detect_incidents

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries full burden. It transparently describes that the tool queries events, groups by signature, and returns clusters above a threshold. It does not mention any side effects or mutability, but the verb 'detect' implies a read-only operation. However, it lacks explicit non-destructive declaration.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured with a one-line purpose, a process overview, a parameter list with explanations, and a return value summary. Every sentence is informative and efficiently written without redundancy.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool has 5 parameters, no annotations, and an output schema exists, the description covers purpose, process, parameter semantics, and return format adequately. It provides sufficient context for an AI agent to understand and invoke the tool correctly.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 0%, so the description compensates fully with clear explanations for all five parameters: lookback_minutes, search_term, event_limit, mass_threshold, max_incidents. Each has a concise purpose and default value stated, adding significant meaning beyond the bare schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool detects mass log incidents using signature clustering with the Stormbreaker engine, distinguishing it from siblings like query_events (raw events) and list_dashboards (dashboards). It specifies the verb 'detect' and the resource 'incidents' with a clear methodology.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage for detecting mass incidents via parameters like lookback_minutes, search_term, and mass_threshold. It does not explicitly state when to avoid using it or mention alternatives among siblings, but the specialized intent is clear.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.