Skip to main content
Glama

Code-level compliance coverage report

codeinspectus_compliance_report
Read-onlyIdempotent

Produce a per-framework control-coverage report from a prior code scan, showing findings count against code-visible controls for NIST, ISO, SOC2, CIS, Essential Eight, or OWASP.

Instructions

Produce a per-framework code-level control-coverage view for a prior scan (NIST CSF 2.0, ISO 27001:2022, SOC 2, CIS v8.1, Essential Eight, OWASP Web/LLM). Reports 'X of N code-visible controls have findings' with the code-visible subset as the explicit denominator. This is NOT a compliance audit, certification, or attestation — code-level evidence only.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
scan_idYesscan_id returned by a prior codeinspectus_scan call.
frameworkNoRestrict the report to one framework. Default: all frameworks.

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault
scan_idYes
disclaimerYes
frameworksYes
posture_noteYes
posture_scoreYes
Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already indicate readOnlyHint=true and idempotentHint=true. The description adds that the report uses 'code-visible controls as the explicit denominator' and is 'code-level evidence only', providing useful behavioral context beyond annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two sentences: first states purpose and scope, second clarifies reporting format and limitations. No redundant words, front-loaded with key information.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

The description fully explains the report output (X of N controls with findings, code-visible denominator) and explicitly states it's not an audit. With an output schema present, this is complete for an agent to understand the tool's contribution.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100% with clear param descriptions for scan_id and framework. The description adds no additional parameter meaning beyond the schema; it only lists frameworks which are already in the enum.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool produces a per-framework code-level control-coverage view for a prior scan, listing specific frameworks. It distinguishes from siblings like codeinspectus_scan (which runs scans) and codeinspectus_explain_finding by focusing on coverage reporting.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description specifies the tool is for a prior scan and explicitly states it is NOT a compliance audit, certification, or attestation, guiding appropriate use. However, it does not directly mention when to use siblings or alternatives.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Synvoya/codeinspectus'

If you have feedback or need assistance with the MCP directory API, please join our Discord server