Skip to content

MCP and Tool Governance

Krishna Kishor Tirupati edited this page May 11, 2026 · 1 revision

MCP And Tool Governance

PolicyAware can govern agent tool calls before execution. This is useful for MCP-style tool protocols, internal connectors, SaaS APIs, database actions, code assistants, and workflow automation.

Governance Model

flowchart TD
    A["Agent request"] --> B["Tool call request"]
    B --> C["Tool registry"]
    C --> D["Tool policy engine"]
    D -->|deny| E["Block tool call"]
    D -->|approval required| F["Approval workflow"]
    D -->|allow| G["Execute connector action"]
    E --> H["Tool audit log"]
    F --> H
    G --> H
Loading

Tool Policy Example

id: enterprise_tool_governance
default: deny

tools:
  - connector_id: github
    actions:
      - name: read_repo
        roles: ["developer", "security_reviewer"]
      - name: create_pr
        roles: ["developer"]
        approval_required: false
      - name: delete_repo
        roles: ["admin"]
        approval_required: true

rules:
  - name: deny_destructive_for_non_admin
    effect: deny
    when:
      connector_id: github
      action_in: ["delete_repo", "delete_branch"]
      user.role_not_in: ["admin"]

  - name: require_approval_for_writes
    effect: require_approval
    when:
      action_in: ["delete_repo", "delete_branch", "write_file"]

Check A Tool Call

policyaware tools check examples/policies/tool-governance.yaml \
  --agent code_assistant \
  --connector github \
  --action create_pr \
  --role developer

Python Example

from policyaware.models import ToolCallRequest
from policyaware.tools import ToolPolicyEngine

engine = ToolPolicyEngine.from_file("examples/policies/tool-governance.yaml")

decision = engine.decide(
    ToolCallRequest(
        agent_id="code_assistant",
        connector_id="github",
        action="create_pr",
        tenant="acme",
        user={"id": "dev_1", "role": "developer"},
        arguments={"repo": "acme/api", "branch": "feature/policyaware"},
    )
)

print(decision.decision)
print(decision.reason_codes)
print(decision.approval_required)

Recommended Tool Controls

  • Register every connector and action.
  • Treat writes, deletes, external sends, payments, and production changes as high risk.
  • Require approval for destructive or regulated actions.
  • Log every tool call decision.
  • Use rate limits and budgets for autonomous agents.
  • Keep tool policies separate from prompt policies so security reviewers can reason about both clearly.

Clone this wiki locally