Palo Alto Networks MCP Server Suite

list_resources

Retrieve specific Palo Alto Networks firewall resources by category and type for management tasks.

Instructions

List resources from a specific category

Input Schema

TableJSON Schema

Name	Required	Description	Default
`category`	Yes	Resource category to list
`resource_type`	Yes	Specific resource type within the category

Implementation Reference

src/index.ts:217-245 (handler)

The main handler for the 'list_resources' tool. Validates input arguments using isListResourcesArgs, verifies the resource_type exists in the specified category's list, makes an API call to `/Objects/${resource_type}` on the Palo Alto firewall, and returns the JSON response as text content.

case 'list_resources': {
    const rawArgs = request.params.arguments;
    if (!isListResourcesArgs(rawArgs)) {
        throw new McpError(
            ErrorCode.InvalidParams, 
            'Invalid arguments for list_resources'
        );
    }

    const { category, resource_type } = rawArgs;

    const categoryResources = RESOURCE_CATEGORIES[category];
    if (!categoryResources.includes(resource_type)) {
        throw new McpError(
            ErrorCode.InvalidParams, 
            `Invalid resource type for category ${category}: ${resource_type}`
        );
    }

    const response = await this.axiosInstance.get(`/Objects/${resource_type}`);
    return {
        content: [
            {
                type: 'text',
                text: JSON.stringify(response.data, null, 2),
            },
        ],
    };
}

src/index.ts:79-82 (schema)
TypeScript interface defining the expected input shape for the list_resources tool arguments.
```
interface ListResourcesArgs {
    category: keyof ResourceCategories;
    resource_type: string;
}
```

src/index.ts:141-158 (registration)

Tool registration in the ListToolsRequestSchema handler, defining name, description, and inputSchema with validation for category (enum from RESOURCE_CATEGORIES keys) and resource_type.

    name: 'list_resources',
    description: 'List resources from a specific category',
    inputSchema: {
        type: 'object',
        properties: {
            category: {
                type: 'string',
                enum: Object.keys(RESOURCE_CATEGORIES),
                description: 'Resource category to list'
            },
            resource_type: {
                type: 'string',
                description: 'Specific resource type within the category'
            }
        },
        required: ['category', 'resource_type']
    }
},

src/index.ts:84-92 (helper)

Type guard helper function used to validate that arguments match ListResourcesArgs shape and category is a valid key in RESOURCE_CATEGORIES.

function isListResourcesArgs(args: unknown): args is ListResourcesArgs {
    if (typeof args !== 'object' || args === null) return false;
    const typedArgs = args as Record<string, unknown>;
    return (
        typeof typedArgs.category === 'string' && 
        typeof typedArgs.resource_type === 'string' &&
        Object.keys(RESOURCE_CATEGORIES).includes(typedArgs.category as string)
    );
}

src/index.ts:26-77 (helper)

Constant defining all available resource categories and their supported resource_types, used for validation in schema enum, arg validation, and handler checks.

const RESOURCE_CATEGORIES: ResourceCategories = {
    OBJECTS: [
        'Addresses', 'AddressGroups', 'Regions', 'DynamicUserGroups', 
        'Applications', 'ApplicationGroups', 'ApplicationFilters', 
        'Services', 'ServiceGroups', 'Tags', 'GlobalProtectHIPObjects',
        'GlobalProtectHIPProfiles', 'ExternalDynamicLists', 
        'CustomDataPatterns', 'CustomSpywareSignatures', 
        'CustomVulnerabilitySignatures', 'CustomURLCategories',
        'AntivirusSecurityProfiles', 'AntiSpywareSecurityProfiles',
        'VulnerabilityProtectionSecurityProfiles', 
        'URLFilteringSecurityProfiles', 'FileBlockingSecurityProfiles',
        'WildFireAnalysisSecurityProfiles', 'DataFilteringSecurityProfiles',
        'DoSProtectionSecurityProfiles', 'SecurityProfileGroups',
        'LogForwardingProfiles', 'AuthenticationEnforcements', 
        'DecryptionProfiles', 'PacketBrokerProfiles', 
        'SDWANPathQualityProfiles', 'SDWANTrafficDistributionProfiles',
        'SDWANSaasQualityProfiles', 'SDWANErrorCorrection', 'Schedules'
    ],
    POLICIES: [
        'SecurityRules', 'NATRules', 'QoSRules', 
        'PolicyBasedForwardingRules', 'DecryptionRules', 
        'NetworkPacketBrokerRules', 'TunnelInspectionRules', 
        'ApplicationOverrideRules', 'AuthenticationRules', 
        'DoSRules', 'SDWANRules'
    ],
    NETWORK: [
        'EthernetInterfaces', 'AggregateEthernetInterfaces', 
        'VLANInterfaces', 'LoopbackInterfaces', 'TunnelIntefaces', 
        'SDWANInterfaces', 'Zones', 'VLANs', 'VirtualWires', 
        'VirtualRouters', 'IPSecTunnels', 'GRETunnels', 
        'DHCPServers', 'DHCPRelays', 'DNSProxies', 
        'GlobalProtectPortals', 'GlobalProtectGateways', 
        'GlobalProtectGatewayAgentTunnels', 
        'GlobalProtectGatewaySatelliteTunnels', 
        'GlobalProtectGatewayMDMServers', 
        'GlobalProtectClientlessApps', 
        'GlobalProtectClientlessAppGroups', 
        'QoSInterfaces', 'LLDP', 
        'GlobalProtectIPSecCryptoNetworkProfiles', 
        'IKEGatewayNetworkProfiles', 'IKECryptoNetworkProfiles', 
        'MonitorNetworkProfiles', 
        'InterfaceManagementNetworkProfiles', 
        'ZoneProtectionNetworkProfiles', 'QoSNetworkProfiles', 
        'LLDPNetworkProfiles', 'BFDNetworkProfiles', 
        'SDWANInterfaceProfiles'
    ],
    DEVICES: [
        'VirtualSystems', 'SNMPTrapServerProfiles', 
        'SyslogServerProfiles', 'EmailServerProfiles', 
        'HttpServerProfiles', 'LDAPServerProfiles'
    ]
};

Tool Definition Quality

C2.6/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It states it 'List resources' but doesn't reveal if this is a read-only operation, requires authentication, has rate limits, or what the output format might be. This leaves significant gaps for a tool with parameters and no output schema.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence with no wasted words, making it front-loaded and easy to parse. However, it's slightly under-specified given the tool's complexity, but it earns high marks for brevity.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool has 2 parameters, no annotations, and no output schema, the description is incomplete. It doesn't explain what 'resources' entail, how results are returned, or any behavioral traits, leaving the agent with insufficient context for effective use.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 100% description coverage, with clear documentation for both parameters, including an enum for 'category.' The description adds no additional meaning beyond the schema, such as explaining the relationship between 'category' and 'resource_type' or providing examples. Baseline 3 is appropriate as the schema does the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose3/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description states the tool 'List resources from a specific category,' which provides a basic verb ('List') and resource target ('resources'), but it's vague about what 'resources' means in this context and doesn't differentiate from sibling tools like 'get_system_info' or 'view_config_node_values.' It's adequate for minimal understanding but lacks specificity.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description offers no guidance on when to use this tool versus alternatives like 'get_system_info' or 'view_config_node_values,' nor does it mention prerequisites or exclusions. It implies usage for listing by category but fails to provide context for selection among siblings.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/packetracer/mcpserver'

If you have feedback or need assistance with the MCP directory API, please join our Discord server