refine_control
Refine a control's description and justification; AI verifies collective sufficiency against mapped control objectives and supersedes prior assertions.
Instructions
Refine a control's description with AI-gated CO sufficiency check.
Two modes:
Provide
description: proposes a new description directly.Provide
codebase_findings: the platform proposes a description based on existing code that may already satisfy the control.Both can be provided: the platform evaluates the proposed description with the codebase findings as context.
The AI evaluates whether the mitigation group still collectively satisfies all mapped control objectives. If rejected, returns {accepted: false, reason, per_co} with per-CO reasoning.
Side effect on accepted refinements: every assertion attached
to this control is superseded — their claims were authored against
the prior description and are not guaranteed to align with the new
one. The response includes superseded_assertions: <count> so
the caller knows how many. Re-submit any assertion that still
applies under the new description; superseded rows remain in
history with superseded_by="control_refined:...".
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| model_id | Yes | ID of the threat model. | |
| control_id | Yes | ID of the control to refine (e.g., "CTRL-03"). | |
| description | No | Proposed new control description (optional if codebase_findings provided). | |
| justification | No | Why this refinement is appropriate (min 10 chars). | |
| server_version | Yes | ||
| codebase_findings | No | Description of existing code that may already satisfy this control's objective (optional). When provided without description, the platform proposes a description. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||