Skip to main content
Glama
ComplianceCow

ComplianceCow MCP Server

by ComplianceCow
OverviewSchemaRelated ServersScoreDiscussions
Python
Remote

fetch_rules_suggestions

Check compliance rule proposals against the catalog to prevent duplicates, identify existing rules for reuse or customization, and detect incomplete local rules ready for resumption.

Instructions

Tool-based version of fetch_rules_and_tasks_suggestions for improved compatibility and prevention of duplicate rule creation.

This tool serves as the initial step in the rule creation process. It helps determine whether the user's proposed use case matches any existing rule in the catalog.

PURPOSE:

  • To analyze the user's use case and avoid duplicate rule creation by identifying the most suitable existing rule based on its name, description, and purpose.

  • NEW: Check for partially developed rules in local system before allowing new rule creation

  • NEW: Present resumption options if incomplete rules are found to prevent duplicate work

WHEN TO USE:

  • As the first step before initiating a new rule creation process.

  • When the user wants to check if similar rules already exist by leveraging the Rules Suggestions API, instead of browsing the entire catalog manually.

  • When verifying if a suggested rule can be reused or adapted rather than creating one from scratch.

  • When checking for incomplete local rules that should be resumed instead of creating new ones.

🚫 DO NOT USE THIS TOOL FOR:

  • Checking what rules are available in the ComplianceCow system.

  • This tool only works with the rule catalog (not the entire ComplianceCow system).

  • The catalog contains only rules that are published and available for reuse in the catalog.

  • For direct ComplianceCow system lookups, use dedicated system tools instead:

  • fetch_cc_rule_by_name

  • fetch_cc_rule_by_id

MANDATORY STEP: CONTEXT SUMMARY

  • Before calling the rule catalog API, always rewrite the user’s raw requirement into a single-paragraph descriptive summary string (not bullet points, not verbatim input).

  • The summary must capture the essence of the requirement in clear, natural language.

  • This summary string is what will be passed to fetch_rules_and_tasks_suggestions.

  • Example: User input: "Use GitHub GraphQL API to fetch merged PRs and check if approvals >= 2" Summary: "The proposed rule validates compliance for GitHub Pull Requests by retrieving all merged PRs through the GitHub GraphQL API, checking whether the number of approvers meets a required threshold, and marking them as compliant or non-compliant."

WHAT IT DOES:

  • Generates a concise summary string from the user's intent or requirements.

  • Calls the Rules Suggestions API with this summary string to retrieve a narrowed list of relevant rules.

  • Performs intelligent matching using metadata (name, description, purpose) from the suggested rules against the user-provided use case details.

  • Uses semantic pattern recognition to identify similar or related rules, even across different systems (e.g., AzureUserUnusedPermission vs SalesforceUserUnusedPermissions).

  • Analyzes the readmeData field from the fetch_rule() response to validate the rule's suitability for the user's use case.

IF A MATCHING RULE IS FOUND:

  • Retrieves complete details via fetch_rule().

  • If the readmeData field is available in the fetch_rule() response, Performs README-based validation using the readmeData field from the fetch_rule() response to assess its suitability for the user’s use case.

  • If suitable:

  • Returns the rule with full metadata, explanation, and the analysis report.

  • If not suitable:

  • Informs the user that the rule's README content does not align with the intended use case.

  • Prompts the user with clear next-step options:

    • "The rule's README content does not align with your use case. Please choose one of the following options:"

    • Customize the existing rule

    • Evaluate alternative matching rules

    • Proceed with new rule creation

  • Waits for the user's choice before proceeding.

IF A SIMILAR RULE EXISTS FOR AN ALTERNATE TECHNOLOGY STACK:

  • Detects rules with the same logic but built for a different platform or system (e.g., AzureUserUnusedPermission for SalesforceUserUnusedPermissions)

  • If the readmeData field is available in the fetch_rule() response, Retrieves and analyzes the readmeData from the fetch_rule() response to compare the implementation details against the user's proposed use case

  • Based on the comparison:

    • If the README content matches or is mostly reusable, suggest using the existing rule structure and logic as a foundation to create a new rule tailored to the user's target system

    • If the README content does not match or is not suitable, clearly inform the user and recommend either modifying the logic significantly or proceeding with a completely new rule from scratch

IF NO SUITABLE RULE IS FOUND:

  • Clearly informs the user that no relevant rule matches the proposed use case

  • Suggests continuing with new rule creation

  • Optionally highlights similar rules that can be used as a reference

MANDATORY STEPS: README VALIDATION:

  • Always retrieve and analyze readmeData from fetch_rule().

  • Ensure the rule's logic, behavior, and intended use align with the user's proposed use case.

README ANALYSIS REPORT:

  • Generate a clear and concise report for each readmeData analysis that classifies the result as a full match, partially reusable, or not aligned.

  • Present this report to the user for review.

USER CONFIRMATION BEFORE PROCEEDING: When analyzing a README file:

  • If no relevant rule matches the proposed use case, or if the README is deemed unsuitable, the tool must pause and request explicit user confirmation before proceeding further.

  • The tool should:

  • Clearly inform the user that no matching rule was found or the README is not appropriate.

  • Suggest creating a new rule as the next step.

  • Optionally recommend similar existing rules that can serve as references to help the user craft the new rule.

ITERATE UNTIL MATCH:

  • Repeat the above steps until a suitable rule is found or all options are exhausted.

CROSS-PLATFORM RULE HANDLING:

  • For rules from a different stack:

  • If reusable: suggest customization

  • If not reusable: recommend new rule creation

Returns:

  • A single rule object with full metadata and verified README match — if an exact match is found

  • A similar rule suggestion with customization options — if a cross-system match is found (e.g., AzureUserUnusedPermission vs SalesforceUserUnusedPermissions)

  • A message indicating no suitable rule found — with next steps and guidance to create a new rule

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
user_requirementYes
summary_stringYes

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault

No arguments

Tool Definition Quality

A4.5/5.0
Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Extensively details internal workflow including mandatory context summarization, README validation loops, user confirmation pauses, and cross-platform rule handling without annotations to reference.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness2/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Extremely verbose with redundant sections (multiple headers restating similar purposes), excessive bold text, and repetitive explanations that do not earn their place.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Comprehensively covers the complex multi-step workflow (summary generation, API matching, README analysis, user confirmation) despite existence of output schema.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Compensates for 0% schema description coverage by explaining that summary_string must be a single-paragraph natural language rewrite of user_requirement, with clear examples.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Clearly states the tool analyzes use cases to prevent duplicate rule creation and explicitly distinguishes from sibling tools like fetch_cc_rule_by_name/id.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Contains explicit 'WHEN TO USE' and 'DO NOT USE THIS TOOL FOR' sections with specific alternatives, covering first-step usage and resumption of incomplete rules.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/ComplianceCow/cow-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server