SD Elements MCP Server

get_countermeasure

Retrieve detailed information about a specific security countermeasure by providing its unique ID. Integrates with SD Elements MCP Server for security development lifecycle management.

Instructions

Get detailed information about a specific countermeasure

Input Schema

TableJSON Schema

Name	Required	Description	Default
`countermeasure_id`	Yes	The ID of the countermeasure to retrieve

Implementation Reference

src/sde_mcp_server/tools/countermeasures.py:57-66 (handler)

The core handler function for the 'get_countermeasure' MCP tool. Decorated with @mcp.tool() for automatic registration. Normalizes the ID, fetches data via API client, and returns formatted JSON.

@mcp.tool()
async def get_countermeasure(ctx: Context, project_id: int, countermeasure_id: Union[int, str], risk_relevant: bool = True) -> str:
    """Get details of a SPECIFIC countermeasure by its ID. Use this when the user asks about a particular countermeasure (e.g., "countermeasure 123", "T21", "countermeasure 456"). Accepts countermeasure ID as integer (e.g., 21) or string (e.g., "T21" or "31244-T21"). Filter by risk relevance - if true, only return risk-relevant countermeasures. Defaults to true. Do NOT use this tool when the user asks about available status choices or what statuses are valid - use get_task_status_choices instead."""
    global api_client
    if api_client is None:
        api_client = init_api_client()
    normalized_id = normalize_countermeasure_id(project_id, countermeasure_id)
    params = {"risk_relevant": risk_relevant}
    result = api_client.get_countermeasure(project_id, normalized_id, params)
    return json.dumps(result, indent=2)

src/sde_mcp_server/tools/countermeasures.py:10-38 (helper)

Supporting utility function used by get_countermeasure to normalize countermeasure IDs into the full '{project_id}-{task_id}' format.

def normalize_countermeasure_id(project_id: int, countermeasure_id: Union[int, str]) -> str:
    """
    Normalize countermeasure ID to full format (project_id-task_id).
    
    Accepts:
    - Integer: 21 -> "T21" -> "{project_id}-T21"
    - String starting with "T": "T21" -> "{project_id}-T21"
    - String in full format: "31244-T21" -> "31244-T21" (as-is)
    
    Args:
        project_id: The project ID
        countermeasure_id: Countermeasure ID as int or str
        
    Returns:
        Full task ID format: "{project_id}-T{number}" or existing full format
    """
    # If integer, convert to "T{number}" format
    if isinstance(countermeasure_id, int):
        task_id = f"T{countermeasure_id}"
    else:
        # Already a string
        task_id = countermeasure_id
    
    # If already in full format (contains project_id), return as-is
    if task_id.startswith(f"{project_id}-"):
        return task_id
    
    # Otherwise, construct full format
    return f"{project_id}-{task_id}"

src/sde_mcp_server/tools/__init__.py:6-6 (registration)
Import that loads the countermeasures.py module into tools.__init__.py, executing the @mcp.tool() decorators to register 'get_countermeasure' with the MCP server.
```
from .countermeasures import *
```
src/sde_mcp_server/server.py:296-296 (registration)
Import of the tools package in the main server.py file, which triggers the registration of all tools including 'get_countermeasure' via the chain of imports.
```
from . import tools  # noqa: F401
```
src/sde_mcp_server/server.py:27-27 (registration)
Creation of the FastMCP server instance to which all tools are registered.
```
mcp = FastMCP("sdelements-mcp")
```

Tool Definition Quality

B3.1/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden but only states it retrieves information without disclosing behavioral traits like read-only nature, error handling, authentication needs, or rate limits. It implies a safe read operation but lacks explicit confirmation or details.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that directly states the tool's purpose without unnecessary words. It's appropriately sized and front-loaded, with no wasted information.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a simple read tool with one parameter and no output schema, the description is minimally adequate but lacks completeness. It doesn't explain return values or error cases, and with no annotations, it misses behavioral context that would help the agent use it effectively.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the input schema fully documents the 'countermeasure_id' parameter. The description adds no additional meaning beyond what the schema provides, such as format examples or constraints, meeting the baseline for high coverage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb ('Get') and resource ('detailed information about a specific countermeasure'), making the purpose understandable. However, it doesn't explicitly differentiate from sibling tools like 'list_countermeasures' or 'update_countermeasure', which would require a 5.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention siblings like 'list_countermeasures' for browsing or 'update_countermeasure' for modifications, leaving the agent to infer usage context.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Related Tools

list_countermeasuresC
@geoffwhittington/sde-mcp
update_countermeasureC
@geoffwhittington/sde-mcp
update_projectC
@geoffwhittington/sde-mcp
get_business_unitC
@geoffwhittington/sde-mcp
update_applicationC
@geoffwhittington/sde-mcp
get_userC
@geoffwhittington/sde-mcp

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/geoffwhittington/sde-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server