FedRAMP Docs MCP Server

get_ksi

Retrieve a specific KSI entry by its ID from FedRAMP documentation to access compliance requirements and security controls.

Instructions

Retrieve a single KSI entry by id.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`id`	Yes

Implementation Reference

src/tools/get_ksi.ts:17-20 (handler)
The execute handler function for the get_ksi tool. It takes an input with 'id' and calls the helper getKsiItem to retrieve and return the KSI item.
```
execute: async (input) => {
  const item = getKsiItem(input.id);
  return { item };
},
```
src/tools/get_ksi.ts:6-8 (schema)
Zod input schema for the tool, requiring a string 'id' parameter.
```
const schema = z.object({
  id: z.string(),
});
```

src/tools/get_ksi.ts:10-21 (registration)

Local tool definition and export of getKsiTool with name 'get_ksi', description, schema, and execute handler.

export const getKsiTool: ToolDefinition<
  typeof schema,
  { item: ReturnType<typeof getKsiItem> }
> = {
  name: "get_ksi",
  description: "Retrieve a single KSI entry by id.",
  schema,
  execute: async (input) => {
    const item = getKsiItem(input.id);
    return { item };
  },
};

src/tools/register.ts:32-32 (registration)
Global registration: inclusion of getKsiTool in the array passed to registerToolDefs(server) for MCP server.
```
getKsiTool,
```

src/frmr.ts:108-117 (helper)

Helper function getKsiItem(id) that retrieves a single KSI item from the cached list via getKsiItems() or throws NOT_FOUND.

export function getKsiItem(id: string): KsiItem {
  const match = getKsiItems().find((item) => item.id === id);
  if (!match) {
    throw createError({
      code: "NOT_FOUND",
      message: `KSI item not found for id ${id}`,
    });
  }
  return match;
}

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. It states the tool retrieves data (implying read-only), but doesn't cover critical aspects like authentication needs, rate limits, error handling (e.g., what happens if ID doesn't exist), or response format. For a tool with zero annotation coverage, this is a significant gap in transparency.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence with zero wasted words. It front-loads the core purpose ('Retrieve a single KSI entry') and adds necessary qualification ('by id'). Every word earns its place, making it highly concise and well-structured.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's simplicity (1 parameter, no output schema), the description is incomplete. It lacks context about what KSI entries are, their domain (likely compliance/controls based on sibling tools), error scenarios, and response structure. With no annotations and low schema coverage, the description doesn't provide enough information for reliable agent use.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, so the description must compensate. It mentions the 'id' parameter and specifies it's used to retrieve a single entry, adding some semantic context beyond the bare schema. However, it doesn't explain the ID format, constraints, or examples, leaving the parameter partially undocumented. This meets the baseline for minimal compensation.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('Retrieve') and resource ('a single KSI entry'), making the purpose understandable. It distinguishes from sibling 'list_ksi' by specifying retrieval of a single entry by ID rather than listing multiple entries. However, it doesn't explain what 'KSI' stands for or the domain context, which slightly limits clarity.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives like 'list_ksi' or 'get_requirement_by_id'. It mentions retrieving by ID but doesn't specify prerequisites, error conditions, or typical use cases. This leaves the agent with insufficient context for optimal tool selection.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/ethanolivertroy/fedramp-docs-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server