Skip to main content
Glama
Mipiti
by Mipiti

reevaluate_threat_model_factors

Re-evaluate threat model factors by re-running LLM judgment on all assets and attackers to refresh ratings after changes, preserving controls and assertions.

Instructions

Re-run the LLM factor judgment on every asset and attacker in a threat model. Useful for re-baselining factors after a bug fix or feature-description change, without regenerating the whole model (which would destroy controls, assertions, components).

Each entity's factors and rationale are replaced with a fresh LLM-judged decomposition; the composed impact / likelihood is re-derived deterministically from the new factors. Each re-rating is recorded as a rating revision in the audit trail with change_reason (default: "LLM factor re-evaluation") so the starting-point regeneration is distinguishable from operator- supplied factor overrides via edit_asset / edit_attacker.

The platform's LLM factor judgment is a starting point. For deployment-specific factor adjustments (e.g., elevated regulatory_scope because your tenant is HIPAA-covered, or Commodity prevalence because your endpoint is public-internet exposed), use edit_asset / edit_attacker afterward with a change_reason documenting the operator override.

Per-entity soft-fail: an LLM failure on one entity is recorded in the response's failed_entities list (with id, kind, and reason); the remaining entities are still re-evaluated and their rating revisions persisted as they complete. The endpoint returns 503 only when every live entity failed — in which case nothing was persisted; retry when the evaluator is reachable.

Soft-deleted assets and attackers are skipped.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
model_idYesID of the threat model to re-rate.
change_reasonNoOptional override of the audit-trail reason (default: "LLM factor re-evaluation"). Use this to thread a higher-level reason like "Re-eval after refinement bug fix shipped in vN.N.N" when running the tool as part of a broader workflow.
server_versionYes

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault

No arguments

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description fully discloses behavior: factors and rationale replaced, composed impact/likelihood re-derived, rating revisions recorded with change_reason, per-entity soft-fail with failed_entities list, 503 only on total failure, and soft-deleted entities skipped. Also explains distinction from operator overrides.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Well-structured and front-loaded with main purpose. Each sentence adds value, covering usage, behavior, edge cases, and integration. Appropriate length for the complexity.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (3 parameters, no annotations, output schema exists), the description covers main behavior, edge cases (soft-fail, 503), and integration with edit tools. Since output schema exists, return values need not be explained. The description is complete for an AI agent to use correctly.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Description adds meaning beyond schema: explains change_reason overrides default and allows threading higher-level reasons; implies model_id identifies the threat model. For server_version, no extra info provided beyond schema. Overall enrichment is good but could be slightly better for server_version.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Re-run the LLM factor judgment on every asset and attacker in a threat model.' It specifies the action (re-run factor judgment) and resource (threat model), and distinguishes from related tools like edit_asset/edit_attacker and generate_threat_model.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly states when to use: 'Useful for re-baselining factors after a bug fix or feature-description change.' Provides alternative tools for deployment-specific adjustments: 'For deployment-specific adjustments... use edit_asset / edit_attacker afterward.' Includes guidance on not using for operator overrides.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Mipiti/mipiti-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server