run_audit

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations are absent, so the description must disclose behavioral traits. It states the tool 'runs checks' and returns a plan, but does not indicate whether it is read-only, modifies state, or requires specific permissions. No side effects are mentioned.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is concise and front-loaded with the main action. It efficiently lists checks in one paragraph without redundancy. Minor improvement could be bullet points for readability, but it is not overly verbose.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of the tool (multiple checks, structured output), the description lacks detail on the return format, error handling, and prerequisites. No output schema exists to supplement, leaving agents with insufficient context for reliable usage.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with a well-described enum for 'scope'. The description adds value by listing all checks, which contextualizes the scope values (e.g., 'all' includes port conflicts, git remotes, etc.), enhancing semantic understanding beyond the schema's brief descriptions.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Run the Compliance Agent audit across all projects.' It lists the specific checks performed and mentions the return type, making it highly specific and distinct from sibling tools like check_ports.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

No explicit guidance on when to use this tool versus alternatives like audit_verify or check_ports. The scope parameter provides some implicit usage context, but the description lacks direct comparisons or prerequisites.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.