PolicyGuard

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It effectively communicates this is a security validation tool that returns structured decisions (allowed/require_approval) and generates audit correlation IDs. However, it doesn't mention potential side effects like audit logging, rate limits, or authentication requirements that might be relevant for security tools.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured and front-loaded with the core purpose and usage guidance, followed by organized parameter documentation and a complete example. Every sentence adds value: the security gate positioning, the workflow guidance, parameter explanations, return format details, and illustrative example all serve distinct purposes without redundancy.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's security-critical nature, 5 parameters with 0% schema coverage, and no annotations, the description provides comprehensive context. It explains the tool's role in the security workflow, documents all parameters with examples, details the return format (though an output schema exists), and includes a complete usage example. This fully compensates for the lack of structured metadata.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

With 0% schema description coverage, the description fully compensates by providing detailed parameter explanations with examples for all 5 parameters. Each parameter gets clear semantic meaning beyond the basic schema types (e.g., action_type examples like 'tool_call', 'resource_access'; target examples like 'tool name', 'resource URI'; parameters as 'JSON string of action-specific parameters').

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose with specific verbs ('validate whether an agent can perform a specific action') and distinguishes it from siblings by emphasizing it's the 'PRIMARY security gate' for pre-action compliance checks. It explicitly differentiates from audit/logging tools like get_audit_log and policy management tools like create_policy.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides explicit guidance on when to use this tool ('BEFORE performing any sensitive action') and why ('to ensure compliance with security policies'). It establishes a clear workflow relationship with other tools by positioning this as a prerequisite gatekeeper function.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.