check_authorization

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It explains the return value (decision, reason, policy) and implies a pure read/check operation with no side effects. While it does not mention error cases or rate limits, it provides sufficient transparency for typical use.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured and front-loaded with the main purpose. Each sentence adds value, though it is slightly longer than necessary. No fluff, but could be marginally more concise.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the absence of an output schema, the description adequately explains the return values. It covers both usage modes, clarifies optional vs required parameters, and provides enough context for the agent to use the tool correctly in various scenarios.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with detailed descriptions for all 7 parameters. The description adds meaningful context beyond the schema by explaining the difference between type-level and instance-level checks, recommending external_id over UUID, and clarifying mutual exclusivity of ID fields.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Ask Vengtoo whether a subject can perform an action on a resource.' It specifies the return value (decision, reason, policy) and distinguishes itself from sibling tools like assign_policy, create_resource, etc., which serve different functions.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides explicit guidance on when to use external_id vs UUID, preferring external_id in production. It also clearly explains two usage modes: type-level checks (omit resource_id/external_id) and instance-level checks (set resource_id or resource_external_id). This helps the agent decide how to invoke the tool correctly.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.