Reports MCP Server

update_report

Modify existing penetration testing reports by editing fields like title, scope, findings, and status while maintaining secure HTML formatting standards.

Instructions

Update a report. HTML fields (goal, scope, summary description/keyFindings, recommendations) use minimal HTML formatting: only tags for paragraphs and for simple bullet lists. NO nesting, NO numbered lists, NO code blocks, NO headers.

Input Schema

TableJSON Schema

Name	Required	Description
`bearerToken`	No	Bearer token for authentication (optional if REPORTS_JWT_TOKEN env var is set)
`reportId`	Yes	The ID of the report to update (24-character MongoDB ObjectId)
`title`	No	Report title (optional, max 100 characters)
`platform`	No	Platform name (optional)
`goal`	No	HTML-formatted goal/objective using only <p> and <ul><li> tags (optional)
`scope`	No	HTML-formatted scope using only <p> and <ul><li> tags (optional)
`summaryDescription`	No	HTML-formatted summary description using only <p> and <ul><li> tags (optional)
`summaryKeyFindings`	No	HTML-formatted key findings using only <p> and <ul><li> tags (optional)
`recommendations`	No	HTML-formatted recommendations using only <p> and <ul><li> tags (optional)
`status`	No	Report status (optional)

Implementation Reference

server.js:55-131 (handler)

Core handler function that validates inputs, calls the API to update the report via PUT request, and returns formatted response or error.

async function updateReport(providedToken, reportId, reportData) {
  try {
    const bearerToken = getBearerToken(providedToken);
    
    // Validate reportId format (should be MongoDB ObjectId)
    if (!reportId || !reportId.match(/^[0-9a-fA-F]{24}$/)) {
      throw new McpError(
        ErrorCode.InvalidParams,
        'Invalid reportId format. Must be a valid MongoDB ObjectId (24 characters)'
      );
    }

    // Validate status if provided
    if (reportData.status !== undefined) {
      const validStatuses = ['Draft', 'In Progress', 'Submitted', 'Reviewed', 'Closed'];
      if (!validStatuses.includes(reportData.status)) {
        throw new McpError(
          ErrorCode.InvalidParams,
          `Status must be one of: ${validStatuses.join(', ')}`
        );
      }
    }

    const response = await axios.put(`${REPORTS_ENDPOINT}/${reportId}`, reportData, {
      headers: {
        'Authorization': `Bearer ${bearerToken}`,
        'Content-Type': 'application/json',
      },
      timeout: 15000,
    });

    return {
      content: [
        {
          type: 'text',
          text: JSON.stringify({
            success: true,
            status: response.status,
            data: response.data,
            timestamp: new Date().toISOString(),
            message: `Successfully updated report ${reportId}`,
          }, null, 2),
        },
      ],
    };
  } catch (error) {
    if (error instanceof McpError) {
      throw error;
    }
    
    if (error.response) {
      return {
        content: [
          {
            type: 'text',
            text: JSON.stringify({
              success: false,
              status: error.response.status,
              error: error.response.data || error.message,
              timestamp: new Date().toISOString(),
            }, null, 2),
          },
        ],
      };
    } else if (error.request) {
      throw new McpError(
        ErrorCode.InternalError,
        `Network error: Unable to reach the API at ${REPORTS_ENDPOINT}/${reportId}`
      );
    } else {
      throw new McpError(
        ErrorCode.InternalError,
        `Request setup error: ${error.message}`
      );
    }
  }
}

server.js:786-831 (schema)

JSON schema defining the input parameters for the update_report tool, including validation for required reportId and optional fields like title, status, etc.

  type: 'object',
  properties: {
    bearerToken: {
      type: 'string',
      description: 'Bearer token for authentication (optional if REPORTS_JWT_TOKEN env var is set)',
    },
    reportId: {
      type: 'string',
      description: 'The ID of the report to update (24-character MongoDB ObjectId)',
    },
    title: {
      type: 'string',
      description: 'Report title (optional, max 100 characters)',
    },
    platform: {
      type: 'string',
      description: 'Platform name (optional)',
    },
    goal: {
      type: 'string',
      description: 'HTML-formatted goal/objective using only <p> and <ul><li> tags (optional)',
    },
    scope: {
      type: 'string',
      description: 'HTML-formatted scope using only <p> and <ul><li> tags (optional)',
    },
    summaryDescription: {
      type: 'string',
      description: 'HTML-formatted summary description using only <p> and <ul><li> tags (optional)',
    },
    summaryKeyFindings: {
      type: 'string',
      description: 'HTML-formatted key findings using only <p> and <ul><li> tags (optional)',
    },
    recommendations: {
      type: 'string',
      description: 'HTML-formatted recommendations using only <p> and <ul><li> tags (optional)',
    },
    status: {
      type: 'string',
      enum: ['Draft', 'In Progress', 'Submitted', 'Reviewed', 'Closed'],
      description: 'Report status (optional)',
    },
  },
  required: ['reportId'],
},

server.js:782-832 (registration)

Registration of the update_report tool in the ListTools response, including name, description, and input schema.

{
  name: 'update_report',
  description: 'Update a report. HTML fields (goal, scope, summary description/keyFindings, recommendations) use minimal HTML formatting: only <p> tags for paragraphs and <ul><li> for simple bullet lists. NO nesting, NO numbered lists, NO code blocks, NO headers.',
  inputSchema: {
    type: 'object',
    properties: {
      bearerToken: {
        type: 'string',
        description: 'Bearer token for authentication (optional if REPORTS_JWT_TOKEN env var is set)',
      },
      reportId: {
        type: 'string',
        description: 'The ID of the report to update (24-character MongoDB ObjectId)',
      },
      title: {
        type: 'string',
        description: 'Report title (optional, max 100 characters)',
      },
      platform: {
        type: 'string',
        description: 'Platform name (optional)',
      },
      goal: {
        type: 'string',
        description: 'HTML-formatted goal/objective using only <p> and <ul><li> tags (optional)',
      },
      scope: {
        type: 'string',
        description: 'HTML-formatted scope using only <p> and <ul><li> tags (optional)',
      },
      summaryDescription: {
        type: 'string',
        description: 'HTML-formatted summary description using only <p> and <ul><li> tags (optional)',
      },
      summaryKeyFindings: {
        type: 'string',
        description: 'HTML-formatted key findings using only <p> and <ul><li> tags (optional)',
      },
      recommendations: {
        type: 'string',
        description: 'HTML-formatted recommendations using only <p> and <ul><li> tags (optional)',
      },
      status: {
        type: 'string',
        enum: ['Draft', 'In Progress', 'Submitted', 'Reviewed', 'Closed'],
        description: 'Report status (optional)',
      },
    },
    required: ['reportId'],
  },
},

server.js:36-52 (helper)

Helper function to retrieve or fallback to environment JWT token for authentication, used in updateReport.

function getBearerToken(providedToken) {
  // If a token is provided in the request, use it
  if (providedToken) {
    return providedToken;
  }
  
  // Otherwise, use the configured JWT token
  if (JWT_TOKEN) {
    return JWT_TOKEN;
  }
  
  // If no token is available, throw an error
  throw new McpError(
    ErrorCode.InvalidParams,
    'No bearer token provided. Either pass bearerToken parameter or set REPORTS_JWT_TOKEN environment variable.'
  );
}

server.js:1091-1127 (handler)

Dispatch handler in CallToolRequestHandler that preprocesses arguments (formats HTML fields), validates, and calls the updateReport function.

case 'update_report':
  if (!args.reportId) {
    throw new McpError(
      ErrorCode.InvalidParams,
      'Report ID is required'
    );
  }
  
  // Build update data object from provided fields with auto-HTML formatting for HTML fields
  const reportUpdateData = {};
  if (args.title !== undefined) reportUpdateData.title = args.title;
  if (args.platform !== undefined) reportUpdateData.platform = args.platform;
  if (args.goal !== undefined) reportUpdateData.goal = formatAsHTML(args.goal);
  if (args.scope !== undefined) reportUpdateData.scope = formatAsHTML(args.scope);
  if (args.recommendations !== undefined) reportUpdateData.recommendations = formatAsHTML(args.recommendations, 'list');
  if (args.status !== undefined) reportUpdateData.status = args.status;
  
  // Handle summary object fields
  if (args.summaryDescription !== undefined || args.summaryKeyFindings !== undefined) {
    reportUpdateData.summary = {};
    if (args.summaryDescription !== undefined) {
      reportUpdateData.summary.description = formatAsHTML(args.summaryDescription);
    }
    if (args.summaryKeyFindings !== undefined) {
      reportUpdateData.summary.keyFindings = formatAsHTML(args.summaryKeyFindings, 'list');
    }
  }
  
  if (Object.keys(reportUpdateData).length === 0) {
    throw new McpError(
      ErrorCode.InvalidParams,
      'At least one field must be provided to update'
    );
  }
  
  return await updateReport(args.bearerToken, args.reportId, reportUpdateData);

Tool Definition Quality

B3.2/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It helpfully specifies HTML formatting constraints (only <p> and <ul><li> tags, no nesting or other elements), which is valuable behavioral context. However, it doesn't mention authentication requirements (though the schema covers this), mutation effects, error conditions, or what happens to unspecified fields during update.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is efficiently structured in two sentences, with the first stating the core purpose and the second providing important formatting constraints. Every sentence adds value, though the formatting details could potentially be moved to parameter-level documentation since they're field-specific.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a mutation tool with 10 parameters and no annotations or output schema, the description provides adequate but incomplete context. The HTML formatting constraints are helpful, but missing are details about authentication requirements, partial update behavior, error handling, and what the tool returns. The schema covers parameter documentation well, but behavioral aspects remain underspecified.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema already documents all 10 parameters thoroughly. The description adds some value by emphasizing the HTML formatting constraints for specific fields (goal, scope, summaryDescription, summaryKeyFindings, recommendations), but this information is largely redundant with parameter descriptions in the schema. Baseline 3 is appropriate when the schema does most of the work.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb 'update' and resource 'report', making the purpose immediately understandable. It distinguishes itself from sibling tools like 'create_report' by focusing on modification rather than creation. However, it doesn't specify what aspects of a report can be updated beyond the HTML formatting constraints mentioned.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives like 'create_report' or 'get_report'. There's no mention of prerequisites, such as needing an existing report ID, or contextual factors that would make this the appropriate choice over other report-related tools.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/izzy0101010101/mcp-reports-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server