safety medium complexity mvp
Tool Permission
Tool permission defines what an AI system is allowed to call, with what arguments, and under which user or system authority.
Decision
Design tool permissions before giving an agent or tool-calling flow access to important actions.
Use when
- Tool-using agents
- MCP servers
- Product actions with side effects
- Multi-tenant AI applications
Avoid when
- Replacing validation
- Hiding broad API access
- Pure text generation
- One-off demos without external actions
Why tool permission matters
Tool permission is the difference between a model asking for help and a model being able to damage data. It defines which tools are available, which arguments are valid, and which actions require human review.
Permissions should live in application logic, not in the prompt alone.
What to decide
Decide:
- which tools the model can see
- which users can authorize each tool
- which arguments need validation
- which actions require confirmation
- how failures and denied actions are logged
Common mistakes
- Giving one broad tool instead of narrow tools.
- Trusting model-generated arguments.
- Forgetting tenant, role, and record-level permissions.
- Adding guardrails after broad access is already exposed.
Next decision
Before adding MCP or agent autonomy, define the permission boundary. Tool access should expand only after evaluation shows the flow is reliable.