Skip to main content
Glama

generate_legal_notices

Scans project source code to automatically generate complete legal attribution notices with license texts for distribution compliance.

Instructions

PRIMARY TOOL: Generate legal notices by scanning source code directly (DEFAULT - FAST).

This is the RECOMMENDED tool for creating legal compliance documentation. Scans your project's source code directly to detect ALL packages (including transitive dependencies) and generates comprehensive attribution notices.

⚠️ THIS IS THE DEFAULT TOOL - Use this for most cases!

  • Scans source code directly (node_modules/, site-packages/, vendor/)

  • Detects ALL packages automatically (transitive dependencies included)

  • 10x faster than downloading from registries

  • No need to extract PURLs manually

WHEN TO USE THIS TOOL:

  • You have source code locally with dependencies installed

  • npm project with node_modules/ directory

  • Python project with site-packages/ or virtualenv

  • Any project with locally installed dependencies

WHEN NOT TO USE:

  • Dependencies not installed locally → Use generate_legal_notices_from_purls instead

  • You already have a PURL list → Use generate_legal_notices_from_purls instead

PURPOSE: Creates production-ready legal compliance documentation including:

  • Complete copyright holder attributions (auto-extracted)

  • Full license texts from SPDX

  • Formatted for NOTICE file inclusion

  • Ready for app store submission

  • Professional legal documentation

WHEN TO USE (MOST COMMON SCENARIOS):

  • Creating NOTICE files for distribution (PRIMARY USE CASE)

  • Generating legal compliance documentation for any product

  • After scanning packages and need complete attribution

  • Preparing legal docs for app store submissions (iOS/Android)

  • Need copyright holder information (automatically extracted)

  • Anytime you need production-ready legal documentation

WHEN NOT TO USE:

  • Understanding individual license obligations → use get_license_obligations

  • Just checking license compatibility → use check_license_compatibility

  • Quick validation only → use validate_license_list

  • Want one-shot complete workflow → use run_compliance_check

  • DON'T have PURLs yet → use scan_directory FIRST to get them

WORKFLOW POSITION: Typically used AFTER scan_directory/check_package and validation (validate_license_list), as the FINAL step to generate legal documentation.

COMMON WORKFLOWS:

  1. Mobile App Compliance (MOST COMMON): scan_directory(check_vulnerabilities=True, identify_packages=True) → validate_license_list(distribution="mobile") → generate_legal_notices(purls=[...], output_file="NOTICE.txt") [PRIMARY] → generate_sbom(path=".")

  2. After Package Analysis: check_package(identifier="pkg:npm/express@4.0.0") → validate_policy(licenses=[...]) → generate_legal_notices(purls=[...])

  3. Batch Compliance: scan_directory(path=".", identify_packages=True) → (parallel) generate_sbom + generate_legal_notices

BACKEND: Uses purl2notices in scan mode to read source code directly. Automatically extracts copyright holders, fetches license texts from SPDX, and formats complete attribution.

Args: path: Path to source directory to scan (project root with dependencies installed) output_format: Output format - "text" (default), "html", "markdown" output_file: Optional path to save the output file include_license_text: If True, include full license texts (default: True)

Returns: Dictionary containing: - notices: The generated legal notices text - packages_processed: Number/description of packages processed - packages_failed: Number of packages that failed processing - output_file: Path to saved file (if output_file was specified) - format: The output format used - mode: "scan_directory" (indicates source code scanning was used)

Examples: # Generate text NOTICE file for npm project generate_legal_notices( path="/path/to/npm-project", output_file="NOTICE.txt" )

# Generate HTML notices for Python project
generate_legal_notices(
    path="/path/to/python-project",
    output_format="html",
    output_file="NOTICE.html"
)

# Quick scan without saving to file
result = generate_legal_notices(path=".")
print(result["notices"])

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
pathYes
output_fileNo
output_formatNotext
include_license_textNo

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault
resultYes
Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Although no annotations are provided, the description thoroughly explains the tool's behavior: it scans source directories, detects all packages including transitive dependencies, extracts copyright holders, fetches license texts from SPDX, and generates formatted output. It also describes the backend (purl2notices in scan mode) and the mode field in the return value.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness3/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is overly verbose and repetitive, with 'WHEN TO USE' and 'WHEN NOT TO USE' sections appearing multiple times. While well-structured overall, it contains redundant information and could be shortened without losing clarity.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (4 parameters, many siblings) and lack of annotations, the description covers all necessary aspects: purpose, usage guidelines, parameter explanations, return value structure, and examples. The output schema is present and referenced in the Returns section.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 0% description coverage, but the description provides detailed explanations of all four parameters (path, output_format, output_file, include_license_text) with defaults and examples. This adds significant meaning beyond the schema's basic types and required field.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool generates legal notices by scanning source code, specifying it as the primary and default tool. It distinguishes itself from siblings like generate_legal_notices_from_purls by emphasizing direct source code scanning for speed and automatic detection.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides explicit when-to-use and when-not-to-use sections, including specific alternative tools for different scenarios. It also includes workflow positions and common workflows, giving clear context for selecting this tool over others.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/SemClone/mcp-semclone'

If you have feedback or need assistance with the MCP directory API, please join our Discord server