Skip to main content
Glama
cloudcwfranck

@cloudcraftwithfranck/govcloud-mcp

by cloudcwfranck
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Remote

addon_configurator

Generate hardened Big Bang addon configurations for Platform One addons, including Iron Bank images, resource limits, and IL-appropriate security settings.

Instructions

Generate production-ready Big Bang addon configuration values for any Platform One addon. Returns hardened values with Iron Bank images, resource limits, and IL-appropriate security settings.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
addonYesBig Bang addon name e.g. "monitoring", "logging", "vault", "keycloak", "gitlab", "sonarqube", "twistlock", "mattermost"
targetLevelYesDoD IL target level
clusterSizeNoCluster size for resource sizing (default: medium)
existingValuesNoExisting addon values to extend or override (optional)

Implementation Reference

  • src/tools/platform-one/addon-configurator.ts:44-96 (handler)
    The main handler function that executes the tool logic. Calls runTool() which validates input via Zod schema, then invokes Anthropic Claude to generate production-ready Big Bang addon configuration values for any Platform One addon. Returns the text content from Claude's response.
    export async function handleAddonConfigurator(args: unknown): Promise<string> {
  return runTool('addon_configurator', args, Schema, async ({ addon, targetLevel, clusterSize, existingValues }) => {
    const response = await anthropic.messages.create({
      model: MODEL,
      max_tokens: getTokenBudget('addon_configurator'),
      system: PLATFORM_ONE_SYSTEM,
      messages: [
        {
          role: 'user',
          content: `Generate production-ready Big Bang addon configuration for **${addon}** at **${targetLevel}** on a **${clusterSize}** cluster.
${existingValues ? `\n**Existing Values to Extend:**\n\`\`\`yaml\n${existingValues}\n\`\`\`` : ''}

Provide:
1. **Complete Addon values.yaml block** — ready to paste into Big Bang values.yaml:
   - Iron Bank image from registry1.dso.mil with SHA256 digest pin
   - Resource requests and limits sized for ${clusterSize} cluster
   - Non-root security context
   - Read-only root filesystem where supported
   - Network policy configuration
   - Istio PeerAuthentication (STRICT mTLS)
   - Persistence configuration (size, storageClass)

2. **${targetLevel.toUpperCase()} Required Configurations** — what MUST be set for compliance:
   - STIG controls that drive specific settings
   - Authentication integration (CAC/PIV/Keycloak)
   - Audit logging configuration
   - Encryption settings

3. **Required Secrets** — Kubernetes secrets to create before deploying ${addon}:
   \`\`\`bash
   kubectl create secret ...
   \`\`\`

4. **Resource Requirements** — node requirements, storage classes, PVC sizes

5. **Integration Configuration** — how to wire ${addon} into:
   - Keycloak SSO (if applicable)
   - Monitoring/alerting (ServiceMonitor, PrometheusRule)
   - Logging (Fluentbit/Loki integration)
   - Vault for secrets (if applicable)

6. **Post-Deploy Verification** — commands to confirm ${addon} is healthy and ${targetLevel}-compliant

7. **Common Issues** — top 5 problems people hit deploying ${addon} in Big Bang and their fixes

Use exact Iron Bank image paths and realistic resource values for a ${clusterSize} cluster.`,
        },
      ],
    });

    return response.content[0].type === 'text' ? response.content[0].text : '';
  });
}
  • src/tools/platform-one/addon-configurator.ts:37-42 (schema)
    Zod validation schema for the tool inputs: addon (string), targetLevel (il2/il4/il5), clusterSize (small/medium/large, defaults to medium), and optional existingValues (string max 20000 chars).
    const Schema = z.object({
  addon: z.string().min(1).max(500),
  targetLevel: z.enum(['il2', 'il4', 'il5']),
  clusterSize: z.enum(['small', 'medium', 'large']).default('medium'),
  existingValues: z.string().max(20000).optional(),
});
  • src/tools/platform-one/addon-configurator.ts:6-35 (schema)
    Tool definition object with name 'addon_configurator', description, and JSON Schema input schema (type, properties, required fields). Exported as addonConfiguratorTool.
    export const addonConfiguratorTool = {
  name: 'addon_configurator',
  description:
    'Generate production-ready Big Bang addon configuration values for any Platform One addon. Returns hardened values with Iron Bank images, resource limits, and IL-appropriate security settings.',
  inputSchema: {
    type: 'object' as const,
    properties: {
      addon: {
        type: 'string',
        description:
          'Big Bang addon name e.g. "monitoring", "logging", "vault", "keycloak", "gitlab", "sonarqube", "twistlock", "mattermost"',
      },
      targetLevel: {
        type: 'string',
        enum: ['il2', 'il4', 'il5'],
        description: 'DoD IL target level',
      },
      clusterSize: {
        type: 'string',
        enum: ['small', 'medium', 'large'],
        description: 'Cluster size for resource sizing (default: medium)',
      },
      existingValues: {
        type: 'string',
        description: 'Existing addon values to extend or override (optional)',
      },
    },
    required: ['addon', 'targetLevel'],
  },
};
  • src/tools/index.ts:18-58 (registration)
    Import of the tool definition and handler from the addon-configurator module.
    import { addonConfiguratorTool, handleAddonConfigurator } from './platform-one/addon-configurator.js';

import { pipelineAuditTool, handlePipelineAudit } from './pipeline/pipeline-audit.js';
import { signingConfigTool, handleSigningConfig } from './pipeline/signing-config.js';
import { devsecopsScoreCardTool, handleDevsecopsScorecard } from './pipeline/devsecops-scorecard.js';

import { sspSectionTool, handleSspSection } from './documents/ssp-section.js';
import { contingencyPlanTool, handleContingencyPlan } from './documents/contingency-plan.js';

import { govcloudQuickstartTool, handleGovcloudQuickstart } from './govcloud-quickstart.js';

export const allTools = [
  // Compliance
  bicepAnalyzeTool,
  bicepRemediateTool,
  controlLookupTool,
  controlNarrativeTool,
  poamGenerateTool,
  atoReadinessTool,
  oscalFragmentTool,
  // Architecture
  landingZoneTool,
  landingZoneReferenceTool,
  serviceSelectTool,
  gccHighTool,
  privateEndpointTool,
  // Platform One
  bigbangValidateTool,
  bigbangHardenTool,
  ironbankLookupTool,
  addonConfiguratorTool,
  // Pipeline
  pipelineAuditTool,
  signingConfigTool,
  devsecopsScoreCardTool,
  // Documents
  sspSectionTool,
  contingencyPlanTool,
  // Meta
  govcloudQuickstartTool,
];
  • src/tools/index.ts:48-77 (registration)
    Registration of addonConfiguratorTool in the allTools array (line 48) and routing of 'addon_configurator' case in handleToolCall switch statement (line 77) to handleAddonConfigurator.
      addonConfiguratorTool,
  // Pipeline
  pipelineAuditTool,
  signingConfigTool,
  devsecopsScoreCardTool,
  // Documents
  sspSectionTool,
  contingencyPlanTool,
  // Meta
  govcloudQuickstartTool,
];

export async function handleToolCall(name: string, args: unknown): Promise<string> {
  switch (name) {
    case 'bicep_analyze':         return handleBicepAnalyze(args);
    case 'bicep_remediate':       return handleBicepRemediate(args);
    case 'control_lookup':        return handleControlLookup(args);
    case 'control_narrative':     return handleControlNarrative(args);
    case 'poam_generate':         return handlePoamGenerate(args);
    case 'ato_readiness':         return handleAtoReadiness(args);
    case 'oscal_fragment':        return handleOscalFragment(args);
    case 'landing_zone_design':   return handleLandingZone(args);
    case 'landing_zone_reference': return handleLandingZoneReference(args);
    case 'azure_service_selector': return handleServiceSelect(args);
    case 'gcc_high_guidance':     return handleGccHigh(args);
    case 'private_endpoint_map':  return handlePrivateEndpoint(args);
    case 'bigbang_validate':      return handleBigbangValidate(args);
    case 'bigbang_harden':        return handleBigbangHarden(args);
    case 'ironbank_lookup':       return handleIronbankLookup(args);
    case 'addon_configurator':    return handleAddonConfigurator(args);

Tool Definition Quality

A3.8/5.0
Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description discloses return content (hardened values with images, limits, security) but does not state whether the operation is read-only or has side effects. The generative nature suggests a safe read, but not explicit.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two succinct sentences: the first states the action and resource, the second describes the output. No redundant or irrelevant information.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Description covers core functionality and output type, but lacks specifics on return format (e.g., JSON/YAML) and any prerequisites. With no output schema, a bit more detail would be helpful for an agent.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, and the description reinforces parameter intent (e.g., IL-appropriate security for targetLevel) but does not add new semantic details beyond what the schema already provides.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description uses a specific verb ('generate') and resource ('Big Bang addon configuration values'), clearly distinguishing this tool from siblings like 'bigbang_harden' or 'ironbank_lookup' by focusing on config generation.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage for generating addon configs but provides no explicit when-to-use, when-not-to-use, or alternatives among sibling tools. The context is inferred rather than stated.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/cloudcwfranck/govcloud-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server