Tool Permissions
Understand tool permission types — allow, deny, and escalate.
ToolPermission
type ToolPermission = 'allow' | 'deny' | 'escalate';| Permission | Behavior |
|---|---|
allow | Tool executes normally |
deny | Tool call is blocked, error returned to LLM |
escalate | Run pauses for human approval |
PolicyCheckResult
When the framework checks a tool call:
interface PolicyCheckResult {
allowed: boolean;
decision: ToolPermission | 'escalated';
reason?: string;
}Per-Run Call Limits
Limit how many times a tool can be called in a single run:
policy: {
tools: [
{
pattern: 'send-email',
permission: 'allow',
maxCallsPerRun: 5, // Max 5 emails per run
},
],
},When the limit is reached, subsequent calls are denied.
Checking Tool Permissions Directly
import { AutonomyPolicy } from '@ahzan-agentforge/core';
const policy = new AutonomyPolicy(policyConfig);
const result = policy.checkTool('delete-user');
// { allowed: false, decision: 'escalate', reason: 'Destructive action' }
policy.recordToolCall('send-email'); // Track call countNext Steps
- Escalation — handling escalation requests
- Budget — cost-based governance