Tool scope creep
Tool scope creep defined for AI agent teams building runtime authorization, approval, and audit controls.
Page audit
- Cited source ledger with May 27, 2026 access dates.
- Action-time policy, approval, and evidence model.
- Primary conversion path points to a demo; developer pages also point to install.
The gradual expansion of an agent's available tools or arguments beyond the task it was meant to perform.
Why it matters
Agent systems fail differently from traditional apps because the next action may be generated from context, tools, and goal state. The control has to sit where the action becomes executable.
| Term | Operational test |
|---|---|
| Tool scope creep | Can an engineer point to the exact runtime boundary where this concept is enforced? |
| Decision record | Can a reviewer reconstruct who or what attempted the action and why it was allowed? |
| Approval path | Can the right reviewer stop the side effect before it happens? |
Practical example
A support agent may have the capability to refund an order. It only has authority when policy allows that amount, customer, reason, and actor at this moment.
Sources
FAQ
What should a team authorize before tool scope creep?⌄
Authorize the exact tool name, arguments, actor, tenant, environment, and review requirement before the side effect reaches the upstream system.
Why not rely on prompts for this?⌄
Prompts guide model behavior, but they do not reliably stop a tool dispatch. Runtime authorization sits after the model proposes an action and before the tool executes.
What evidence should the page produce?⌄
Keep a decision record with the actor, tool, arguments summary, policy version, verdict, reviewer when required, timestamp, and source system context.
Related paths
Govern the next agent action