ip_ban_set

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Without annotations, the description carries the behavioral disclosure burden. It explicitly states mutation of live traffic rules and requires user confirmation. It also mentions the return format ('applied/failed split'). However, it lacks details on idempotency or permissions.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

Three sentences efficiently cover purpose, input types, return format, and a critical safety warning. No redundancy; each sentence serves a distinct purpose.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (7 parameters, no output schema), the description adequately covers the core functionality, input alternatives, and mutation warning. Missing are parameter precedence rules and the effect of the 'region' parameter, but it remains functional for selection.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, but the description adds value by explaining how 'site' resolves the WebACL, the return split, and the relationship between parameters (e.g., ip_address vs ip_addresses). This goes beyond the schema descriptions.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the function: ban/unban IPs via named config or site's WebACL. It uses specific verbs and resources, but does not explicitly differentiate from the sibling tool 'block_ip'.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage (ban/unban IPs via config or site) and includes a user confirmation warning, but no explicit guidance on when to use this tool versus alternatives like 'block_ip' or 'waf_rate_rule_set'.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.