Add OCSF mapping to parser

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

The description adds valuable context beyond annotations: it explains the tool's purpose in mapping and normalizing data, mentions guidance on OCSF class selection, and references a workflow in the response. Annotations cover idempotency (idempotentHint: true) and mutability (readOnlyHint: false), but the description doesn't contradict them and enhances understanding of the tool's behavior.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured and front-loaded with the core purpose, followed by bullet-point guidelines and a workflow note. Every sentence earns its place by providing essential information without redundancy, making it efficient and easy to parse.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (mapping and normalization tasks), lack of output schema, and partial parameter coverage, the description is mostly complete. It covers purpose, usage, and behavioral context but falls short on parameter details. It adequately supports agent understanding but could be improved with parameter explanations.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

With 50% schema description coverage (only 'sample' parameter has a description, 'ctx' lacks one), the description does not compensate by explaining parameters. It mentions 'sample log events' indirectly but adds no details on format or usage. Baseline is 3 as the schema provides partial coverage, but the description fails to fill gaps.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('Add OCSF mapping') and target resource ('to a TQL parsing pipeline'), distinguishing it from siblings like 'make_parser' (which creates parsers) or 'ocsf_get_class' (which retrieves OCSF class definitions). It precisely defines what the tool does without being tautological.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides explicit 'Use this tool when' guidelines with four specific scenarios, including when to use it (e.g., mapping security logs to OCSF standard, normalizing data) and implicitly when not to (e.g., for retrieving OCSF classes, which is covered by sibling tools like 'ocsf_get_class'). It offers clear context for selection.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.