← Policy gallery

tool_calls_allowlisted

agentic-governance safety pure_temporal agentic-aigovernancefix-ai-wgcapabilityrag-redtier-2-4

Every tool/capability invocation must lie within the certified allowlist for the agent's tier.

Formula

G(ToolCall → in_allowlist)

Why it matters

Szpruch capability control: a tool call outside all approved lists is a Red halt. Tier 2 governance enforces the allowlist as policy-as-code, not prompt guidance.

Examples

passes ToolCall with in_allowlist

fails ToolCall to a capability outside the certified allowlist

Use it

ponens policies add tool_calls_allowlisted --into ./trace.json
ponens trace check ./trace.json