zia_list_cloud_firewall_dns_rules

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already declare readOnlyHint=true, making the read-only nature redundant. The description adds value by mentioning JMESPath client-side filtering support, but lacks disclosure of other behaviors such as pagination, rate limits, or response format.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is highly concise with two sentences, front-loading the core purpose and read-only nature, then adding the key JMESPath feature. Every sentence earns its place without waste.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool lists DNS rules with optional search and query parameters, the description covers the basic functionality and JMESPath support. However, it omits expected context like whether results are paginated, the response structure, or how the search filter behaves. This is adequate but not comprehensive.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema already documents all parameters. The description only reiterates the JMESPath filtering capability from the schema, adding no new semantic meaning beyond what is already provided.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb 'List' and the resource 'ZIA cloud firewall DNS rules', and explicitly mentions it is read-only. This distinguishes it from sibling tools like 'zia_get_cloud_firewall_dns_rule' (single rule retrieval) and other list tools for different rule types.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies its primary use is listing DNS rules, but it does not explicitly guide when to use this tool versus alternatives like 'zia_list_cloud_firewall_rules' or the singular get tool. No when-not-to-use or exclusion criteria are provided.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.