-
Notifications
You must be signed in to change notification settings - Fork 1
Tool Governance
Krishna Kishor Tirupati edited this page May 13, 2026
·
1 revision
Tool governance checks agent or MCP-style connector actions before execution.
It can govern:
- connector name
- action name
- user role
- action risk
- side effects
- approval requirements
- rate/budget limits
from policyaware import ToolPolicyEngine, ToolRegistry
from policyaware.models import ToolCallRequest| API | Type | What It Does |
|---|---|---|
ToolPolicyEngine.from_file(path) |
class method | Loads MCP/tool governance YAML. |
engine.decide(tool_call) |
method | Evaluates connector/action access before the tool is executed. |
ToolRegistry(...) |
class | Stores known tools/connectors for governance use. |
ToolCallRequest(...) |
model | Standard tool-call request object. |
policyaware tools check <file> |
CLI | Tests tool governance policy from the command line. |
| Field | Type | Meaning |
|---|---|---|
agent_id |
str |
Agent or application requesting the tool call. |
connector_id |
str |
Connector name, such as github, jira, or salesforce. |
action |
str |
Action name, such as read_file, create_pr, or delete_branch. |
arguments |
dict |
Tool arguments that may be inspected or audited. |
tenant |
str |
Tenant boundary for the tool call. |
user |
dict |
User identity and role. |
context |
dict |
Extra risk, region, domain, or workflow metadata. |
call_id |
str |
Generated tool-call ID unless supplied. |
| Field | Type | Meaning |
|---|---|---|
decision |
Decision |
Final result: allow, deny, conditional_allow, or require_approval. |
connector_id |
str |
Connector that was evaluated. |
action |
str |
Action that was evaluated. |
reason |
str |
Human-readable decision reason. |
reason_codes |
list[str] |
Machine-readable reason codes. |
matched_rules |
list[str] |
Connector/action rules that matched. |
limits |
dict |
Budget or rate-limit metadata when configured. |
approval_required |
bool |
True when the action needs human approval. |
id: mcp_tool_governance
schema_version: "0.2"
default: deny
connectors:
- id: github
type: mcp
risk: medium
actions:
read_file:
effect: allow
risk: low
side_effect: none
when:
user.role_in: ["developer", "security_engineer"]
create_pr:
effect: require_approval
risk: high
side_effect: write
when:
user.role_in: ["developer", "maintainer"]
delete_branch:
effect: deny
risk: critical
side_effect: deletefrom policyaware import ToolPolicyEngine
from policyaware.models import ToolCallRequest
engine = ToolPolicyEngine.from_file("examples/policies/tool-governance.yaml")
decision = engine.decide(
ToolCallRequest(
agent_id="code_assistant",
connector_id="github",
action="create_pr",
user={"id": "dev1", "role": "developer"},
)
)
print(decision.decision.value)
print(decision.reason_codes)
print(decision.approval_required)policyaware tools check examples/policies/tool-governance.yaml \
--agent code_assistant \
--connector github \
--action create_pr \
--role developer- Home
- Capabilities
- Copy-Paste Examples
- Comparison
- SEO And Distribution
- Ready-To-Use YAML
- Data Protection
- Policy Enforcement
- Gateway Orchestration
- Risk Classification
- Model Routing and Providers
- Tool Governance
- Evaluation
- Audit and Observability
- ML-Assisted Signals
- Installation
- Quick Start
- Architecture
- CLI Reference
- ML Integrations
- Provider Adapter Examples
- YAML Policy Templates