@cloudcraftwithfranck/govcloud-mcp

control_lookup

Retrieve NIST 800-53 Rev 5 control details including requirement text, Azure implementation guidance, FedRAMP inheritance, and eMASS narrative starter.

Instructions

Look up any NIST 800-53 Rev 5 control and get the full requirement text, Azure implementation guidance, FedRAMP inheritance model, and a copy-ready eMASS narrative starter.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`controlId`	Yes	NIST 800-53 control ID — e.g. "AC-2", "SC-28", "AC-2(1)"
`azureContext`	No	Optional: describe your Azure environment for context-specific guidance

Implementation Reference

src/tools/compliance/control-lookup.ts:49-69 (handler)

The handleControlLookup function executes the tool logic: validates input via Zod schema, calls Anthropic Claude with a detailed system prompt about NIST 800-53 Rev 5 controls, and returns the AI-generated response.

export async function handleControlLookup(args: unknown): Promise<string> {
  return runTool('control_lookup', args, Schema, async ({ controlId, azureContext }) => {
    const contextNote = azureContext ? `\n\nAzure Environment Context: ${azureContext}` : '';

    const response = await anthropic.messages.create({
      model: MODEL,
      max_tokens: getTokenBudget('control_lookup'),
      system: CONTROL_SYSTEM,
      messages: [
        {
          role: 'user',
          content: `Provide the complete reference for NIST 800-53 Rev 5 control: **${controlId}**${contextNote}

Include all enhancements and their FedRAMP baseline applicability.`,
        },
      ],
    });

    return response.content[0].type === 'text' ? response.content[0].text : '';
  });
}

src/tools/compliance/control-lookup.ts:25-33 (schema)

Zod validation schema requiring controlId (NIST format regex) and optional azureContext (max 500 chars).

const Schema = z.object({
  controlId: z
    .string()
    .regex(
      /^[A-Z]{2}-\d{1,2}(\(\d{1,2}\))?$/,
      'Control ID must be NIST format: e.g. AC-2, SC-28, AC-2(1)'
    ),
  azureContext: z.string().max(500).optional(),
});

src/tools/compliance/control-lookup.ts:5-23 (registration)

Tool definition object with name 'control_lookup', description, and JSON Schema inputSchema (controlId required, azureContext optional).

export const controlLookupTool = {
  name: 'control_lookup',
  description:
    'Look up any NIST 800-53 Rev 5 control and get the full requirement text, Azure implementation guidance, FedRAMP inheritance model, and a copy-ready eMASS narrative starter.',
  inputSchema: {
    type: 'object' as const,
    properties: {
      controlId: {
        type: 'string',
        description: 'NIST 800-53 control ID — e.g. "AC-2", "SC-28", "AC-2(1)"',
      },
      azureContext: {
        type: 'string',
        description: 'Optional: describe your Azure environment for context-specific guidance',
      },
    },
    required: ['controlId'],
  },
};

src/tools/index.ts:3-64 (registration)

Import and registration of controlLookupTool in the allTools array, plus the switch-case routing at line 64 mapping 'control_lookup' to handleControlLookup.

import { controlLookupTool, handleControlLookup } from './compliance/control-lookup.js';
import { controlNarrativeTool, handleControlNarrative } from './compliance/control-narrative.js';
import { poamGenerateTool, handlePoamGenerate } from './compliance/poam-generate.js';
import { atoReadinessTool, handleAtoReadiness } from './compliance/ato-readiness.js';
import { oscalFragmentTool, handleOscalFragment } from './compliance/oscal-fragment.js';

import { landingZoneTool, handleLandingZone } from './architecture/landing-zone-design.js';
import { landingZoneReferenceTool, handleLandingZoneReference } from './architecture/landing-zone-reference.js';
import { serviceSelectTool, handleServiceSelect } from './architecture/azure-service-selector.js';
import { gccHighTool, handleGccHigh } from './architecture/gcc-high-guidance.js';
import { privateEndpointTool, handlePrivateEndpoint } from './architecture/private-endpoint-map.js';

import { bigbangValidateTool, handleBigbangValidate } from './platform-one/bigbang-validate.js';
import { bigbangHardenTool, handleBigbangHarden } from './platform-one/bigbang-harden.js';
import { ironbankLookupTool, handleIronbankLookup } from './platform-one/ironbank-lookup.js';
import { addonConfiguratorTool, handleAddonConfigurator } from './platform-one/addon-configurator.js';

import { pipelineAuditTool, handlePipelineAudit } from './pipeline/pipeline-audit.js';
import { signingConfigTool, handleSigningConfig } from './pipeline/signing-config.js';
import { devsecopsScoreCardTool, handleDevsecopsScorecard } from './pipeline/devsecops-scorecard.js';

import { sspSectionTool, handleSspSection } from './documents/ssp-section.js';
import { contingencyPlanTool, handleContingencyPlan } from './documents/contingency-plan.js';

import { govcloudQuickstartTool, handleGovcloudQuickstart } from './govcloud-quickstart.js';

export const allTools = [
  // Compliance
  bicepAnalyzeTool,
  bicepRemediateTool,
  controlLookupTool,
  controlNarrativeTool,
  poamGenerateTool,
  atoReadinessTool,
  oscalFragmentTool,
  // Architecture
  landingZoneTool,
  landingZoneReferenceTool,
  serviceSelectTool,
  gccHighTool,
  privateEndpointTool,
  // Platform One
  bigbangValidateTool,
  bigbangHardenTool,
  ironbankLookupTool,
  addonConfiguratorTool,
  // Pipeline
  pipelineAuditTool,
  signingConfigTool,
  devsecopsScoreCardTool,
  // Documents
  sspSectionTool,
  contingencyPlanTool,
  // Meta
  govcloudQuickstartTool,
];

export async function handleToolCall(name: string, args: unknown): Promise<string> {
  switch (name) {
    case 'bicep_analyze':         return handleBicepAnalyze(args);
    case 'bicep_remediate':       return handleBicepRemediate(args);
    case 'control_lookup':        return handleControlLookup(args);

src/utils/tool-runner.ts:18-18 (helper)
Token budget configuration for control_lookup (4096 tokens) and timeout configuration (30000ms) in the tool-runner utility.
```
control_lookup: 4096,
```

Tool Definition Quality

A3.9/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description fully discloses the tool's output types and the optional nature of azureContext. It does not mention any destructive behavior, rate limits, or authentication needs, but the safe read-only nature is implied.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single sentence that efficiently captures the main action and outputs. It is front-loaded and contains no wasted words, though it could be slightly more structured.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a lookup tool with no output schema, the description adequately lists all expected outputs (full requirement text, Azure guidance, FedRAMP inheritance model, eMASS narrative starter). Missing format details and error handling, but given low complexity, it is mostly complete.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Both parameters have schema descriptions that are clear. The tool description adds context by linking azureContext to 'context-specific guidance', but does not significantly enrich beyond the schema. With 100% schema coverage, a baseline of 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action (look up) and the resource (NIST 800-53 Rev 5 control), and enumerates specific outputs (requirement text, Azure guidance, FedRAMP inheritance model, eMASS narrative starter). This distinguishes it from sibling tools like control_narrative and ssp_section.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage when a user needs comprehensive control details with Azure and FedRAMP context, but does not explicitly state when to use this tool versus alternatives (e.g., control_narrative only provides narrative). No exclusions or when-not-to-use guidance is provided.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/cloudcwfranck/govcloud-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server