tool_policy

Fail-closed control over which tools the agent can call.

What it mitigates

Undocumented tool invocation
Tool surface expansion without review
Privilege drift across environments

Recommended defaults

Profile	default
`local`	`deny`
`standard`	`deny`
`unbounded`	`allow` (monitor carefully)

Minimal config

moduleConfig:
  tool_policy:
    default: deny
    # rules:
    #   Add explicit allow/deny entries per tool used by your orchestrator.
    #   You can also attach egress bindings per tool.

Egress binding example:

moduleConfig:
  tool_policy:
    default: deny
    rules:
      - tool: "SlackSend"
        action: allow
        egress:
          allowedDomains:
            - "api.slack.com"

Practical rollout

Start with default: deny.
Run real workflows and collect denied tool names from audit.
Add explicit allow rules only for required tools.
Add per-tool egress bindings for networked tools.
Re-run npx agentradius pentest after every policy change.

command_guard
fs_guard
audit

tool_policy

What it mitigates

Recommended defaults

Minimal config

Practical rollout

Related modules