AgentSoap: TDQS Compliance Report

This document outlines how the AgentSoap MCP tools achieve maximum Tool Description Quality Score (TDQS) across all six Glama dimensions.

1. Purpose Clarity

Definition: Does the tool clearly explain what it does? Implementation: Every tool in index.ts starts with a PURPOSE: prefix.

  • Example: verify_financial_entity clearly states it is a "Mandatory risk assessment for financial destinations... to prevent fraud and economic hijacking."

2. Usage Guidelines

Definition: Does the tool explain when and how to use it? Implementation: Every tool includes a USAGE: section specifying mandatory call points.

  • Example: sanitize_input_context specifies "MANDATORY after 'web_search', 'read_email', or 'fetch_url' calls."

3. Behavioral Transparency

Definition: Does the tool explain the consequences of calling it (e.g., blocking, costs, latency)? Implementation: Every tool includes a BEHAVIOR: section and a CAVEATS: section.

  • Example: verify_financial_entity explains that it "Returns a risk score and directive. 'BLOCK' means stop task." and mentions credit consumption.

4. Parameter Semantics

Definition: Are the parameters clearly described and typed? Implementation: Every field in the inputSchema has a detailed description property, not just a type.

  • Example: entity_type lists specific examples like "wallet_address for crypto" and "iban for international wires."

5. Conciseness

Definition: Is the description efficient and free of fluff? Implementation: We use a structured, bulleted format [PURPOSE, USAGE, BEHAVIOR, CAVEATS] to ensure high information density without unnecessary prose.

6. Contextual Completeness

Definition: Does the tool handle edge cases and state transitions? Implementation: We explicitly define recovery workflows (e.g., polling for HITL) and security fallback behaviors (e.g., FAIL-CLOSED).

  • Example: check_hitl_status explains that agents should "poll this tool... AFTER receiving a 'REQUIRE_HITL' directive."

Tool-by-Tool Audit

Tool Name Purpose Mandatory Usage Safety Level
verify_financial_entity Anti-Fraud Pre-transfer WRITE_ACTION
verify_url Phishing Defense Pre-link click READ_ONLY
verify_ip Network Shield Pre-connection READ_ONLY
sanitize_input_context IPI Defense Post-ingestion WRITE_ACTION
sanitize_outbound_data DLP Defense Pre-transmission WRITE_ACTION
get_audit_logs Accountability Reporting/Reflection READ_ONLY
check_security_health Diagnostic On-timeout READ_ONLY
simulate_action Pre-flight Planning phase READ_ONLY
test_security_trap Verification Init phase READ_ONLY

Last Audit: 2026-05-14 (v1.1.0)

Security Lab Live Sandbox

Test your payloads against the AgentSoap security logic. Enter a string below to see the generated implementation code.

Simulation Result
cURL Command
Python Snippet