Skip to main content
Glama
Mipiti
by Mipiti

add_component

Add a component to a threat model to map trust boundaries to repositories, enabling scoped security controls and deterministic asset-boundary derivation.

Instructions

Add a component to a threat model.

Components bridge security architecture to code organization. They map trust boundaries to repos so controls can be scoped to the codebase that implements them. They also drive the deterministic reachability composer's asset-boundary derivation: an asset's trust-boundary footprint is the union of its components' trust_boundary_ids.

A component with empty repo_url is speculative — a topology waypoint that hasn't been bound to code yet. The coherence report surfaces these as component_unbound findings. Speculative components are valid in the lifecycle (LLM-proposed during generation, or operator-added during planning); ground them via edit_component once the code exists.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
nameYesComponent name (e.g., "Backend API", "Auth Worker").
pathNoPath within repo for monorepos (e.g., "services/auth").
model_idYesID of the threat model.
repo_urlNoRepository URL (e.g., "github.com/org/backend"). Empty string is valid for speculative components — pass a real URL once you've identified the codebase.
server_versionYes
trust_boundary_idsNoComma-separated trust boundary IDs that this component spans (its deployment zone). Drives reach decisions for any asset scoped to this component.

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault

No arguments

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description carries the full burden. It discloses that empty repo_url indicates speculative components, that coherence report surfaces component_unbound findings, and that trust_boundary_ids drive reach decisions. It does not mention side effects but provides meaningful behavioral context beyond the schema.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is relatively long but front-loads the core purpose. Each sentence contributes meaning, explaining the component's role, lifecycle, and parameter implications. Minor redundancy could be trimmed, but overall efficient.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

The tool has an output schema, so return values need not be explained. The description covers purpose, usage context, parameter semantics for key parameters, and behavioral traits. For a 6-param tool with no annotations, it is quite complete, though some parameters lack individual elaboration.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is high (83%). The description adds value for repo_url by explaining speculative vs bound, and for trust_boundary_ids by explaining deployment zone. Other parameters (name, path) rely on schema, but the description compensates with conceptual context.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states 'Add a component to a threat model,' specifying the verb and resource. It distinguishes from sibling tools like edit_component and remove_component by outlining the component's role in bridging security architecture to code organization and driving reachability.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides context for when to use speculative components (empty repo_url) versus real ones, and directs to edit_component for grounding. It explains the role in trust boundaries and coherence reports, but does not explicitly contrast with similar add tools or state when not to use this tool.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Mipiti/mipiti-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server