Skip to main content
Glama
devhelmhq

DevHelm MCP Server

Official
by devhelmhq
OverviewSchemaRelated ServersScoreDiscussions
Python
Hybrid

get_policy_snapshot

Retrieve a historical detection policy snapshot by its content-addressed SHA-256 hash, ensuring accurate review of policy state at a specific point in time.

Instructions

Fetch a policy snapshot by its content-addressed SHA-256 hash.

Useful for inspecting the exact detection policy that was active when a specific evaluation or transition happened — the hash is stable, so historical data keeps pointing at the right policy even if the monitor has been edited since.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
hash_hexYes

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault
resultYes

Implementation Reference

  • src/devhelm_mcp/tools/forensics.py:59-71 (handler)
    The handler function for the 'get_policy_snapshot' tool. It accepts a SHA-256 hash_hex (and optional api_token), calls the SDK's forensics.policy_snapshot method, and serializes the result. Registered via @mcp.tool() decorator.
    @mcp.tool()
def get_policy_snapshot(hash_hex: str, api_token: str | None = None) -> ToolResult:
    """Fetch a policy snapshot by its content-addressed SHA-256 hash.

    Useful for inspecting the exact detection policy that was active
    when a specific evaluation or transition happened — the hash is
    stable, so historical data keeps pointing at the right policy
    even if the monitor has been edited since.
    """
    try:
        return serialize(get_client(api_token).forensics.policy_snapshot(hash_hex))
    except DevhelmError as e:
        raise_tool_error(e)
  • src/devhelm_mcp/server.py:109-110 (registration)
    Tool registration: The 'forensics' module (containing get_policy_snapshot) is registered via server.py's ALL_TOOL_MODULES list which calls forensics.register(mcp).
    for mod in ALL_TOOL_MODULES:
    mod.register(mcp)
  • src/devhelm_mcp/client.py:131-136 (helper)
    get_client() helper — builds a Devhelm SDK client used by the handler to call forensics.policy_snapshot().
    return Devhelm(
    token=resolve_api_token(api_token),
    base_url=API_BASE_URL,
    surface="mcp",
    surface_version=_server_version(),
)
  • src/devhelm_mcp/client.py:262-292 (helper)
    serialize() helper — converts the SDK response into JSON-safe dicts for the MCP tool output.
    def serialize(data: object) -> dict[str, Any] | list[dict[str, Any]]:
    """Serialize Pydantic models / dicts / lists to JSON-safe shapes.

    The signature returns the legacy `dict | list-of-dict` envelope that
    every MCP tool is wired against, but the recursive work is delegated
    to `_serialize_value` which is fully typed. We narrow at this single
    boundary, so removing the `Any` from tool implementations only
    requires changing this function's return type without touching any
    callers.
    """
    value = _serialize_value(data)
    if isinstance(value, dict):
        return value
    if isinstance(value, list):
        # Tools always feed `serialize` a list of model instances or
        # dicts; the recursive call returns a list of either dicts
        # (Pydantic / dict items) or scalars (which would be a tool
        # bug). Reject scalars loudly so the LLM sees the error.
        out: list[dict[str, Any]] = []
        for item in value:
            if not isinstance(item, dict):
                raise TypeError(
                    "serialize() expected list items to be dicts or Pydantic "
                    f"models, got {type(item).__name__}."
                )
            out.append(item)
        return out
    raise TypeError(
        "serialize() expected a Pydantic model, dict, or list of those; "
        f"got {type(data).__name__}."
    )
  • src/devhelm_mcp/client.py:205-222 (helper)
    raise_tool_error helper — converts SDK exceptions into FastMCP ToolError for proper error reporting.
    def raise_tool_error(err: DevhelmError) -> NoReturn:
    """Convert an SDK error into a FastMCP ``ToolError`` so ``isError=true``.

    Per the MCP spec, upstream API failures must surface as
    ``CallToolResult.isError = true`` so the LLM can distinguish a tool that
    *ran but failed* from one that *succeeded with an error message in the
    response* — those have the same shape on the wire otherwise.

    The previous behavior returned ``format_error(err)`` as a regular tool
    return value (``isError = false``), which caused agents to confidently
    report success after a 4xx/5xx (silent-corruption bug from the round-3
    DevEx audit). FastMCP catches the ``ToolError`` raised here and
    serializes it into ``CallToolResult(isError=True, content=[...])``,
    preserving the human-readable formatted message for the LLM.

    See https://modelcontextprotocol.io/specification/server/tools#error-handling.
    """
    raise ToolError(format_error(err)) from err

Tool Definition Quality

A4.3/5.0
Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden. It discloses the read-only nature and the stability of the hash, but does not address error handling or permission requirements. Adequate but not rich.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Two concise sentences that front-load the action and provide context. No unnecessary words; every sentence adds value.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool has only one required parameter, an output schema exists, and the description clearly states the purpose and use case, it is fully complete for an agent to correctly invoke the tool without additional context.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, but the description adds meaning by specifying 'content-addressed SHA-256 hash' and explaining the hash's stability. This goes beyond the schema which only names the parameter. Could be more explicit about hash format (hex encoding).

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool fetches a policy snapshot by its SHA-256 hash, and elaborates on the use case for inspecting historical detection policies. This distinguishes it from other get_* tools by specifying the content-addressed retrieval.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description explains when to use the tool (to inspect the exact policy active during a past event) and highlights the hash stability benefit. However, it does not explicitly mention when not to use it or suggest alternatives.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/devhelmhq/mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server