Skip to main content
Glama
yantrix-ai

Yantrix MCP

by yantrix-ai
OverviewSchemaRelated ServersScoreDiscussions
JavaScript
Remote

check_compliance

Validate system architecture against compliance frameworks including PCI-DSS, HIPAA, GDPR, ISO27001, SOC2, and NIST to identify security gaps and ensure regulatory adherence.

Instructions

Check architecture against compliance framework (PCI-DSS, HIPAA, GDPR, ISO27001, SOC2, NIST). Cost: $0.015 USDC. Service: threatmodel.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
architectureYes
frameworkYes

Implementation Reference

  • src/index.ts:166-223 (handler)
    The `CallToolRequestSchema` request handler dynamically handles tool execution by looking up the tool name in a fetched registry and proxying the request to the tool's defined endpoint. The tool 'check_compliance' would be executed through this generic handler if present in the registry.
    server.setRequestHandler(CallToolRequestSchema, async (request) => {
  const { name, arguments: args } = request.params;

  let registry: Registry;
  try {
    registry = await fetchRegistry();
  } catch (error) {
    return {
      content: [
        {
          type: "text",
          text: JSON.stringify({ error: "Failed to fetch tool registry", detail: String(error) }),
        },
      ],
    };
  }

  const tool = registry.tools.find((t) => t.name === name);
  if (!tool) {
    return {
      content: [
        {
          type: "text",
          text: JSON.stringify({
            error: `Tool '${name}' not found`,
            available_tools: registry.tools.map((t) => t.name),
          }),
        },
      ],
    };
  }

  try {
    const result = await callTool(tool, args as Record<string, unknown>);
    return {
      content: [
        {
          type: "text",
          text: JSON.stringify(result, null, 2),
        },
      ],
    };
  } catch (error) {
    return {
      content: [
        {
          type: "text",
          text: JSON.stringify({
            error: "Tool call failed",
            tool: name,
            service: tool.service,
            detail: String(error),
          }),
        },
      ],
    };
  }
});

Tool Definition Quality

C2.7/5.0
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. It mentions cost and service provider, which adds some context about external dependencies and pricing. However, it doesn't describe what the tool actually does behaviorally (e.g., returns compliance violations, generates a report, requires authentication, has rate limits, or what 'check' entails operationally).

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized and front-loaded with the core purpose. The cost and service information is relevant but could be more integrated. Two sentences with minimal waste, though the second sentence feels somewhat tacked on rather than seamlessly structured.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given no annotations and no output schema, the description is incomplete for a tool with 2 parameters. It lacks details on what the tool returns (e.g., compliance score, violations list), behavioral expectations, error handling, or prerequisites. The cost/service info adds some context but doesn't compensate for missing operational and output details.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters2/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, so the description must compensate. It mentions 'architecture' and lists frameworks, which aligns with the two parameters, but doesn't explain what 'architecture' should contain (e.g., system design, configuration details) or the meaning of framework choices beyond listing them. No additional semantic context is provided beyond what's inferable from parameter names.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Check architecture against compliance framework' with specific frameworks listed (PCI-DSS, HIPAA, GDPR, ISO27001, SOC2, NIST). It uses a specific verb ('Check') and resource ('architecture'), but doesn't differentiate from sibling tools since none appear to be compliance-related alternatives.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It mentions cost and service provider ('Cost: $0.015 USDC. Service: threatmodel.'), but this doesn't help an agent decide between this and other compliance or analysis tools. No explicit when/when-not instructions or sibling comparisons are included.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/yantrix-ai/yantrix-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server