SailPoint MCP Server

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure but offers minimal information. It states 'Create a new access request' which implies a write/mutation operation, but doesn't address critical aspects like: whether this triggers approval workflows, what permissions are required, if it's synchronous or asynchronous, what happens on success/failure, or if there are rate limits. For a mutation tool with zero annotation coverage, this is inadequate.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that communicates the core purpose without unnecessary words. It's appropriately sized for a tool with clear parameters documented elsewhere, though the brevity contributes to gaps in other dimensions.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a mutation tool with no annotations and no output schema, the description is insufficient. It doesn't explain what happens after creation (e.g., approval workflow, immediate provisioning), error conditions, required permissions, or return values. Given the complexity of access management and the presence of workflow-related siblings like 'get_workflow' and 'test_workflow', more context about the request lifecycle is needed.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so parameters are well-documented in the schema itself. The description mentions 'roles, access profiles, or entitlements' which aligns with the 'requestedItems.type' enum values, adding minimal context. However, it doesn't explain parameter relationships, constraints, or provide examples beyond what's already in the structured schema descriptions.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('Create a new access request') and specifies the target resources ('roles, access profiles, or entitlements'), making the purpose immediately understandable. However, it doesn't differentiate this tool from potential alternatives like 'list_access_requests' or explain how it differs from direct provisioning tools like 'create_access_profile' or 'create_role'.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. With siblings like 'create_access_profile' and 'create_role' that directly create resources, and 'list_access_requests' that retrieves requests, there's no indication whether this is for formal approval workflows, bulk requests, or specific use cases. The agent must infer usage from the name alone.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.