nexus-convergence-mcp

Overview Schema Related Servers Score Discussions

check_compliance

Evaluate content against HIPAA, EU AI Act, NIST, and custom compliance policies to return passed/blocked status, violations, warnings, and logs.

Instructions

Check content against compliance policy sets. Evaluates against HIPAA (PHI detection), EU_AI_ACT (prohibited use cases), NIST (PII/secrets), and CUSTOM rules. Returns: passed/blocked status, list of violations (BLOCK), warnings (WARN), and log entries.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`content`	Yes	The content to evaluate against compliance policies
`categories`	No	Filter to specific policy categories. Leave empty to check against all active policies.

Implementation Reference

src/lib/client.ts:117-125 (handler)
The checkCompliance function that executes the tool logic. It sends an HTTP POST request to the COMPLIANCE_SERVICE_URL/check endpoint with the content and optional categories, returning a ComplianceCheckResult.
```
export async function checkCompliance(
  content: string,
  categories?: string[]
): Promise<ComplianceCheckResult> {
  return post<ComplianceCheckResult>(`${COMPLIANCE_SERVICE_URL}/check`, {
    content,
    categories,
  });
}
```

src/lib/client.ts:81-88 (schema)

The ComplianceCheckResult interface defines the return type for the check_compliance tool, including passed/blocked status, violations, warnings, and logs.

export interface ComplianceCheckResult {
  passed: boolean;
  blocked: boolean;
  evaluated_policies: number;
  violations: Array<{ policy_name: string; category: string; severity: string; matched_snippet: string; message: string }>;
  warnings: Array<{ policy_name: string; category: string; severity: string; matched_snippet: string; message: string }>;
  logs: Array<{ policy_name: string; category: string; matched_snippet: string }>;
}

src/index.ts:102-126 (registration)

Tool registration for 'check_compliance' in the MCP server's ListToolsRequestSchema handler. Defines name, description, and inputSchema with 'content' (required string) and 'categories' (optional array of enum values: HIPAA, EU_AI_ACT, NIST, CUSTOM).

{
  name: 'check_compliance',
  description:
    'Check content against compliance policy sets. Evaluates against HIPAA (PHI detection), EU_AI_ACT (prohibited use cases), NIST (PII/secrets), and CUSTOM rules. ' +
    'Returns: passed/blocked status, list of violations (BLOCK), warnings (WARN), and log entries.',
  inputSchema: {
    type: 'object' as const,
    required: ['content'],
    properties: {
      content: {
        type: 'string',
        description: 'The content to evaluate against compliance policies',
      },
      categories: {
        type: 'array',
        items: {
          type: 'string',
          enum: ['HIPAA', 'EU_AI_ACT', 'NIST', 'CUSTOM'],
        },
        description:
          'Filter to specific policy categories. Leave empty to check against all active policies.',
      },
    },
  },
},

src/index.ts:187-203 (handler)

The call handler case for 'check_compliance' in the CallToolRequestSchema handler. Parses input via Zod schema (content: string min 1, categories: optional string array), calls checkCompliance, and returns the result as JSON.

case 'check_compliance': {
  const schema = z.object({
    content: z.string().min(1),
    categories: z.array(z.string()).optional(),
  });
  const params = schema.parse(args);
  const result = await checkCompliance(params.content, params.categories);

  return {
    content: [
      {
        type: 'text' as const,
        text: JSON.stringify(result, null, 2),
      },
    ],
  };
}

src/lib/client.ts:22-46 (helper)

The generic 'post' helper function used by checkCompliance to make HTTP POST requests with authentication headers.

async function post<T>(url: string, body: unknown): Promise<T> {
  const response = await fetch(url, {
    method: 'POST',
    headers: authHeaders(),
    body: JSON.stringify(body),
  });

  if (!response.ok) {
    const text = await response.text();
    throw new Error(`HTTP ${response.status}: ${text}`);
  }

  return response.json() as Promise<T>;
}

async function get<T>(url: string): Promise<T> {
  const response = await fetch(url, { headers: authHeaders() });

  if (!response.ok) {
    const text = await response.text();
    throw new Error(`HTTP ${response.status}: ${text}`);
  }

  return response.json() as Promise<T>;
}

Tool Definition Quality

A4.2/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description carries the burden and adequately explains the behavior: evaluating content against policies and returning status, violations, warnings, and logs. It does not mention side effects or permissions, but the read-only nature is implied.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is two sentences, front-loading the main action then listing specifics. No wasted words – every sentence provides essential information.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

The tool has no output schema, but the description covers the return fields (passed/blocked, violations, warnings, logs). It is sufficiently complete for a compliance checker, though more detail on interpreting results could help.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema covers both parameters with descriptions (100% coverage). The description adds value by enumerating the policy categories and detailing the return structure, which goes beyond the schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states 'Check content against compliance policy sets' and lists specific policy sets (HIPAA, EU_AI_ACT, NIST, CUSTOM), making it highly specific and distinguishable from its unrelated sibling tools.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage for compliance checks but does not provide explicit guidance on when to use this tool versus alternatives or when not to use it. Since siblings are unrelated, the lack of explicit guidance is a minor gap.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Gonzih/nexus-convergence-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server