Agent Tool Governance
Agent tool governance is the control plane for AI systems that can act in external tools. It decides which tools are visible, which credentials may be used, which user or service identity is represented, which policies apply, when approval is required, and how every action is audited.
Core Questions
- Which tools can this agent see?
- Which tenant, workspace, team, and user does the tool call belong to?
- Which credential or delegated token will be used?
- Which policy allowed or denied the action?
- Does this action require human approval?
- What exactly changed in the external system?
- How can the change be reversed or remediated?
Reference Patterns
- MCP provides tool schemas and invocation protocol.
- Arcade and Composio show managed auth/tool-router patterns.
- OpenFGA models relationship-based authorization.
- OPA and Cedar model policy-as-code decisions.
- E2B shows sandboxing for code/tool execution.
Why It Matters for Init Intelligence
In AI ITSM, tool calls touch privileged systems: identity providers, MDM, HRIS, SaaS admin consoles, ticketing, cloud, and compliance tools. A serious product needs a tool gateway where every action is constrained, reviewable, and traceable.