zia_list_sandbox_rules

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already declare readOnlyHint=true, so the description's explicit 'read-only' is consistent. Beyond that, it discloses support for JMESPath client-side filtering, which is a useful behavioral trait. No contradictions; additional details about pagination or return format are not provided but are not critical for a list operation.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

Two sentences, concise and front-loaded. The first sentence gives the primary action, the second adds a key capability. No extraneous information.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the high schema coverage and annotations, the description is sufficient for an agent to understand the tool's basic operation. It could mention the optional 'search' parameter behavior, but the schema covers it. The lack of an output schema is mitigated by the nature of a list operation.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, so each parameter has a description. The description adds value by highlighting that the 'query' parameter supports JMESPath filtering, but repeats the schema's point. It does not clarify the 'search' or 'service' parameters beyond what schema already states.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states it lists ZIA Sandbox rules, which is specific and distinguishes this tool from other list tools for different rule types (e.g., Cloud Firewall, URL filtering). The read-only nature is also mentioned, reinforcing its purpose.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description notes JMESPath client-side filtering, which guides usage of the query parameter. However, it does not explicitly state when to use this tool versus alternatives (e.g., zia_get_sandbox_rule for individual rules) or when not to use it. No exclusion criteria are provided.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.