wazuh_rules_info

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It describes the tool as a search/list operation with no side effects, but does not explicitly state read-only behavior, authentication requirements, or rate limits. The description is clear enough for a read-only query tool, but lacks explicit behavioral disclosures.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is concise—three sentences that front-load the primary purpose, followed by filtering capabilities and utility. No extraneous words, every sentence earns its place.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the presence of an output schema (context states 'Has output schema: true'), the tool description does not need to explain return values. It covers purpose, key parameters, and use case adequately for a search/list tool with 9 parameters. Slight deduction for missing usage guidelines.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 100% description coverage for all 9 parameters. The description mentions filter options but adds no semantic value beyond the schema's parameter descriptions (e.g., level range, compliance IDs). Baseline 3 is appropriate given high schema coverage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description explicitly states the tool's purpose: 'Search and list Wazuh detection rules.' It includes specific filtering capabilities (rule level, compliance frameworks, MITRE ATT&CK) and frames it as essential for understanding detection coverage and tuning rules, clearly differentiating from sibling tools like wazuh_rules_coverage_map.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives (e.g., wazuh_rules_coverage_map), nor does it specify prerequisites or when not to use it. It only lists features without contextual usage advice.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.