Skip to main content
Glama

Server Details

EU compliance corpus across 8 frameworks (NIS2, DORA, AI Act, ISO 27001 + more) via MCP.

Status
Healthy
Last Tested
Transport
Streamable HTTP
URL

Glama MCP Gateway

Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.

MCP client
Glama
MCP server

Full call logging

Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.

Tool access control

Enable or disable individual tools per connector, so you decide what your agents can and cannot do.

Managed credentials

Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.

Usage analytics

See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.

100% free. Your data is private.
Tool DescriptionsA

Average 4.2/5 across 4 of 4 tools scored.

Server CoherenceA
Disambiguation5/5

Each tool targets a distinct function: searching controls, mapping between frameworks, gap assessment, and policy generation. No overlap in purposes.

Naming Consistency5/5

All tool names follow a consistent verb_noun pattern in snake_case (e.g., assess_gap, generate_policy), making them predictable.

Tool Count5/5

With 4 tools covering search, mapping, gap analysis, and policy generation, the count is well-scoped for a compliance-focused server.

Completeness4/5

The tools cover the core workflow (search, map, assess, generate), though the gap assessment is heuristic and refers to an external service for detailed analysis, which is a minor gap.

Available Tools

4 tools
assess_gapAssess compliance gap against a target frameworkA
Read-onlyIdempotent
Inspect

Indicative gap register against a target framework. Given a company profile (existing certifications, sector, size, jurisdiction), return covered / partial / gap counts and slug examples. Heuristic only — Pyxis (https://kynosure.ai/en/pyxis) produces the severity-ranked cross-framework gap register with FCI/WMI/ECI scoring.

ParametersJSON Schema
NameRequiredDescriptionDefault
company_profileYesExisting certifications + organisational profile.
target_frameworkYesThe framework to assess gaps against.
Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already declare readOnlyHint and idempotentHint, so the tool is safe. The description adds 'Heuristic only' and describes the output format, which provides behavioral context beyond the annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two concise sentences: first defines purpose, second provides additional context. Front-loaded and no wasted words.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a heuristic tool with a nested object parameter, the description explains input and output (counts and slug examples) clearly. No output schema, but coverage is adequate given the tool's simplicity.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 100% coverage, with descriptions for both parameters. The description paraphrases the schema's 'company_profile' and 'target_framework' but doesn't add new semantic details beyond the schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool assesses gaps against a target framework, returning covered/partial/gap counts and slug examples. This verb+resource combination distinguishes it from sibling tools like generate_policy, map_controls, and search_controls.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description indicates the tool is heuristic only and directs users to Pyxis for a more comprehensive register. This provides context on when to use it versus an alternative, but doesn't explicitly compare to sibling tools.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

generate_policyGenerate policy from NORMA templateA
Idempotent
Inspect

Parametrize a NORMA compliance template with company context and return Markdown. Templates are sourced from the curated corpus (32 in the public subset, 176 more queryable in full). Output begins with a not-legal-advice disclaimer block. Use search_controls first to discover a slug.

ParametersJSON Schema
NameRequiredDescriptionDefault
template_slugYesTemplate slug. Use search_controls to discover one. Examples: "iso27001-access-control", "isms-policies-supplier-security".
company_contextYesVariables substituted into {{COMPANY_NAME}}, {{SECTOR}}, etc.
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already provide idempotency info. The description adds key behavioral details: output is Markdown, begins with a not-legal-advice disclaimer, and templates are sourced from a curated corpus. No contradictions.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Three concise sentences, each serving a purpose: action/output, template source, and usage guidance with disclaimer note. No fluff or redundancy.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

The description covers all essential aspects: what the tool does, what it returns, and a prerequisite. Lacks mention of error handling or non-successful responses, but given simplicity and no output schema, it is sufficiently complete for an AI agent.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, but the description adds substantial value beyond schema defaults: it explains template sourcing (32 public, 176 queryable), gives slug examples, and clarifies that company_context variables are substituted into templates.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('parametrize a NORMA compliance template'), the resource ('NORMA compliance template'), and the output ('return Markdown'). It also distinguishes from siblings by mentioning 'search_controls' for slug discovery.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly instructs to use 'search_controls first to discover a slug', providing clear context on when to use the tool. However, lacks explicit 'when not to use' or alternatives beyond the parenthetical reference.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

map_controlsMap controls between frameworksA
Read-onlyIdempotent
Inspect

Crosswalk corpus controls between two compliance frameworks via the cross_references frontmatter graph. Useful for prompts like 'I am ISO 27001 certified — what gaps for NIS2?'. Returns an array of mapped pairs with confidence + source slug.

ParametersJSON Schema
NameRequiredDescriptionDefault
limitNo
to_frameworkYesTarget framework (e.g., nis2).
from_frameworkYesSource framework (e.g., iso27001).
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already declare readOnlyHint and idempotentHint. The description adds that it returns an array of mapped pairs with confidence and source slug, providing behavioral context beyond annotations. No contradictions.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is two sentences: the first defines the core function, the second adds usage context and return format. Every part is essential and front-loaded.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

The description covers the main purpose, usage example, and return structure. It lacks details on limit parameter behavior and confidence interpretation, but given the schema richness for required params, it is adequate.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 67%: from_framework and to_framework are described in the schema, but limit lacks a description. The tool description does not explain the limit parameter, leaving its purpose and constraints unclear.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool maps controls between two compliance frameworks using cross-references. It distinguishes from sibling tools like assess_gap, generate_policy, and search_controls by specifying the crosswalk functionality.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides an example prompt ('I am ISO 27001 certified — what gaps for NIS2?') that illustrates when to use the tool. However, it does not explicitly state when not to use it or compare to alternatives like assess_gap.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

search_controlsSearch NORMA controlsA
Read-onlyIdempotent
Inspect

Full-text search the curated NORMA control corpus. Filter by framework (NIS2 / DORA / ISO 27001 / ISO 42001 / EU AI Act / ISO 22301 / ISO 27701 / CRA). Returns matching templates with title, framework, slug, source_refs, and an excerpt around the match.

ParametersJSON Schema
NameRequiredDescriptionDefault
limitNo
keywordYesSearch query (matched against title + body, case-insensitive).
frameworkNoRestrict to one framework (omit to search all frameworks).
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already declare readOnlyHint=true and idempotentHint=true, so the safety profile is clear. The description adds value by detailing the return fields (title, framework, slug, source_refs, excerpt) and the matching behavior (full-text, case-insensitive), which goes beyond annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two concise sentences with no wasted words. The first sentence states the core action, the second elaborates on filters and return fields. Every sentence adds value.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

The description explains the tool's action, filters, and return fields, which is sufficient for a search tool with 3 parameters. It does not cover sorting, pagination details, or edge cases, but these are minor given the simplicity of the tool.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 67%, and the description adds contextual meaning: it explains that keyword is matched against title and body case-insensitively, and that framework restricts to a single framework or omits all. 'limit' is not described in the description, but its schema properties (default, min, max) are self-explanatory.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description uses a specific verb ('search') and resource ('NORMA control corpus'), states the scope ('full-text'), and lists filters (framework). While it doesn't explicitly compare to siblings, the purpose is distinct and unambiguous.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage for searching controls but provides no explicit guidance on when to use this tool versus siblings (assess_gap, generate_policy, map_controls) or when not to use it. No alternatives or exclusions are mentioned.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Discussions

No comments yet. Be the first to start the discussion!

Try in Browser

Your Connectors

Sign in to create a connector for this server.

Resources