Skip to main content
Glama
Mipiti
by Mipiti

assign_control_to_components

Scope a security control to one or more components so coding agents see it only in their repos, or clear assignments to make it visible everywhere.

Instructions

Replace a control's component scope.

Components are the canonical code-binding for controls. A control scoped to one or more components is visible to coding agents working in those repos (matched via Component.repo_url + Component.path); an unscoped control is visible everywhere.

Use this tool when:

  • Wiring a previously unscoped control to the component(s) that implement it (so coding agents see the control on their repo).

  • Adding a second component to a cross-cutting control (e.g., "all microservices enforce JWT validation").

  • Correcting a wrong component assignment.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
model_idYesID of the threat model.
control_idYesID of the control to scope (e.g., "CTRL-03").
change_reasonYesWhy this scope is appropriate (min 10 chars). Captured in the control's version history.
component_idsYesComma-separated component IDs (e.g., "CMP1,CMP2"). Empty string = unscoped (visible to every coding agent). Validated against the model: every supplied ID must exist.
server_versionYes

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault

No arguments

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations provided, so description carries full burden. It explains that component scope determines visibility to coding agents (repos matched via Component.repo_url + Component.path). Describes the mutation as 'replace' but also allows adding components, which creates slight ambiguity. Mentions validation (component IDs must exist) and implicit effect on version history via change_reason parameter. Could be clearer about whether assignments are additive or fully replaced.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Three short paragraphs: first sentence states purpose, second explains component concept, third lists bulleted use cases. Front-loaded, every sentence adds value, no redundancy. Efficient and well-structured.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (5 required params, output schema present, many siblings), the description provides sufficient conceptual background on component scoping and visibility. It explains the canonical binding and effect on agent visibility. Output schema exists, so return values are covered. No gaps in understanding when and why to use this tool.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Input schema has 80% parameter description coverage (4 of 5 parameters described), so schema already provides good meaning. Description adds context about component scope and change_reason being captured in history, but doesn't elaborate on individual parameter syntax beyond schema. Baseline at 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Description starts with 'Replace a control's component scope' which clearly states the action and resource. It explains the effect on visibility, distinguishing it from sibling tools like assign_asset_to_components. The tool name is self-explanatory, and the description reinforces it with specific semantic context.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly lists three use cases: wiring an unscoped control, adding a second component, and correcting wrong assignments. These provide clear guidance on when to invoke the tool. Although it doesn't list negative examples, the positive use cases are specific and actionable.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Mipiti/mipiti-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server