runcon

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Beyond the destructiveHint annotation, description notes 'changes the security domain', recommends dry_run for preview, and mentions safety timeout. Could elaborate on potential consequences of incorrect context but still adds significant context.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

Three sentences efficiently cover purpose, safety, usage, and exclusion. No fluff, every sentence earns its place.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Adequate for a command wrapper tool with good annotations and schema coverage. Lacks details on return values or error behavior, but given simplicity and presence of annotations, it is mostly complete.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, baseline 3. Description adds value by highlighting dry_run for preview and allow_context as required confirmation, but does not elaborate on context format or command_args beyond schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

Description clearly states the tool 'run a command under a specified SELinux security context' and distinguishes it from sibling 'chcon' by explicitly stating it is not for modifying file contexts. Provides specific verb and resource.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly states when to use ('test or enforce SELinux context transitions') and when not to ('not for modifying file contexts'), and names the alternative ('chcon'). Also mentions prerequisites like 'Requires --allow_context confirmation'.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.