depguard_remediate

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Clearly states read-only nature: 'Read-only: never modifies package.json, lockfile, or runs npm.' Also describes internal steps (reads, groups, sorts). No annotations provided, so description carries full burden and succeeds.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

Four sentences, front-loaded with main purpose, no redundant words. Every sentence provides useful information.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Output is described conceptually (sorted by severity, actionable), but no explicit return format. Given no output schema, a bit more detail on output structure would improve completeness.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, so description adds minimal value. It reinforces that path is absolute and that targetLicense is auto-detected, but does not go beyond schema. Baseline 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states it builds a remediation plan for vulnerabilities, identifying which direct dependencies to upgrade. It distinguishes itself from sibling tools like depguard_audit_project by explaining the grouping and sorting behavior.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicit guidance: 'Use this when the user is staring at "100 vulnerabilities found"... and needs to know which 5 direct deps to upgrade.' Could improve by mentioning when not to use (e.g., if only raw audit is needed).

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.