RAD Security

Official

Overview Schema Related Servers Score Discussions

run_workflow

Execute security workflows in Kubernetes and cloud environments with customizable parameters to analyze and address security findings through the RAD Security platform.

Instructions

Run a workflow with optional argument overrides

Input Schema

TableJSON Schema

Name	Required	Description
`workflow_id`	Yes	ID of the workflow to run
`async`	No	If true, run asynchronously and return immediately. If false, wait for the workflow to finish.
`args`	No	Optional arguments to override when running the workflow

Implementation Reference

src/operations/workflows.ts:76-128 (handler)

Core handler function that executes the run_workflow tool: POSTs to start workflow run, handles async immediate return or sync polling until completion.

export async function runWorkflow(
  client: RadSecurityClient,
  workflowId: string,
  async: boolean = true,
  args?: Record<string, any>
): Promise<any> {
  const body: Record<string, any> = {};
  if (args) {
    body.args = args;
  }

  const response = await client.makeRequest(
    `/accounts/${client.getAccountId()}/workflows/${workflowId}/runs`,
    {},
    { method: "POST", body: args??{} }
  );

  if (!response || !response.id) {
    throw new Error(`Failed to run workflow ${workflowId}: no id in response`);
  }

  const runId = response.id;

  // If async, return immediately with the run_id
  if (async) {
    return { run_id: runId, status: "running", message: "Workflow started asynchronously" };
  }

  // Otherwise, poll until the workflow is finished
  const pollInterval = 2000; // 2 seconds
  const maxWaitTime = 300000; // 5 minutes
  const startTime = Date.now();

  while (true) {
    const runDetails = await getWorkflowRun(client, workflowId, runId);

    // Check if the workflow has finished
    const status = runDetails.status;
    if (status === "completed" || status === "failed" || status === "cancelled") {
      return runDetails;
    }

    // Check if we've exceeded the max wait time
    if (Date.now() - startTime > maxWaitTime) {
      throw new Error(
        `Workflow ${workflowId} run ${runId} did not finish within ${maxWaitTime / 1000} seconds. Last status: ${status}`
      );
    }

    // Wait before polling again
    await new Promise(resolve => setTimeout(resolve, pollInterval));
  }
}

src/operations/workflows.ts:13-17 (schema)

Input schema validation using Zod for the run_workflow tool parameters.

export const RunWorkflowSchema = z.object({
  workflow_id: z.string().describe("ID of the workflow to run"),
  async: z.boolean().default(true).describe("If true, run asynchronously and return immediately. If false, wait for the workflow to finish."),
  args: z.record(z.any()).optional().describe("Optional arguments to override when running the workflow"),
});

src/index.ts:531-534 (registration)

Tool registration in the list_tools response, defining name, description, and input schema.

  name: "run_workflow",
  description: "Run a workflow with optional argument overrides",
  inputSchema: zodToJsonSchema(workflows.RunWorkflowSchema),
},

src/index.ts:1438-1452 (registration)

Dispatch handler in call_tool request that parses args with schema and invokes the runWorkflow function.

case "run_workflow": {
  const args = workflows.RunWorkflowSchema.parse(
    request.params.arguments
  );
  const response = await workflows.runWorkflow(
    client,
    args.workflow_id,
    args.async,
    args.args
  );
  return {
    content: [
      { type: "text", text: JSON.stringify(response, null, 2) },
    ],
  };

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It mentions 'run' and 'optional argument overrides,' but lacks critical behavioral details: whether this is a mutation (likely yes), what permissions are required, if it's idempotent, rate limits, error handling, or what happens on success/failure. This is inadequate for a tool that likely modifies state.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence with zero waste—it states the core action and key feature (argument overrides) without fluff. It's appropriately sized and front-loaded, making it easy to parse quickly.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool likely performs mutations (running workflows) with no annotations and no output schema, the description is incomplete. It doesn't explain return values, error cases, or behavioral traits needed for safe invocation. For a 3-parameter tool in a complex domain (workflow execution), this leaves significant gaps.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema fully documents parameters (workflow_id, async, args). The description adds minimal value by implying 'args' are for overrides, but doesn't clarify syntax, format, or constraints beyond what the schema provides. Baseline 3 is appropriate as the schema does the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('run') and resource ('workflow'), specifying it executes a workflow with optional argument overrides. It distinguishes from sibling tools like 'get_workflow' (which retrieves) and 'list_workflows' (which lists), but could be more specific about what 'run' entails (e.g., execution vs. scheduling).

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance is provided on when to use this tool versus alternatives. It doesn't mention prerequisites (e.g., needing an existing workflow ID), compare to siblings like 'get_workflow_run' or 'list_workflow_runs', or specify contexts (e.g., for automation vs. testing).

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/rad-security/mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server