QAE-Claude-mcp-example

Overview Schema Related Servers Score Discussions

certify_action

Evaluate action safety across scope, reversibility, and sensitivity constraints using the QAE safety kernel. Returns certification decisions with detailed constraint analysis and cryptographic audit trails.

Instructions

Evaluate the safety of an action across multiple constraint dimensions.

This tool uses the QAE safety kernel to assess whether a proposed action is safe to execute. It returns a certificate with a decision (Certified, CertifiedWithWarning, EscalateToHuman, or Blocked) and detailed margins for each constraint dimension.

Args: action_id: Unique identifier for the action (e.g., "act_123") agent_id: Identifier of the agent proposing the action (e.g., "claude_v3") scope: Scope dimension [0, 1], where 0=narrow, 1=global reversibility: Reversibility dimension [0, 1], where 0=permanent, 1=easily reversible sensitivity: Sensitivity dimension [0, 1], where 0=low-impact, 1=high-impact description: Optional human-readable description of the action

Returns: Dictionary with keys: - decision: "Certified", "CertifiedWithWarning", "EscalateToHuman", or "Blocked" - zone: "Safe", "Caution", or "Danger" - margins: Dict of dimension -> margin value [0, 1] - binding_constraint: Name of most restrictive constraint (if any) - drift_budget: Remaining budget after this certification - certificate_id: Unique certificate identifier - deterministic_hash: SHA256 hash of the certificate - timestamp: ISO 8601 timestamp - description: Echo of input description (if provided)

Example: >>> certify_action( ... action_id="act_deploy_algo", ... agent_id="claude_sales", ... scope=0.7, ... reversibility=0.4, ... sensitivity=0.8, ... description="Deploy new recommendation algorithm to 10% of users" ... )

Input Schema

TableJSON Schema

Name	Required	Description	Default
`action_id`	Yes
`agent_id`	Yes
`scope`	Yes
`reversibility`	Yes
`sensitivity`	Yes
`description`	No

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Implementation Reference

src/qae_mcp_server/server.py:107-227 (handler)

The 'certify_action' function, decorated with @server.tool(), acts as the primary handler for certifying actions. It validates inputs, calls the 'SafetyCertifier', and constructs a response containing the certification results.

def certify_action(
    action_id: str,
    agent_id: str,
    scope: float,
    reversibility: float,
    sensitivity: float,
    description: Optional[str] = None,
) -> Dict[str, Any]:
    """
    Evaluate the safety of an action across multiple constraint dimensions.

    This tool uses the QAE safety kernel to assess whether a proposed action
    is safe to execute. It returns a certificate with a decision (Certified,
    CertifiedWithWarning, EscalateToHuman, or Blocked) and detailed margins
    for each constraint dimension.

    Args:
        action_id: Unique identifier for the action (e.g., "act_123")
        agent_id: Identifier of the agent proposing the action (e.g., "claude_v3")
        scope: Scope dimension [0, 1], where 0=narrow, 1=global
        reversibility: Reversibility dimension [0, 1], where 0=permanent, 1=easily reversible
        sensitivity: Sensitivity dimension [0, 1], where 0=low-impact, 1=high-impact
        description: Optional human-readable description of the action

    Returns:
        Dictionary with keys:
        - decision: "Certified", "CertifiedWithWarning", "EscalateToHuman", or "Blocked"
        - zone: "Safe", "Caution", or "Danger"
        - margins: Dict of dimension -> margin value [0, 1]
        - binding_constraint: Name of most restrictive constraint (if any)
        - drift_budget: Remaining budget after this certification
        - certificate_id: Unique certificate identifier
        - deterministic_hash: SHA256 hash of the certificate
        - timestamp: ISO 8601 timestamp
        - description: Echo of input description (if provided)

    Example:
        >>> certify_action(
        ...     action_id="act_deploy_algo",
        ...     agent_id="claude_sales",
        ...     scope=0.7,
        ...     reversibility=0.4,
        ...     sensitivity=0.8,
        ...     description="Deploy new recommendation algorithm to 10% of users"
        ... )
    """
    try:
        certifier = _get_certifier()

        # Validate input ranges
        for dim, val in [("scope", scope), ("reversibility", reversibility), ("sensitivity", sensitivity)]:
            if not (0.0 <= val <= 1.0):
                raise ValueError(f"{dim} must be in [0, 1], got {val}")

        # Create state deltas from dimension scores
        # These represent changes to the agent's state in each dimension
        state_deltas = [
            StateDelta(dimension="scope_score", from_value=0.0, to_value=scope),
            StateDelta(dimension="reversibility_score", from_value=1.0, to_value=reversibility),
            StateDelta(dimension="sensitivity_score", from_value=0.0, to_value=sensitivity),
        ]

        # Create and certify the action
        action = SimpleAction(
            action_id=action_id,
            agent_id=agent_id,
            state_deltas=state_deltas,
        )

        certificate = certifier.certify(action)

        # Build response
        response = {
            "decision": certificate.decision,
            "zone": certificate.zone,
            "margins": certificate.margins,
            "binding_constraint": certificate.binding_constraint,
            "drift_budget": certificate.drift_budget,
            "certificate_id": certificate.certificate_id,
            "deterministic_hash": certificate.deterministic_hash,
            "timestamp": datetime.now(timezone.utc).isoformat().replace("+00:00", "Z"),
        }

        if description:
            response["description"] = description

        # Log to certification history
        history_entry = {
            "certificate_id": certificate.certificate_id,
            "action_id": action_id,
            "agent_id": agent_id,
            "decision": certificate.decision,
            "zone": certificate.zone,
            "timestamp": response["timestamp"],
            "description": description,
        }
        _certification_history.append(history_entry)
        global _total_certifications
        _total_certifications += 1

        logger.info(
            f"Certified action {_sanitize_for_log(action_id)}: {certificate.decision} "
            f"(zone={certificate.zone}, cert_id={certificate.certificate_id})"
        )

        return response

    except ValueError as e:
        logger.error(f"Validation error in certify_action: {e}")
        return {
            "error": str(e),
            "action_id": action_id,
            "timestamp": datetime.now(timezone.utc).isoformat().replace("+00:00", "Z"),
        }
    except Exception as e:
        logger.error(f"Error in certify_action: {e}")
        return {
            "error": f"Certification failed: {str(e)}",
            "action_id": action_id,
            "timestamp": datetime.now(timezone.utc).isoformat().replace("+00:00", "Z"),
        }

Tool Definition Quality

A4.2/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure, successfully detailing the decision categories (Certified, CertifiedWithWarning, EscalateToHuman, Blocked), zone classifications, and constraint margin logic. It explains the 'drift_budget' return value implying budget consumption, though it could more explicitly state that this operation consumes budget or creates a persistent certificate record.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The docstring structure is logical and front-loaded with purpose, though the Returns section lists 9 output fields that likely duplicate the existing output schema (context signals indicate has_output_schema=true), creating minor redundancy. The example usage is valuable and appropriately placed at the end.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a high-complexity safety tool, the description provides robust coverage including parameter semantics, return structure, decision logic, and executable examples. Minor gaps remain regarding inter-tool workflow (e.g., whether to call `check_budget` first) and explicit mutation/side-effect statements.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Given the schema has 0% description coverage, the Args section provides comprehensive compensation by documenting all 6 parameters with semantic ranges (e.g., scope '[0, 1], where 0=narrow, 1=global') and illustrative examples (e.g., 'act_123', 'claude_v3'), fully clarifying the dimension scales and identifiers.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description opens with the specific verb 'Evaluate' and clear resource 'safety of an action', elaborating that it uses the 'QAE safety kernel' to assess proposed actions. It effectively distinguishes from siblings: unlike `check_budget` (resource checking) or `get_certification_history` (retrieval), this performs active multi-dimensional safety evaluation.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

While the phrase 'assess whether a proposed action is safe to execute' implies usage prior to action execution, there is no explicit guidance on when to use this versus `check_budget` (e.g., whether to check budget first) or how it relates to `get_certification_history`. The description lacks explicit 'when-not-to-use' or prerequisite guidance.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/tb8412/qae-claude-mcp-example'

If you have feedback or need assistance with the MCP directory API, please join our Discord server