tool_policy
Fail-closed control over which tools the agent can call.
What it mitigates
- Undocumented tool invocation
- Tool surface expansion without review
- Privilege drift across environments
Recommended defaults
| Profile | default |
|---|---|
local | deny |
standard | deny |
unbounded | allow (monitor carefully) |
Minimal config
moduleConfig:
tool_policy:
default: deny
# rules:
# Add explicit allow/deny entries per tool used by your orchestrator.Practical rollout
- Start with
default: deny. - Run real workflows and collect denied tool names from audit.
- Add explicit allow rules only for required tools.
- Re-run
npx agentradius pentestafter every policy change.