value. If unspecified, at most 500 instances are returned. The maximum value is 1000; values above 1000 are coerced to 1000. |
Output Schema
| Name | Required | Description |
|---|---|---|
| kind | No | This is always sql#instancesList. |
| items | No | List of mcp instance resources. |
| warnings | No | List of warnings that occurred while handling the request. |
| nextPageToken | No | The continuation token, used to page through large result sets. Provide this value in a subsequent request to return the next page of results. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare this as read-only, non-destructive, and closed-world, which the description doesn't contradict. The description adds minimal behavioral context beyond annotations - it implies this returns all instances but doesn't mention pagination behavior, rate limits, or authentication requirements that would be helpful for an agent.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single, clear sentence that gets straight to the point with zero wasted words. It's perfectly front-loaded and appropriately sized for a listing operation.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool has comprehensive annotations, 100% schema coverage, and an output schema exists, the description is reasonably complete. However, it could better address when to use this versus other listing/retrieval operations, especially with multiple sibling tools available.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
With 100% schema description coverage, all four parameters are well-documented in the input schema. The description adds no additional parameter semantics beyond what's already in the structured fields, so it meets the baseline expectation but doesn't provide extra value.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the verb ('List') and resource ('all Cloud SQL instances in the project'), making the purpose immediately understandable. However, it doesn't differentiate this tool from other list operations like 'list_users' or explain why this specific listing is needed versus those alternatives.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides no guidance on when to use this tool versus alternatives. With sibling tools like 'get_instance' for retrieving a single instance and 'list_users' for listing different resources, there's no indication of when this listing is appropriate versus those other operations.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
list_usersARead-onlyInspect
List all database users for a Cloud SQL instance.
| Name | Required | Description | Default |
|---|---|---|---|
| project | No | Project ID of the project that contains the instance. | |
| instance | No | Database instance ID. This does not include the project ID. |
Output Schema
| Name | Required | Description |
|---|---|---|
| kind | No | This is always `sql#usersList`. |
| items | No | List of user resources in the instance. |
| nextPageToken | No | Unused. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint=true, destructiveHint=false, and openWorldHint=false, indicating a safe, read-only operation with limited scope. The description adds minimal behavioral context beyond this, specifying the resource type but not detailing aspects like pagination, sorting, or authentication requirements. It does not contradict the annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single, clear sentence that directly states the tool's purpose without unnecessary words or fluff. It is front-loaded and efficiently communicates the essential information, making it easy to understand at a glance.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's simplicity (list operation with two parameters), the presence of annotations covering safety and scope, and an output schema (which handles return values), the description is reasonably complete. It specifies the resource but could improve by mentioning output format or limitations. However, for a basic list tool, it provides adequate context.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has 100% description coverage, fully documenting the 'project' and 'instance' parameters. The description does not add any additional meaning or context beyond what the schema provides, such as explaining relationships between parameters or usage examples. With high schema coverage, the baseline score of 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the verb ('List') and resource ('all database users for a Cloud SQL instance'), making the purpose immediately understandable. However, it does not explicitly differentiate this tool from potential siblings like 'list_instances' or 'get_instance', which would require a more specific scope or comparison.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies usage when needing to list users for a specific Cloud SQL instance, but it does not provide explicit guidance on when to use this tool versus alternatives like 'get_instance' or 'update_user'. There is no mention of prerequisites, exclusions, or specific scenarios that would favor this tool over others.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
postgres_upgrade_precheckAInspect
Checks if a Cloud SQL for PostgreSQL instance is ready for a major version upgrade to the specified target version.
The target_database_version MUST be provided in the request (e.g., POSTGRES_15).
This tool helps identify potential issues before attempting the actual upgrade, reducing the risk of failure or downtime.
This tool is only supported for PostgreSQL primary instances and does not run on read replicas.
The precheck typically evaluates:
Database schema compatibility with the target version.
Cloud SQL limitations and unsupported features.
Instance resource constraints (e.g., number of relations).
Compatibility of current database settings and extensions.
Overall instance health and readiness.
This tool returns a long-running operation. Use the get_operation
tool with the operation name returned by this call to poll its status.
IMPORTANT: Once the operation status is DONE, the detailed precheck results are
available within the Operation resource. You will need to inspect
the response from get_operation. The findings are located in the
pre_check_major_version_upgrade_context.pre_check_response field.
The findings are structured, indicating:
INFO: General information.
WARNING: Potential issues that don't block the upgrade but should be reviewed.
ERROR: Critical issues that MUST be resolved before attempting the upgrade.
Each finding should include a message and any required actions. Addressing
any reported issues is crucial before proceeding with the major version upgrade.
If pre_check_response is empty or missing, it indicates that no issues were
identified during the precheck.
Running this precheck does not impact the instance's availability.
| Name | Required | Description | Default |
|---|---|---|---|
| body | Yes | Required. The context for request to perform the pre-check major version upgrade operation. | |
| project | Yes | Required. Project ID of the project that contains the instance. | |
| instance | Yes | Required. Cloud SQL instance ID. This does not include the project ID. |
Output Schema
| Name | Required | Description |
|---|---|---|
| kind | No | This is always `sql#operation`. |
| name | No | An identifier that uniquely identifies the operation. You can use this identifier to retrieve the Operations resource that has information about the operation. |
| user | No | The email address of the user who initiated this operation. |
| error | No | If errors occurred during processing of this operation, this field will be populated. |
| status | No | The status of an operation. |
| endTime | No | The time this operation finished in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| selfLink | No | The URI of this resource. |
| targetId | No | Name of the resource on which this operation runs. |
| startTime | No | The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| apiWarning | No | An Admin API warning message. |
| insertTime | No | The time this operation was enqueued in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| targetLink | No | |
| backupContext | No | The context for backup operation, if applicable. |
| exportContext | No | The context for export operation, if applicable. |
| importContext | No | The context for import operation, if applicable. |
| operationType | No | The type of the operation. Valid values are: * `CREATE` * `DELETE` * `UPDATE` * `RESTART` * `IMPORT` * `EXPORT` * `BACKUP_VOLUME` * `RESTORE_VOLUME` * `CREATE_USER` * `DELETE_USER` * `CREATE_DATABASE` * `DELETE_DATABASE` |
| targetProject | No | The project ID of the target instance related to this operation. |
| subOperationType | No | Optional. The sub operation based on the operation type. |
| acquireSsrsLeaseContext | No | The context for acquire SSRS lease operation, if applicable. |
| preCheckMajorVersionUpgradeContext | No | This field is only populated when the operation_type is PRE_CHECK_MAJOR_VERSION_UPGRADE. The PreCheckMajorVersionUpgradeContext message itself contains the details for that pre-check, such as the target database version for the upgrade and the results of the check (including any warnings or errors found). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations indicate non-destructive, non-read-only, non-idempotent, non-open-world behavior. The description adds valuable context beyond annotations: it explains this is a long-running operation requiring polling, specifies that it doesn't impact instance availability, and details the structured response format with INFO/WARNING/ERROR findings. No contradiction with annotations exists.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is well-structured and front-loaded with core purpose, but could be more concise. Some sentences like 'Addressing any reported issues is crucial...' are somewhat redundant given earlier warnings. However, most content earns its place by providing necessary operational guidance.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's complexity (long-running operation with structured results) and the presence of both detailed input schema and output schema (implied by get_operation reference), the description is complete. It covers purpose, usage, behavioral details, response handling, and limitations without needing to duplicate schema information.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
With 100% schema description coverage, the baseline is 3. The description adds some semantic context by emphasizing that target_database_version 'MUST be provided' and giving an example (POSTGRES_15), but doesn't significantly elaborate on other parameters beyond what the schema already documents thoroughly.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose with specific verb ('Checks') and resource ('Cloud SQL PostgreSQL instance'), specifying it's for major version upgrade readiness. It distinguishes from siblings by focusing on pre-check rather than actual operations like upgrade_instance (not listed but implied) or other instance management tools.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides explicit guidance on when to use this tool ('before attempting the actual upgrade'), when not to use it ('does not run on read replicas'), and alternatives for follow-up actions ('Use the get_operation tool'). It also specifies prerequisites like requiring target_database_version and being PostgreSQL-only.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
restore_backupADestructiveInspect
Restores a backup to a Cloud SQL instance.
The target_instance and target_project must be provided and populated in the request.
The backup identifier can be provided in several ways:
A backup_run_id (which is an integer).
A backup URI of the format
projects/{project-id}/backups/{backup-uid}.A backup URI of the format
projects/{project-id}/locations/{location}/backupVaults/{backupvault}/dataSources/{datasource}/backups/{backup-uid}.
Use the identifier to populate the backup_id field in the request.
The source_project must be populated in the request. If the identifier is a backup_run_id, the source_project will be provided. If the identifier is a backup URI, the source_project may need to be extracted from the URI. Do not confuse the extracted source_project with the target_project, which will be provided in other ways.
In addition, if the identifier is a backup_run_id, the source_instance must be provided and populated in the request.
Do not try to create the instance before the restore, the restore itself will create the instance if needed.
Confirm the parameters with the user before executing the restore.
| Name | Required | Description | Default |
|---|---|---|---|
| backupId | Yes | Required. The identifier of the backup to restore. This will be one of the following: 1. An int64 containing a backup_run_id. 2. A backup name of the format 'projects/{project}/backups/{backup-uid}'. 3. A backupDR name of the format 'projects/{project}/locations/{location}/backupVaults/{backupvault}/dataSources/{datasource}/backups/{backup-uid}'. | |
| sourceProject | Yes | Required. The project ID of the source instance containing the backup. | |
| targetProject | Yes | Required. Project ID of the target project. | |
| sourceInstance | No | Optional. The Cloud SQL instance ID of the source instance containing the backup. Only necessary if the backup_id is a backup_run_id. | |
| targetInstance | Yes | Required. Cloud SQL instance ID of the target. This does not include the project ID. |
Output Schema
| Name | Required | Description |
|---|---|---|
| kind | No | This is always `sql#operation`. |
| name | No | An identifier that uniquely identifies the operation. You can use this identifier to retrieve the Operations resource that has information about the operation. |
| user | No | The email address of the user who initiated this operation. |
| error | No | If errors occurred during processing of this operation, this field will be populated. |
| status | No | The status of an operation. |
| endTime | No | The time this operation finished in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| selfLink | No | The URI of this resource. |
| targetId | No | Name of the resource on which this operation runs. |
| startTime | No | The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| apiWarning | No | An Admin API warning message. |
| insertTime | No | The time this operation was enqueued in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| targetLink | No | |
| backupContext | No | The context for backup operation, if applicable. |
| exportContext | No | The context for export operation, if applicable. |
| importContext | No | The context for import operation, if applicable. |
| operationType | No | The type of the operation. Valid values are: * `CREATE` * `DELETE` * `UPDATE` * `RESTART` * `IMPORT` * `EXPORT` * `BACKUP_VOLUME` * `RESTORE_VOLUME` * `CREATE_USER` * `DELETE_USER` * `CREATE_DATABASE` * `DELETE_DATABASE` |
| targetProject | No | The project ID of the target instance related to this operation. |
| subOperationType | No | Optional. The sub operation based on the operation type. |
| acquireSsrsLeaseContext | No | The context for acquire SSRS lease operation, if applicable. |
| preCheckMajorVersionUpgradeContext | No | This field is only populated when the operation_type is PRE_CHECK_MAJOR_VERSION_UPGRADE. The PreCheckMajorVersionUpgradeContext message itself contains the details for that pre-check, such as the target database version for the upgrade and the results of the check (including any warnings or errors found). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
The description adds valuable behavioral context beyond annotations. While annotations already indicate this is a destructive, non-idempotent write operation, the description provides critical implementation guidance: the restore creates the instance if needed, and parameters must be confirmed with the user. It also clarifies the relationship between source/target projects and instances, which isn't captured in annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is appropriately front-loaded with the core purpose, but contains some redundancy with the schema (e.g., backup identifier formats are documented in both). The 11 sentences could be more efficiently structured, though all provide some value. The 'Confirm the parameters' sentence feels tacked on rather than integrated.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given this is a complex, destructive operation with 5 parameters and an output schema, the description provides excellent contextual completeness. It covers the purpose, parameter relationships, backup identifier formats, instance creation behavior, and user confirmation requirement. With annotations covering safety aspects and an output schema handling return values, the description focuses appropriately on usage context.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
With 100% schema description coverage, the baseline is 3. The description adds significant value by explaining the three possible formats for backupId, clarifying when sourceInstance is required, and warning about not confusing source_project with target_project. This provides practical usage guidance beyond the schema's technical documentation.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: 'Restores a backup to a Cloud SQL instance.' This is a specific verb+resource combination. However, it doesn't explicitly differentiate from sibling tools like 'clone_instance' or 'create_backup' beyond the obvious semantic difference.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides clear context about when to use this tool ('Restores a backup to a Cloud SQL instance') and includes important guidance: 'Do not try to create the instance before the restore, the restore itself will create the instance if needed.' It also mentions confirming parameters with the user. However, it doesn't explicitly state when NOT to use it or name specific alternatives among siblings.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
update_instanceADestructiveInspect
Partially updates the configuration settings of a Cloud SQL instance.
This tool returns a long-running operation. Use the
get_operationtool to poll its status until the operation completes.Some update operations, such as changing the edition upgrade or instance tier, etc might cause the instance to restart, resulting in downtime. Before you proceed with such operations, get confirmation from the user.
| Name | Required | Description | Default |
|---|---|---|---|
| tier | No | Optional. The tier (or machine type) for this instance. format: db-custom-{CPUs}-{Memory}. | |
| edition | No | Optional. The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS. | |
| project | Yes | Required. Project ID of the project that contains the instance. | |
| instance | Yes | Required. Cloud SQL instance ID. This does not include the project ID. | |
| ipv4Enabled | No | Optional. Whether to enable public IP for the instance. Enabling this flag makes the resource accessible from the public internet, which is a security risk if not properly managed. It is recommended to keep resources private whenever possible. | |
| psaMcpConfig | No | Optional. Configuration for Private Service Access (PSA) instance update. | |
| pscMcpConfig | No | Optional. Configuration for Private Service Connect (PSC) instance update. | |
| dataApiAccess | No | Optional. The settings for controlling data API access to an instance. | |
| databaseFlags | No | Optional. The database flags. | |
| dataDiskSizeGb | No | Optional. Data disk size in GB. | |
| dataCacheConfig | No | Optional. Configuration for the data cache. A data cache can improve performance for read-heavy workloads by caching frequently accessed data in-memory. | |
| googleMlIntegrationEnabled | No | Optional. Enables Cloud SQL instances to connect to Vertex AI to pass requests for real-time predictions and insights to the AI. The default value is false. This applies only to Cloud SQL for MySQL and Cloud SQL for PostgreSQL instances. |
Output Schema
| Name | Required | Description |
|---|---|---|
| kind | No | This is always `sql#operation`. |
| name | No | An identifier that uniquely identifies the operation. You can use this identifier to retrieve the Operations resource that has information about the operation. |
| user | No | The email address of the user who initiated this operation. |
| error | No | If errors occurred during processing of this operation, this field will be populated. |
| status | No | The status of an operation. |
| endTime | No | The time this operation finished in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| selfLink | No | The URI of this resource. |
| targetId | No | Name of the resource on which this operation runs. |
| startTime | No | The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| apiWarning | No | An Admin API warning message. |
| insertTime | No | The time this operation was enqueued in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| targetLink | No | |
| backupContext | No | The context for backup operation, if applicable. |
| exportContext | No | The context for export operation, if applicable. |
| importContext | No | The context for import operation, if applicable. |
| operationType | No | The type of the operation. Valid values are: * `CREATE` * `DELETE` * `UPDATE` * `RESTART` * `IMPORT` * `EXPORT` * `BACKUP_VOLUME` * `RESTORE_VOLUME` * `CREATE_USER` * `DELETE_USER` * `CREATE_DATABASE` * `DELETE_DATABASE` |
| targetProject | No | The project ID of the target instance related to this operation. |
| subOperationType | No | Optional. The sub operation based on the operation type. |
| acquireSsrsLeaseContext | No | The context for acquire SSRS lease operation, if applicable. |
| preCheckMajorVersionUpgradeContext | No | This field is only populated when the operation_type is PRE_CHECK_MAJOR_VERSION_UPGRADE. The PreCheckMajorVersionUpgradeContext message itself contains the details for that pre-check, such as the target database version for the upgrade and the results of the check (including any warnings or errors found). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
The description adds valuable behavioral context beyond annotations: it explains that updates return long-running operations requiring polling, warns about potential downtime/restarts for certain changes, and emphasizes user confirmation for disruptive operations. While annotations already indicate destructive/mutative nature, the description provides specific operational details that enhance transparency.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is perfectly structured and concise: a clear opening sentence states the purpose, followed by two bullet points with essential operational guidance. Every sentence earns its place with zero wasted words, and critical information is front-loaded appropriately.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's complexity (destructive mutation with 12 parameters), the description provides excellent contextual completeness. It covers operational behavior (long-running operations), risk warnings (downtime), and usage guidance, while relying on the comprehensive schema for parameter details and annotations for safety profile. With output schema present, return values don't need explanation.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
With 100% schema description coverage, the input schema already documents all 12 parameters thoroughly. The description doesn't add any parameter-specific information beyond what's in the schema, so it meets the baseline of 3 where the schema does the heavy lifting for parameter documentation.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the specific action ('partially updates') and resource ('configuration settings of a Cloud SQL instance'), distinguishing it from siblings like 'create_instance' (full creation) or 'get_instance' (read-only). It precisely defines the scope as partial updates rather than full replacements.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides explicit guidance on when to use this tool vs alternatives: it mentions using 'get_operation' to poll status, warns about downtime for certain operations (requiring user confirmation), and implicitly distinguishes from 'create_instance' (updates vs creation) and 'get_instance' (mutation vs read).
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
update_userAInspect
Update a database user for a Cloud SQL instance. A common use case for
the update_user is to grant a user the cloudsqlsuperuser role,
which can provide a user with many required permissions.
This tool only supports updating users to assign database roles.
This tool returns a long-running operation. Use the
get_operationtool to poll its status until the operation completes.Before calling the
update_usertool, always check the existing configuration of the user such as the user type withlist_userstool.As a special case for MySQL, if the
list_userstool returns a full email address for theiamEmailfield, for example{name=test-account, iamEmail=test-account@project-id.iam.gserviceaccount.com}, then in yourupdate_userrequest, use the full email address in theiamEmailfield in thenamefield of your toolrequest. For example,name=test-account@project-id.iam.gserviceaccount.com.
Key parameters for updating user roles:
database_roles: A list of database roles to be assigned to the user.revokeExistingRoles: A boolean field (default: false) that controls how existing roles are handled.
How role updates work:
If
revokeExistingRolesis true:Any existing roles granted to the user but NOT in the provided
database_roleslist will be REVOKED.Revoking only applies to non-system roles. System roles like
cloudsqliamuseretc won't be revoked.Any roles in the
database_roleslist that the user does NOT already have will be GRANTED.If
database_rolesis empty, then ALL existing non-system roles are revoked.
If
revokeExistingRolesis false (default):Any roles in the
database_roleslist that the user does NOT already have will be GRANTED.Existing roles NOT in the
database_roleslist are KEPT.If
database_rolesis empty, then there is no change to the user's roles.
Examples:
Existing Roles:
[roleA, roleB]Request:
database_roles: [roleB, roleC], revokeExistingRoles: trueResult: Revokes
roleA, GrantsroleC. User roles become[roleB, roleC].Request:
database_roles: [roleB, roleC], revokeExistingRoles: falseResult: Grants
roleC. User roles become[roleA, roleB, roleC].Request:
database_roles: [], revokeExistingRoles: trueResult: Revokes
roleA, RevokesroleB. User roles become[].Request:
database_roles: [], revokeExistingRoles: falseResult: No change. User roles remain
[roleA, roleB].
| Name | Required | Description | Default |
|---|---|---|---|
| host | No | Optional. Host of the user in the instance. | |
| name | Yes | Required. Name of the user in the instance. | |
| type | Yes | Required. The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. | |
| project | Yes | Required. Project ID of the project that contains the instance. | |
| instance | Yes | Required. Database instance ID. This does not include the project ID. | |
| databaseRoles | No | Optional. List of database roles to grant to the user. body.database_roles will be ignored for update request. | |
| revokeExistingRoles | No | Optional. revoke the existing roles granted to the user. |
Output Schema
| Name | Required | Description |
|---|---|---|
| kind | No | This is always `sql#operation`. |
| name | No | An identifier that uniquely identifies the operation. You can use this identifier to retrieve the Operations resource that has information about the operation. |
| user | No | The email address of the user who initiated this operation. |
| error | No | If errors occurred during processing of this operation, this field will be populated. |
| status | No | The status of an operation. |
| endTime | No | The time this operation finished in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| selfLink | No | The URI of this resource. |
| targetId | No | Name of the resource on which this operation runs. |
| startTime | No | The time this operation actually started in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| apiWarning | No | An Admin API warning message. |
| insertTime | No | The time this operation was enqueued in UTC timezone in [RFC 3339](https://tools.ietf.org/html/rfc3339) format, for example `2012-11-15T16:19:00.094Z`. |
| targetLink | No | |
| backupContext | No | The context for backup operation, if applicable. |
| exportContext | No | The context for export operation, if applicable. |
| importContext | No | The context for import operation, if applicable. |
| operationType | No | The type of the operation. Valid values are: * `CREATE` * `DELETE` * `UPDATE` * `RESTART` * `IMPORT` * `EXPORT` * `BACKUP_VOLUME` * `RESTORE_VOLUME` * `CREATE_USER` * `DELETE_USER` * `CREATE_DATABASE` * `DELETE_DATABASE` |
| targetProject | No | The project ID of the target instance related to this operation. |
| subOperationType | No | Optional. The sub operation based on the operation type. |
| acquireSsrsLeaseContext | No | The context for acquire SSRS lease operation, if applicable. |
| preCheckMajorVersionUpgradeContext | No | This field is only populated when the operation_type is PRE_CHECK_MAJOR_VERSION_UPGRADE. The PreCheckMajorVersionUpgradeContext message itself contains the details for that pre-check, such as the target database version for the upgrade and the results of the check (including any warnings or errors found). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
The description adds significant behavioral context beyond annotations: it explains that the tool returns a long-running operation requiring polling, details how role updates work with different revokeExistingRoles settings, provides special MySQL handling instructions, and gives comprehensive examples. Annotations cover basic safety (non-destructive, non-idempotent), but the description adds crucial operational details.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is well-structured with clear sections (common use case, operational notes, special cases, key parameters, role update logic, examples). However, it's quite lengthy (over 500 words) with some redundancy in the examples section. Every sentence adds value, but it could be more concise while maintaining clarity.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given this is a complex mutation tool with 7 parameters (4 required) and an output schema, the description provides exceptional completeness. It covers prerequisites, operational behavior, parameter interactions, special cases, and detailed examples. The presence of an output schema means return values don't need explanation, and the description fully addresses the tool's complexity.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Despite 100% schema description coverage, the description adds substantial value by explaining the interaction between 'database_roles' and 'revokeExistingRoles' parameters, providing detailed examples of how different combinations affect outcomes, and clarifying MySQL-specific handling of the 'name' parameter. This goes well beyond the schema's basic parameter descriptions.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the specific action ('update a database user'), resource ('for a Cloud SQL instance'), and scope ('only supports updating users to assign database roles'). It distinguishes from siblings like 'create_user' by focusing on updates rather than creation.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicit guidance is provided: 'Before calling the `update_user` tool, always check the existing configuration of the user such as the user type with `list_users` tool.' It also mentions using 'get_operation' to poll status and provides MySQL-specific instructions, clearly indicating when and how to use this tool.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!