validate_parameter_access

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It states that the tool is an AST check (read-only analysis), returns a dictionary with 'any_errors' and 'findings', and that PRM-003 findings include a severity field ('warning'). It also lists the allowlist, which reduces false positives. The description is transparent about the nature of the tool and its output format, though it does not explicitly confirm no side effects beyond the return value.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is moderately concise and well-structured. It opens with a clear statement of purpose, then provides important context about FP risk, interpretation hints, and the allowlist. It is front-loaded and each sentence adds value. Minor redundancy exists (e.g., repeated reference to PRM-003 and PRM-004), but overall it is efficient for its content density.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the single parameter and lack of output schema, the description covers the core logic and return format well. However, it leaves the parameter 'strategy_dir' completely undocumented, and terms like 'B1 validators' and 'component files' are unexplained, relying on domain knowledge. For a complete newcomer, the parameter gap is significant, making the tool less immediately usable.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The sole parameter 'strategy_dir' is not mentioned at all in the description. With 0% schema description coverage, the description must compensate by explaining the parameter's meaning and usage, but it fails to do so. The description mentions '4 component files' but does not clarify that strategy_dir points to a directory containing those files. This leaves the parameter poorly understood.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool performs an AST check for two specific types of parameter access issues: hardcoded threshold literals (PRM-003) and defensive self.params.get() calls (PRM-004). It specifies the scope (4 component files) and distinguishes itself from sibling validators by naming the exact rules it checks. The verb 'validate' with resource 'parameter access' is precise.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides clear usage context: it is the highest FP-risk validator among B1 validators, advises that PRM-003 findings should be treated as non-blocking while tuning the allowlist, and states that PRM-004 findings are always bugs. This helps callers interpret results correctly. However, it does not explicitly state when to use this tool versus alternative validators or when not to use it.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.