stepsecurity-mcp

Official

Overview Schema Related Servers Score Discussions

create_suppression_rule

Create a suppression rule to ignore a specific detection type and retroactively suppress past matching detections. Requires user confirmation after previewing expected impact via preview_suppression_rule.

Instructions

Create a suppression rule. WRITE OPERATION — requires confirm: true and a read-only API key will 403. Before calling this, you MUST call preview_suppression_rule with the same conditions and show the user the expected impact. Creating a rule also retroactively suppresses matching past detections (synchronous server-side). After creation the tool verifies how many past detections were moved. Severity action is hardcoded to 'ignore' (only type the backend supports).

Input Schema

TableJSON Schema

Name	Required	Description
`customer`	No	StepSecurity customer/tenant identifier. Optional — falls back to STEP_SECURITY_CUSTOMER env var.
`detectionId`	Yes	Detection type the rule targets, e.g. 'New-Outbound-Network-Call'. This becomes the rule's `id` field.
`name`	Yes	Short human-readable rule name
`description`	No	Longer rationale for the rule
`conditions`	Yes	Match conditions. owner/repo/workflow/job are auto-filled with '*' if omitted. Include type-specific keys (endpoint, ip_address, process, host, file, file_path, secret_type, action) as needed.
`confirm`	Yes	Set to true to actually execute the write. Any other value (including omitted) returns an error — this is a safety check so the LLM cannot write without explicit user approval.

Tool Definition Quality

A4.4/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description fully discloses write nature, confirm requirement, retroactive suppression of past detections, synchronous server-side processing, verification of moved detections, and hardcoded severity action. Lacks mention of idempotency or error states, but is otherwise thorough.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Five sentences, front-loaded, every sentence adds essential guidance. No redundant or extraneous information. Highly efficient.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (6 params, nested conditions) and no output schema, the description covers prerequisites, behavior, and hardcoded settings. However, it does not specify what the tool returns upon success (e.g., created rule details or confirmation message), which would help an agent understand the response.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with each parameter already described. The description adds value by noting that conditions auto-fill owner/repo/workflow/job with '*' and including type-specific keys, and explaining the confirm safety check. This is modest extra context, meeting the baseline for high coverage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Description clearly states 'Create a suppression rule' with a specific verb and resource, distinguishing it from sibling tools like preview, delete, update, list, and get. It also emphasizes this is a WRITE OPERATION.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly instructs to call preview_suppression_rule first with same conditions and show the user the expected impact. Also warns about read-only API keys and the need for confirm: true, leaving no ambiguity about prerequisites and execution conditions.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/step-security/stepsecurity-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server