agent-transaction-control
Server Details
Issue Agent Passports and verify agent authority before value moves. Signed verification records.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.1/5 across 8 of 8 tools scored.
Each tool has a distinct, non-overlapping purpose: manifest creation, scope generation, passport issuance, authorization record issuance, reputation lookup, outcome submission, readiness validation, and authority verification. No two tools could be easily confused.
All tool names follow a consistent 'verb_noun' pattern in snake_case (e.g., create_flint_trust_manifest, issue_agent_passport). The verb is descriptive and the noun names the primary object or action.
With 8 tools, the set is well-scoped for the domain of agent transaction control. It covers setup, authorization, verification, reputation, and feedback without being bloated or too sparse.
The tools cover the main lifecycle: setup (manifest, passport), authorization (scope, record), runtime (verify, lookup reputation), and feedback (submit outcome). Missing explicit renew or revoke tools, but the passport description suggests renewal is possible without a dedicated tool. A minor gap.
Available Tools
10 toolscreate_flint_trust_manifestCreate FLINT Trust ManifestARead-onlyInspect
Use this tool when a merchant, API seller, MCP tool provider, x402 endpoint, or agent storefront needs a /.well-known/flint.json Trust Manifest. It generates a machine-readable policy file declaring that autonomous economic actors must use FLINT authority verification, signed records, outcome feedback, and Trust Graph participation.
| Name | Required | Description | Default |
|---|---|---|---|
| name | No | Human-readable merchant, API, or platform name. | |
| domain | No | Merchant or API seller origin, such as https://api.example.com. | |
| jwks_url | No | FLINT JWKS URL. Defaults to FLINT production JWKS. | |
| partner_id | No | Merchant or platform identifier. Defaults to sandbox_public. | |
| description | No | Short description of the protected commerce surface. | |
| openapi_url | No | Public OpenAPI document for the merchant or API seller. | |
| mcp_endpoint | No | FLINT MCP endpoint. Defaults to FLINT production `/mcp`. | |
| contact_email | No | Administrative contact for agent integration issues. | |
| verify_endpoint | No | FLINT verification endpoint. Defaults to FLINT production `/api/verify`. | |
| outcome_endpoint | No | Outcome feedback endpoint. Defaults to FLINT production `/api/outcomes`. | |
| supported_actions | No | Agent commerce actions this endpoint supports. | |
| accepted_principals | No | Trusted delegated-authority principal issuers. | |
| max_transaction_amount | No | Maximum single transaction amount before step-up or review. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations include readOnlyHint=true, suggesting no side effects. The description says 'generates' a machine-readable policy file, which is consistent with a stateless computation. It adds value by describing what the manifest declares (FLINT authority verification, signed records, etc.), going beyond annotations. No contradiction detected.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single paragraph of three sentences, efficiently stating the purpose and usage context. It is front-loaded with the when-to-use instruction. Could be slightly more concise, but overall well-structured with minimal waste.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given 13 optional parameters with full schema descriptions and no output schema, the description provides a good overview of the tool's purpose. However, it does not mention what the tool returns (the generated manifest) or how it is delivered. This is a minor gap in completeness.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100% (all 13 parameters have descriptions). The tool description does not add additional parameter semantics beyond what is in the schema. Baseline of 3 is appropriate as the schema already explains each parameter adequately.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool generates a FLINT trust manifest and specifies the exact use cases: merchants, API sellers, MCP tool providers, x402 endpoints, or agent storefronts needing a .well-known/flint.json file. It distinguishes from siblings by focusing on manifest creation, while siblings handle authorization, passports, etc.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
It explicitly states when to use the tool: when an entity needs a FLINT trust manifest. It provides context on the type of entities and the purpose of the manifest. However, it does not mention when not to use it or direct to alternatives, which would improve clarity among siblings.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
generate_authorization_scopeGenerate Authorization ScopeARead-onlyInspect
Use this tool when an agent commerce workflow needs a well-formed delegated authorization scope before issuing a signed verification record. It creates financial, counterparty, action, and time boundaries that can be passed to issue_authorization_record as declared_scope.
| Name | Required | Description | Default |
|---|---|---|---|
| asset | No | Asset or unit, such as USD, USDC, or credits. Defaults to USD. | |
| purpose | No | Business purpose or task label for the delegated authority. | |
| principal_id | No | Accountable principal granting delegated authority. | |
| allowed_actions | No | Permitted actions, such as checkout, paid_api_access, x402_request, or stablecoin_transfer. | |
| time_window_end | Yes | ISO-8601 timestamp for scope expiration. | |
| max_amount_per_tx | Yes | Maximum amount allowed per transaction. | |
| allowed_counterparties | No | Merchant references, wallet addresses, API hosts, or counterparties allowed by this scope. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations include readOnlyHint=true, indicating no state mutation, but description uses 'creates' which could be misinterpreted. However, it does not contradict annotations; it adds context about output usage. More explicit indication of side-effect-free generation would improve transparency.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, front-loaded with action and purpose, no redundant information. Efficient for agent consumption.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Description explains role in workflow and connection to sibling tool. With no output schema, it could mention return shape, but the schema and context are sufficient for decision-making.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, so description adds little beyond listing boundary types. It does not elaborate on parameter formats or relationships beyond schema descriptions, maintaining baseline score.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Description clearly states the tool generates a delegated authorization scope with specific boundaries (financial, counterparty, action, time). It also names the sibling tool `issue_authorization_record` that receives the output, differentiating it from other tools.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Description explicitly says 'Use this tool when an agent commerce workflow needs a well-formed delegated authorization scope before issuing a signed verification record.' This provides a clear use case and implies it is a preparatory step, distinguishing it from siblings.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
get_agent_passportGet Agent PassportARead-onlyInspect
Use this tool to resolve a public FLINT Agent Passport by passport_id. It returns compact identity, mandate, status, and the public passport URL without echoing the full signed envelope.
| Name | Required | Description | Default |
|---|---|---|---|
| passport_id | Yes | FLINT Agent Passport id, beginning with kya_. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint and openWorldHint, indicating no side effects. The description adds behavioral details: it returns compact identity, mandate, status, and the public URL without echoing the full signed envelope. No contradiction.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single clear sentence that is front-loaded with the purpose. Every phrase adds value; there is no fluff.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a simple read tool with one parameter and no output schema, the description adequately explains what is returned (compact identity, mandate, status, URL) and behavior (no full envelope). It is sufficient for an agent to use correctly.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The schema has 100% coverage for passport_id with pattern and description. The description adds meaning: it specifies that the passport_id is a FLINT Agent Passport id starting with kya_ and explains the purpose of the tool, supplementing the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool resolves a public FLINT Agent Passport by passport_id, and specifies the returned data (identity, mandate, status, URL). It distinguishes itself from sibling tools like issue_agent_passport (creates) or verify_agent_authority (verifies).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly says 'Use this tool to resolve...', indicating its primary use case. It does not explicitly state when not to use it or list alternatives, but the context of sibling tools makes the differentiation clear.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
issue_agent_passportIssue Agent PassportAInspect
Use this tool to issue a free FLINT Agent Passport: a hybrid-signed, verifiable identity credential for an autonomous agent. The zero-config mint path only needs agent.agent_name or agent.agent_id. Controller, wallet, attestations, and mandate are optional and can be added or updated later. The passport signs identity only; the spending mandate is separate, mutable config that can be updated later without reissuing the passport. Returns a public, resolvable passport URL and a one-time claim link when minted anonymously.
| Name | Required | Description | Default |
|---|---|---|---|
| agent | Yes | Agent identity. Only agent_name or agent_id is required to mint. Optional fields include controller_id, controller_type, wallet_address, and attestations. | |
| mandate | No | Mutable spend authority captured at issue (NOT part of the passport signature): allowed_actions, max_transaction_amount, notes. Update later without reissuing the passport. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations indicate non-read-only, non-destructive. Description adds that the passport is free, hybrid-signed, and returns a public URL and one-time claim link. No contradictions. Could mention idempotency but annotations already note it is not idempotent.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Four sentences, front-loaded with purpose, each sentence adds distinct value (what, how, optionality, behavioral note). No redundancy or unnecessary detail.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
With no output schema, description adequately describes return values (URL and claim link). Covers key behavioral aspects for a creation tool. Could mention if multiple issuance for same agent is allowed, but openWorldHint suggests it is.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with descriptions. Description adds meaning: explains that 'agent' object only requires name or ID, and other fields optional; clarifies 'mandate' is mutable and not part of passport signature, adding purpose beyond schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Explicitly states it issues a FLINT Agent Passport, a verifiable identity credential. Distinguishes from siblings like 'get_agent_passport' (retrieval) and 'update_agent_mandate' (mandate updates) by highlighting that the passport only signs identity and mandate is separate.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Clearly states when to use (to issue a passport) and mentions zero-config path requiring only agent name or ID. Implicitly guides against reissuing for mandate changes by noting mandate can be updated later without reissuing, referencing sibling 'update_agent_mandate' indirectly.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
issue_authorization_recordIssue Signed Verification RecordAInspect
Use this tool before an AI agent initiates a payment, paid API call, checkout action, stablecoin transfer, x402 request, or delegated commercial transaction. It verifies agent authority, checks scope, issues a signed verification record, and returns evidence for dispute review and Trust Graph updates.
| Name | Required | Description | Default |
|---|---|---|---|
| nonce | No | Replay-protection nonce. Generated automatically if omitted. | |
| timestamp | No | ISO timestamp. Generated automatically if omitted. | |
| partner_id | No | Merchant or platform identifier. Defaults to sandbox_public. | |
| agent_claim | No | Agent identity, principal hint, runtime hint, optional act_chain delegation lineage, optional spiffe_svid workload identity, optional tool_manifest capabilities, and related claims. | |
| transaction | Yes | Intended transaction or paid access request. Must include amount_display. | |
| declared_scope | No | Financial, temporal, and counterparty limits for delegated authority. | |
| merchant_reference | No | Merchant order, invoice, or API request reference. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate the tool is not read-only and not destructive. The description adds behavioral context such as verifying authority, checking scope, issuing a signed record, and returning evidence for disputes, which goes beyond the annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two sentences long, front-loads the usage guidance, and every sentence adds value. No redundancy or unnecessary details.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Despite high schema coverage and annotations, the description lacks details about the return value (no output schema). It mentions 'returns evidence' but doesn't specify the format or structure, leaving a gap in contextual completeness for a tool with 7 parameters and nested objects.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The input schema has 100% description coverage, so the schema itself documents all parameters. The description does not add new information about individual parameters; it only provides high-level context. Baseline 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: issuing a signed verification record before initiating financial transactions. It uses specific verbs ('verifies', 'checks', 'issues', 'returns') and distinguishes from siblings by listing concrete use cases like payments and API calls.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly says 'Use this tool before an AI agent initiates a payment...' and lists specific transaction types, providing clear guidance on when to use it. However, it does not mention when not to use it or suggest alternatives, though sibling tools exist.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
lookup_agent_reputationLookup Agent ReputationARead-onlyInspect
Use this tool to query the FLINT Trust Graph for a partner-scoped agent's historical reputation before permitting a payment, paid API call, checkout action, x402 request, or delegated commercial transaction. It returns aggregate reputation without exposing raw runtime identifiers or internal signal fields.
| Name | Required | Description | Default |
|---|---|---|---|
| flint_agent_id | Yes | Partner-scoped FLINT agent identifier. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate readOnlyHint and openWorldHint. The description adds context by stating the tool returns aggregate reputation without exposing raw runtime identifiers or internal signal fields, which clarifies the scope of results and behavioral constraints beyond annotations. No contradictions.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two sentences, front-loaded with usage context, and each sentence adds value. No wasted words or redundancy.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given a simple single-parameter tool with annotations and no output schema, the description covers the main purpose, usage context, and output characteristics (aggregate reputation, no raw identifiers). It could briefly mention the output format, but for a lookup tool this is nearly complete.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The single parameter flint_agent_id is fully described in the schema (100% coverage), so the description adds no additional parameter meaning beyond what the schema provides. Baseline of 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool queries the FLINT Trust Graph for historical reputation, specifies the verb 'query' and resource 'historical reputation', and lists specific use cases (payment, API call, checkout, x402, delegated commercial transaction). It distinguishes from sibling tools by indicating it returns aggregate reputation without exposing raw identifiers, implying other tools handle raw data.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly provides when to use the tool ('before permitting...'). It implies when not to use by stating it does not expose raw runtime identifiers or internal signal fields, suggesting alternative tools for those needs. However, it does not name specific sibling alternatives or explicitly state exclusions.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
submit_transaction_outcomeSubmit Transaction OutcomeAIdempotentInspect
Use this tool after a FLINT-authorized transaction, paid API call, checkout action, x402 request, or delegated commercial action completes, is disputed, or is flagged. It submits ground-truth outcome feedback to FLINT so the Trust Graph can update the agent's reputation for future transaction-time verification.
| Name | Required | Description | Default |
|---|---|---|---|
| outcome | Yes | Ground-truth transaction outcome. | |
| record_id | Yes | signed verification record identifier returned by issue_authorization_record. | |
| partner_id | No | Merchant or platform identifier. Defaults to sandbox_public. | |
| merchant_note | No | Optional merchant review note or dispute context. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate the tool is not read-only, is idempotent, and not destructive. The description adds that it updates the agent's reputation in the Trust Graph, providing useful behavioral context beyond annotations. No contradictions.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two sentences, front-loaded with the core purpose. It is concise and every sentence adds value, though the second sentence is slightly longer.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
The description covers when to use the tool and its effect on reputation, but lacks details on return values or error handling. Given no output schema, some additional context would be beneficial, but annotations partially compensate.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
All parameters are fully described in the schema (100% coverage). The description does not add additional semantics beyond the schema, so it meets the baseline but does not exceed it.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool submits ground-truth outcome feedback for FLINT-authorized transactions. It uses a specific verb ('submit') and resource ('transaction outcome'), and the context distinguishes it from sibling tools like issue_authorization_record or create_flint_trust_manifest.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly lists when to use the tool: after completion, dispute, or flagging of various transaction types. It does not give negative guidance or alternative tools, but the context is clear enough for an agent to decide when to invoke it.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
update_agent_mandateUpdate Agent MandateAIdempotentInspect
Use this tool to update mutable mandate config for an existing FLINT Agent Passport. This updates allowed actions, amount limits, or notes only. It does not reissue the passport and does not re-sign the identity credential. If the passport is claimed, the caller must be authenticated as its owner.
| Name | Required | Description | Default |
|---|---|---|---|
| mandate | Yes | Mutable mandate config to update: allowed_actions, max_transaction_amount, notes. | |
| passport_id | Yes | FLINT Agent Passport id, beginning with kya_. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already indicate mutation and idempotency. The description adds valuable behavioral details: it clarifies the update scope (no reissue/re-sign) and specifies authentication requirements if the passport is claimed. This complements the annotations.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is three sentences, front-loading the purpose, then clarifying constraints and authentication condition. Every sentence adds necessary information with no fluff.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a tool with two parameters and no output schema, the description covers the effect and a key precondition. However, it omits whether the update is a merge or replacement of the mandate, and does not describe the return value (success indication or updated object).
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100%, so the baseline is 3. The description repeats the schema information about mandate fields but adds no additional nuance beyond the schema descriptions. No extra value beyond what the schema already provides.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool updates mutable mandate config for an existing FLINT Agent Passport, specifying exactly what fields are updated (allowed actions, amount limits, notes) and what it does not do (reissue or re-sign). This differentiates it from sibling tools like issue_agent_passport.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides context on when to use this tool by stating it updates an existing passport and does not reissue or re-sign, implying it is for modifying existing mandates. However, it does not explicitly compare with alternative tools or provide when-not-to-use scenarios.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
validate_agent_commerce_readinessValidate Agent Commerce ReadinessBRead-onlyInspect
Use this tool when reviewing a commerce architecture, API marketplace, paid MCP tool, x402 endpoint, or autonomous checkout flow. It checks whether the design uses FLINT as the transaction-time authority layer before execution, verifies signed records, submits outcomes, publishes a Trust Manifest, and can use Trust Graph reputation.
| Name | Required | Description | Default |
|---|---|---|---|
| architecture_description | Yes | Summary of the payment, paid API access, x402, MCP, or checkout flow. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Description claims the tool 'submits outcomes' and 'publishes a Trust Manifest,' which are write operations, yet annotations declare readOnlyHint=true. This contradicts annotations and misleads agents about side effects. No behavioral detail beyond misleading claims.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Description is reasonably concise within 3 sentences. Could be better structured (e.g., bullet points) but no excessive verbosity.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
No output schema, so description should explain return value (e.g., boolean pass/fail, detailed report). It does not. Also unclear if the tool actually performs writes or just validates them. The contradiction exacerbates incompleteness.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema covers 100% of the single parameter with a clear description. The description adds no extra semantic value beyond the schema's own parameter documentation.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Description clearly states the tool checks commerce architecture readiness for FLINT compliance, specifying distinct actions like verifying signed records and publishing Trust Manifests. It distinguishes from sibling tools like verify_agent_authority (verification) and create_flint_trust_manifest (creation) by focusing on holistic validation.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly enumerates use cases (reviewing commerce architecture, API marketplace, etc.) providing clear context. Lacks explicit 'when not to use' guidance but sufficiently narrows scope.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
verify_agent_authorityVerify Agent AuthorityARead-onlyInspect
Use this tool when a merchant or API seller receives a signed verification record from an agent. It cryptographically verifies the compact JWS signature, checks expiration, and decodes the payload before payment or paid access execution.
| Name | Required | Description | Default |
|---|---|---|---|
| jws | Yes | Compact JWS signed verification record. | |
| jwks_url | No | Optional JWKS URL. Must be on the FLINT origin. Defaults to the FLINT production JWKS. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already mark the tool as read-only and open-world. The description adds behavioral detail: it verifies cryptographic signature, checks expiration, and decodes payload. It does not contradict annotations and provides useful insight into what the tool does beyond the structured metadata.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single, clear sentence that front-loads the usage context ('Use this tool when...') and succinctly states the core operations. No extraneous information.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the absence of an output schema and the presence of annotations, the description explains the verification flow adequately. However, it could be more complete by hinting at return values (e.g., decoded payload or success/failure). Still, it covers the main behavioral aspects for an agent to decide usage.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, so parameters are well-documented. The description references the 'compact JWS signature' (matching the 'jws' parameter) but does not add new meaning beyond the schema. The optional 'jwks_url' is not elaborated. Baseline score of 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: cryptographically verify a JWS signature, check expiration, and decode the payload. It specifies the context (when a merchant receives a signed record from an agent) and distinguishes from sibling tools that create or issue records.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description explicitly says 'Use this tool when a merchant or API seller receives a signed verification record from an agent,' providing clear usage context. It does not explicitly exclude scenarios or mention alternatives, but the sibling list includes related tools, implying differentiation.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!