Oakallow
Server Details
Runtime permission, approval, and audit layer for AI agent tool execution.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.2/5 across 4 of 4 tools scored.
Each tool has a clearly distinct purpose: checking a specific approval, checking permissions generically, listing custom tools, and listing pending approvals. No overlap.
All tool names follow a consistent 'verb_noun' pattern with snake_case, using 'check_' and 'list_' prefixes appropriately.
Four tools is a well-scoped set for a server focused on approvals and permissions, covering essential queries without bloat.
The server covers querying and checking but lacks tools for acting on approvals (e.g., approve/reject) or managing permissions, creating a notable gap in lifecycle coverage.
Available Tools
4 toolscheck_approval_statusARead-onlyIdempotentInspect
Check the status of a pending approval request by REF number. Use this between retries of a tool call that is pending approval — do NOT call the original tool again to check status, that will create a duplicate approval.
| Name | Required | Description | Default |
|---|---|---|---|
| reference | Yes | REF number returned from a prior tool call that required approval. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint, idempotentHint, destructiveHint. The description adds behavioral context: meant for checking status, not for creating new approvals. No contradictions, and adds value beyond annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, no superfluous words. Every sentence serves a clear purpose: stating the action and providing usage guidance.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a simple check tool with one parameter and no output schema, the description is sufficient. It explains purpose and usage context. A minor gap is not describing the response format, but the tool is straightforward.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with a clear description of the 'reference' parameter. The description does not add extra meaning beyond what the schema provides, so baseline 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool checks the status of a pending approval request by REF number. It distinguishes itself from siblings: check_permission (permission check), list_pending_approvals (listing all pending), list_my_tools (listing tools).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly says when to use: between retries of a tool call pending approval. Also warns against calling the original tool again, preventing duplicate approvals. Provides clear context and exclusion.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
check_permissionARead-onlyIdempotentInspect
Ask whether a given tool call would be allowed, require approval, or be blocked — without actually making the call. Returns the resolved permission verdict and the level it resolved from.
| Name | Required | Description | Default |
|---|---|---|---|
| org | No | The oakallow organization external id (e.g. org_oak_…) this action targets. Required when your account has more than one org; optional if you have exactly one. Get it from the org-specific oakallow skill you downloaded for that org. | |
| method | No | Optional method name. | |
| tenant_id | No | Optional tenant external id. | |
| tool_name | Yes | The tool to evaluate. | |
| resource_id | No | Optional resource external id. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint, idempotentHint, and destructiveHint, so the description adds value by clarifying it returns a verdict without making the call. No contradictions. Could disclose if the tool itself requires special permissions, but overall adequate.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two concise sentences: first states purpose, second states output. No unnecessary words. Front-loaded with the core action.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool's simplicity, annotations cover behavioral aspects. The description mentions return value (verdict and level). Without output schema, this is sufficient. Could explicitly list possible verdicts, but not required.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100% (all 5 parameters described). The description adds no extra parameter information beyond the schema, so baseline 3 applies.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool evaluates whether a call would be allowed, require approval, or be blocked without executing it. This distinguishes it from sibling tools like check_approval_status (which likely checks existing approvals) and list_my_tools or list_pending_approvals.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies usage scenarios (check before making a call) but lacks explicit when-to-use or when-not-to-use guidance. It does not differentiate from siblings like check_approval_status, which could be a related alternative for already-submitted requests.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
list_my_toolsARead-onlyIdempotentInspect
Enumerate the customer-defined tools currently available to the signed-in user in the named org (or their only org if they have one). Returns tool names, descriptions, default permission, and risk level.
| Name | Required | Description | Default |
|---|---|---|---|
| org | No | The oakallow organization external id (e.g. org_oak_…) this action targets. Required when your account has more than one org; optional if you have exactly one. Get it from the org-specific oakallow skill you downloaded for that org. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint, idempotentHint, and no destructive behavior. The description adds value by describing the return payload (tool names, descriptions, etc.) and clarifying the org parameter's conditional behavior, which goes beyond the annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two concise sentences, front-loading the purpose and then detailing return information. Every sentence adds value with no redundant or filler content.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a simple read-only listing tool with one optional parameter and good annotations, the description covers the key behaviors: org handling and return fields. It does not mention pagination or limits, but these are likely unnecessary for the expected use case.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, so baseline is 3. The description does not add new meaning beyond the schema's description for the 'org' parameter; it merely rephrases the conditional requirement. No additional parameter semantics are provided.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool enumerates customer-defined tools available to the signed-in user, optionally scoped to a named org. It specifies the return fields (names, descriptions, default permission, risk level) and distinguishes itself from sibling tools focused on approvals and permissions.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides good usage context, explaining when the org parameter is required versus optional. However, it does not explicitly state when not to use this tool or mention alternatives among the siblings, though the purpose is clearly distinct.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
list_pending_approvalsARead-onlyIdempotentInspect
List approval requests still awaiting a human decision for the signed-in user. Useful for agents picking up an abandoned workflow.
| Name | Required | Description | Default |
|---|---|---|---|
No parameters | |||
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate safe read-only behavior (readOnlyHint, idempotentHint, no destructiveHint). The description adds context about 'awaiting human decision' but no additional behavioral details beyond annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, front-loaded with the primary action, no unnecessary words. Every sentence adds value.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
The simple tool with no output schema and no parameters is adequately described. Could mention return type but sufficient for selection.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
No parameters exist, so the baseline is 4. The description correctly implies no parameters are needed for the listing operation.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly specifies the verb 'list' and the resource 'approval requests' with additional qualifiers 'still awaiting a human decision' and 'for the signed-in user,' making it distinct from siblings like check_approval_status.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides a clear use case ('picking up an abandoned workflow') and implicitly distinguishes from siblings, but does not explicitly state when to use alternatives.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!