qring-mcp

Overview Schema Related Servers Score Discussions

validate_secret

Validate a stored secret by sending a minimal authenticated request to its upstream service to confirm the credential is still accepted for use.

Instructions

[validation] Test whether a stored secret is still accepted by its upstream service (OpenAI, Stripe, GitHub, AWS, generic HTTP, etc.) by making a minimal authenticated request. Use to confirm liveness before relying on a credential or as the verification step after rotate_secret; prefer ci_validate_secrets for a batch run across every key in scope. Side effects: makes one outbound network request per call (may incur tiny provider-side rate-limit cost). Records 'read' for the underlying secret value in the audit log; the value itself is never logged. Returns JSON { valid, provider, status?, message?, rateLimit?, ... } (provider-specific shape).

Input Schema

TableJSON Schema

Name	Required	Description
`key`	Yes	The exact key whose value should be tested upstream. Example: 'OPENAI_API_KEY'.
`orgId`	No	Organization identifier for org-scoped secrets. Required only when scope='org'. Example: 'acme-corp'.
`scope`	No	Where the secret lives. 'global' = user keyring (default if omitted on reads), 'project' = scoped to projectPath, 'team' = team-shared (needs teamId), 'org' = org-shared (needs orgId).
`teamId`	No	Team identifier for team-scoped secrets. Required only when scope='team'. Example: 'acme-platform'.
`provider`	No	Force a specific provider id. Built-ins include 'openai', 'stripe', 'github', 'aws', 'http'. Omit to auto-detect from the value's prefix or the secret's stored provider hint.
`projectPath`	No	Absolute path to the project root for project-scoped secrets and policy resolution. Defaults to the MCP server's current working directory when omitted.

Tool Definition Quality

A4.8/5.0

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description fully carries the burden. It discloses side effects: outbound network request, potential rate-limit cost, audit logging of 'read' without logging the secret value. Sufficient for safe usage.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured with a leading category tag [validation] and uses clear sentence breaks. It is concise given the amount of useful information, though slightly verbose in listing return fields.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the 6 parameters, 100% schema coverage, no output schema, the description provides return shape (JSON with fields), side effects, usage guidance, and behavioral notes. Everything an agent needs is included.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Input schema already provides 100% parameter descriptions, but the description adds practical guidance (e.g., 'Force a specific provider id' and auto-detection behavior). This enhances understanding beyond the schema, though not drastically.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Clearly states the action: testing whether a stored secret is accepted by its upstream service. The specific verb 'validate' and resource 'secret' are unambiguous, and the description distinguishes from sibling tools like 'ci_validate_secrets' and 'rotate_secret'.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly tells when to use (confirm liveness, verify after rotation) and when to prefer an alternative (batch run via 'ci_validate_secrets'). This provides clear context for appropriate invocation.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/I4cTime/quantum_ring'

If you have feedback or need assistance with the MCP directory API, please join our Discord server