Domain 2: Tool Design & MCP Integration

18% of Exam
Key exam principle: The exam favours low-effort, high-leverage fixes as first steps. Better tool descriptions before routing classifiers. Scoped access before full access. Community servers before custom builds.

2.1 Tool Interface Design

Tool descriptions are the PRIMARY mechanism LLMs use for tool selection. This is not supplementary. It is THE mechanism.

What a Good Tool Description Includes

ElementExample
Primary purpose"Retrieves order details including status, items, shipping, and payment info"
Expected inputs"Requires order_id (string, format: ORD-XXXXX) or customer_email"
Example queries"Use for: 'where is my order', 'order status', 'what did I buy'"
Edge cases"Returns partial data for cancelled orders. Does not include return history."
Boundaries"Use lookup_order for order queries. Use get_customer for account/profile queries."

The Misrouting Problem

# BAD: Minimal descriptions cause misrouting
tools = [
    {"name": "get_customer", "description": "Retrieves customer information"},
    {"name": "lookup_order", "description": "Retrieves order information"}
]

# GOOD: Expanded descriptions with explicit boundaries
tools = [
    {
        "name": "get_customer",
        "description": "Retrieves customer profile: name, email, address, "
                       "account status, preferences. Use for account-level queries. "
                       "Do NOT use for order status — use lookup_order instead."
    },
    {
        "name": "lookup_order",
        "description": "Retrieves order details: status, items, shipping tracking, "
                       "payment method. Requires order_id (ORD-XXXXX) or customer email. "
                       "Use for order-related queries. Do NOT use for account info."
    }
]

Exam trap: The fix is better descriptions, NOT:

Tool Splitting

Split generic tools into purpose-specific tools:

analyze_document → extract_data_points
                 → summarize_content
                 → verify_claim_against_source

System Prompt Interaction

Keyword-sensitive instructions in system prompts can create unintended tool associations that override well-written descriptions. Always review system prompts for conflicts after updating tool descriptions.

Practice Scenario

Scenario: An agent routes "check the status of order #12345" to get_customer instead of lookup_order. Both descriptions say "Retrieves [entity] information."

Options:

A) Add few-shot examples showing correct routing
B) Expand tool descriptions with explicit boundaries and example queries
C) Build a routing classifier to pre-select tools
D) Merge both tools into a single lookup tool

Correct: B. Low-effort, high-leverage. Fix the root cause (ambiguous descriptions) before adding complexity.

Check Questions

1. Two tools have overlapping descriptions. What is the first fix to try?

Expand descriptions with explicit boundaries ("use THIS tool for X, use THAT tool for Y").

2. After improving tool descriptions, misrouting persists for queries containing the word "account." Where do you look?

The system prompt. A keyword-sensitive instruction may be creating an unintended tool association.

2.2 Structured Error Responses

Error Categories

CategoryRetryable?ExampleAgent Action
TransientYesTimeout, service unavailableRetry with backoff
ValidationYes (with fixes)Invalid input format, missing fieldFix input, retry
BusinessNoRefund exceeds policy limitAlternative workflow or escalation
PermissionNoAccess deniedEscalation or different credentials

MCP isError Flag

{
  "isError": true,
  "content": [{
    "type": "text",
    "text": "{\"errorCategory\": \"business\", \"isRetryable\": false, \"description\": \"Refund of $750 exceeds the $500 automatic refund limit. Requires manager approval.\"}"
  }]
}

Access Failure vs Valid Empty Result

This distinction is critical. The exam tests it.

ScenarioWhat HappenedAgent Should
Access failureTool could not reach data source (timeout, auth error)Decide whether to retry
Valid empty resultTool successfully queried source, found no matchesNOT retry. "No results" IS the answer

Confusing these two breaks recovery logic.

Error Propagation in Multi-Agent Systems

Practice Scenario

Scenario: A tool returns an empty array after a customer lookup. The agent retries 3 times then escalates to a human. The actual issue: the customer's account does not exist.

Problem: Confusing a valid empty result with an access failure. The tool successfully queried the database — there simply is no matching account.

Fix: The tool should return structured metadata distinguishing "query succeeded, no results" from "query failed." The agent should treat empty results as a valid answer, not an error.

Check Questions

1. A tool returns {"results": [], "status": "success"}. Should the agent retry?

No. Status "success" with empty results means the query worked but found nothing. This is a valid empty result.

2. A refund request exceeds the automatic limit. What error category is this?

Business error. Not retryable. Requires an alternative workflow (manager approval or escalation).

2.3 Tool Distribution and tool_choice

Tool Overload Problem

Giving an agent 18 tools degrades selection reliability. Optimal: 4-5 tools per agent, scoped to its role.

tool_choice Configuration

SettingBehaviourUse Case
"auto"Model decides whether to call a tool or return textGeneral operation (default)
"any"MUST call a tool, chooses which oneGuaranteed structured output from one of multiple schemas
{"type": "tool", "name": "..."}MUST call this specific named toolForce mandatory first steps before enrichment

Scoped Cross-Role Tools

For high-frequency simple operations, give a constrained tool directly to the agent that needs it:

Synthesis agent gets: verify_fact (simple lookups only)
Complex verifications: route through coordinator

Result: 85% of verifications handled locally
         Eliminates 2-3 coordinator round trips per task
         40% latency reduction

The exam's Q9 tests this exact pattern.

Constrained Alternatives

Instead of giving a subagent fetch_url (can fetch anything), give it load_document that validates document URLs only.

Practice Scenario

Scenario: A synthesis agent frequently returns control to the coordinator for simple fact verification, adding 2-3 round trips per task and 40% latency. 85% of verifications are simple lookups.

Options:

A) Cache verification results in the coordinator
B) Give the synthesis agent a scoped verify_fact tool for simple lookups
C) Pre-compute all possible verifications before synthesis begins
D) Remove the verification step to reduce latency

Correct: B. A scoped tool handles the 85% simple case locally. Complex cases still route through the coordinator.

2.4 MCP Server Integration

Scoping Hierarchy

LevelFileVersion-ControlledShared
Project.mcp.jsonYesYes (team-wide)
User~/.claude.jsonNoNo (personal)

All tools from all configured servers are discovered at connection time and available simultaneously.

Environment Variable Expansion

// .mcp.json
{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_TOKEN": "${GITHUB_TOKEN}"
      }
    }
  }
}

Keeps credentials out of version control. Each developer sets their own tokens locally.

MCP Resources

Expose content catalogues (issue summaries, documentation hierarchies, database schemas) as MCP resources. Gives agents visibility into available data without requiring exploratory tool calls.

Build vs Use Decision

ScenarioDecision
Standard integration (Jira, GitHub, Slack)Use community MCP server
Team-specific workflow community servers cannot handleBuild custom server

Enhance MCP tool descriptions to prevent the agent from preferring built-in tools (like Grep) over more capable MCP tools.

2.5 Built-In Tools

Grep vs Glob

ToolSearchesUse For
GrepFile contentsFinding function callers, error messages, import statements
GlobFile pathsFinding files by extension (**/*.test.tsx), locating config files

The exam deliberately presents scenarios where using the wrong one wastes time.

Read / Write / Edit

ToolUse When
EditTargeted modifications using unique text matching. Fast, precise.
Read + WriteFallback when Edit fails (non-unique text matches). Load full file, write complete modified file.

Incremental Codebase Understanding

1. Grep → find entry points (function definitions, imports)
2. Read → follow imports and trace flows from entry points
3. Do NOT read all files upfront (context-budget killer)

Practice Scenario

Task: Find all files that call a deprecated function oldValidator() and locate their test files.

Correct sequence:

1. Grep for oldValidator — finds caller files
2. Glob for test files matching caller filenames (**/*.test.tsx)

Domain 2 Practice Exam

Q1. An agent consistently routes "what's my order status?" to get_customer instead of lookup_order. Both tools have one-line descriptions. What is the correct first step?

A) Add few-shot examples showing correct tool selection
B) Merge both tools into a single general lookup tool
C) Expand tool descriptions with explicit boundaries and example queries
D) Add a routing classifier that detects order-related queries

C — Low-effort, high-leverage. Fix descriptions before adding routing classifiers.

Q2. A tool description says "Retrieves information from the database." Two other tools have similar descriptions. What specific improvement would help?

A) Add a priority ranking to each tool
B) Remove the similar tools
C) Add retry logic for misrouted calls
D) Add the tool's primary purpose, expected inputs, example queries, and explicit boundaries vs similar tools

D — A complete description includes purpose, inputs, examples, and explicit boundaries.

Q3. A tool returns {"results": [], "query_status": "completed"} for a customer lookup. The agent retries 3 times. What is the bug?

A) The retry limit is too low
B) The tool should cache results to avoid repeated queries
C) The tool should return an error instead of empty results
D) The agent is confusing a valid empty result with an access failure

Dquery_status: "completed" means the query worked. Empty results is a valid answer, not an error.

Q4. A tool returns a timeout error. What error category is this, and what should the agent do?

A) Transient error; retry with backoff
B) Permission error; request new credentials
C) Business error; escalate to human
D) Validation error; fix the input

A — Timeouts are transient errors. Retry with backoff.

Q5. A synthesis agent has 15 tools available and frequently selects the wrong one. What is the primary fix?

A) Add a routing classifier
B) Increase the model's temperature
C) Reduce to 4-5 tools scoped to the synthesis role
D) Add few-shot examples for each tool

C — Tool overload degrades selection. Scope to role-appropriate tools.

Q6. A team needs GitHub integration. One developer proposes building a custom MCP server. What should happen first?

A) Use the built-in Bash tool to call the GitHub CLI directly
B) Build a minimal custom server as a prototype
C) Approve the custom build to ensure full control
D) Evaluate existing community MCP servers for GitHub

D — Community servers first. Only build custom for team-specific needs community servers cannot handle.

Q7. A developer needs to find all files importing a deprecated module and check if test files exist for each. What tool sequence is correct?

A) Read the package.json, then Glob for all files
B) Grep for all test files, then Read each one
C) Grep for the import statement, then Glob for matching test files
D) Glob for all .ts files, then Read each one

C — Grep searches contents (finds importers). Glob matches paths (finds test files).

Build Exercise

Build an MCP Server with Schema Validation and Error Handling

  1. Create an MCP server that exposes 3–4 tools with rich inputSchema definitions including required fields, enums, nested objects, and descriptive annotations. Verify the model selects the correct tool based solely on tool descriptions without system prompt guidance.
  2. Implement structured error responses in your MCP tools using is_error: true with categorised error payloads (errorCategory, isRetryable, human-readable message). Test that the agent retries transient errors but surfaces validation errors to the user.
  3. Add a tool that returns paginated results with a nextCursor field and verify the model makes follow-up calls to retrieve all pages without explicit prompting. Include a totalResults hint so the model can communicate progress.
  4. Configure the MCP server in .mcp.json using environment variable expansion (${ENV_VAR}) for credentials. Test that the server starts correctly and that secrets are not logged or exposed in error messages.
  5. Write tool descriptions for two tools with overlapping functionality (e.g., searchFiles vs findInProject) and iteratively refine descriptions until the model routes 90%+ of test queries to the intended tool. Document which description strategies reduced misrouting.

Domains reinforced: Domain 2 (Tool Design & MCP), Domain 1 (Agentic Architecture), Domain 5 (Context Management)

→ Try related coding exercises

Quick Reference Card

TOOL DESCRIPTIONS:
  Include: purpose, inputs, examples, edge cases, boundaries
  Fix misrouting with better descriptions FIRST
  Check system prompt for keyword conflicts

ERROR CATEGORIES:
  Transient  → retry         (timeout, unavailable)
  Validation → fix + retry   (bad input)
  Business   → alt workflow   (policy violation)
  Permission → escalate       (access denied)

  Access failure ≠ valid empty result

TOOL DISTRIBUTION:
  4-5 tools per agent, scoped to role
  tool_choice: auto / any / specific tool
  Scoped cross-role tools for high-frequency simple ops

MCP:
  .mcp.json = project (shared, version-controlled)
  ~/.claude.json = user (personal)
  Community servers before custom builds
  ${ENV_VAR} for credentials

BUILT-IN TOOLS:
  Grep = search contents
  Glob = match file paths
  Edit = targeted modification
  Read + Write = fallback when Edit fails