@cloudcraftwithfranck/govcloud-mcp

landing_zone_design

Design Azure Landing Zone for government workloads. Inputs mission type, data classification, user base, and impact level. Outputs hub-spoke topology, subscriptions, network, security, and Bicep scaffold.

Instructions

Design a complete Azure Landing Zone architecture for government workloads. Returns hub-spoke topology, subscription structure, network layout, security services, and Bicep scaffold.

Input Schema

TableJSON Schema

Name	Required	Description
`missionType`	Yes	Mission type drives architecture decisions
`dataClassification`	Yes
`userBase`	Yes
`targetImpactLevel`	Yes
`estimatedUsers`	No	Approximate user count
`connectedToNIPR`	No
`existingEnclaves`	No	Describe existing enclaves/networks
`cssp`	No	Cloud service provider (default: azure-gcc-high)

Implementation Reference

src/tools/architecture/landing-zone-design.ts:55-68 (handler)

The handler function that executes the landing_zone_design tool logic. It uses runTool() to validate args via Zod schema, builds a prompt via landingZoneTemplate(), calls the Anthropic API with the ARCHITECTURE_SYSTEM system prompt and token budget, then returns the text response.

export async function handleLandingZone(args: unknown): Promise<string> {
  return runTool('landing_zone_design', args, Schema, async (params) => {
    const prompt = landingZoneTemplate({ ...params, cssp: params.cssp ?? 'azure-gcc-high' });

    const response = await anthropic.messages.create({
      model: MODEL,
      max_tokens: getTokenBudget('landing_zone_design'),
      system: ARCHITECTURE_SYSTEM,
      messages: [{ role: 'user', content: prompt }],
    });

    return response.content[0].type === 'text' ? response.content[0].text : '';
  });
}

src/tools/architecture/landing-zone-design.ts:44-53 (schema)

Zod validation schema for landing_zone_design inputs. Validates missionType, dataClassification, userBase, targetImpactLevel (required), plus optional estimatedUsers, connectedToNIPR, existingEnclaves, and cssp (default azure-gcc-high).

const Schema = z.object({
  missionType: z.enum(['combat-support', 'admin-backoffice', 'legal-services', 'healthcare', 'intelligence-analytics', 'logistics', 'communications']),
  dataClassification: z.enum(['unclassified', 'cui', 'fouo', 'secret']),
  userBase: z.enum(['conus', 'oconus', 'both', 'disconnected']),
  targetImpactLevel: z.enum(['fedramp-moderate', 'fedramp-high', 'il4', 'il5']),
  estimatedUsers: z.number().optional(),
  connectedToNIPR: z.boolean().optional(),
  existingEnclaves: z.string().max(500).optional(),
  cssp: z.enum(['azure-government', 'azure-gcc-high']).default('azure-gcc-high'),
});

src/tools/index.ts:39-39 (registration)
Tool registration: landingZoneTool is included in the allTools array at index position for architecture tools.
```
landingZoneTool,
```
src/tools/index.ts:69-69 (registration)
Tool dispatch: the handleToolCall switch routes 'landing_zone_design' to handleLandingZone(args).
```
case 'landing_zone_design':   return handleLandingZone(args);
```

src/prompts/templates.ts:93-127 (helper)

The prompt template function landingZoneTemplate() that constructs the detailed architecture prompt passed to the Anthropic API, requesting hub-spoke topology, subscription layout, network CIDR, security services, identity architecture, Bicep scaffold, cost estimate, and ATO path.

export function landingZoneTemplate(params: {
  missionType: string;
  dataClassification: string;
  userBase: string;
  targetImpactLevel: string;
  estimatedUsers?: number;
  connectedToNIPR?: boolean;
  existingEnclaves?: string;
  cssp: string;
}): string {
  return `Design a complete Azure Landing Zone for a government workload with these parameters:

Mission Type: ${params.missionType}
Data Classification: ${params.dataClassification}
User Base: ${params.userBase}
Target Impact Level: ${params.targetImpactLevel}
CSP Level: ${params.cssp}
${params.estimatedUsers ? `Estimated Users: ${params.estimatedUsers}` : ''}
${params.connectedToNIPR !== undefined ? `Connected to NIPR: ${params.connectedToNIPR}` : ''}
${params.existingEnclaves ? `Existing Enclaves: ${params.existingEnclaves}` : ''}

Provide:
1. Management Group hierarchy (with naming convention)
2. Subscription topology
3. Hub-spoke network design (CIDR ranges, subnet layout)
4. Required Azure security services
5. Identity architecture (Entra ID + MFA + PIM)
6. Connectivity model
7. Bicep scaffold structure
8. Estimated monthly cost range
9. ATO path recommendation
10. What is typically missed on ${params.missionType} deployments

Be specific to the mission type — ${params.missionType} has unique requirements.`;
}

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description must disclose behavioral traits. It describes what the tool returns but does not mention side effects, idempotency, or authorization requirements. The non-destructive nature is implied but not explicit.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The single-sentence description is efficient, front-loading the purpose and listing outputs. No extraneous words, though slightly dense. Structure is adequate.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

With 8 parameters, no output schema, and a complex domain (government workloads), the description lacks context on constraints, prerequisites, or how outputs relate to inputs. Missing compliance or authorization hints.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 50%, with some parameters self-explanatory from enums and names. The description adds no parameter details beyond the schema, but the baseline is acceptable given partial schema coverage. No enhancement.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool designs a complete Azure Landing Zone architecture for government workloads, listing specific outputs. However, it does not differentiate from sibling tool 'landing_zone_reference', which may have overlapping purpose.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance on when to use this tool versus alternatives like 'landing_zone_reference' or 'azure_service_selector'. The description implies design use but lacks explicit context for choosing it over siblings.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/cloudcwfranck/govcloud-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server