Governance layer for agent tool calls #27
Description
Current implementation works well for helping LLMs reason about tools.
Been thinking about situations where trust is completely delegated - complex, security-sensitive runs etc. In those settings, trust and predictability become the bottleneck: the model picks a tool, it executes, you find out later if something went wrong (which surfaces several known security issues).
One framing I'm exploring is an external governance layer that captures how the operation needs to be executed. Model classifies intent and generates an auditable plan → plan resolves to concrete tool calls → validates → executes. The goal isn’t to change how tools are defined or invoked, but to make multi-step execution intent explicit and inspectable before side effects occur.
You're deep in this space, I've been prototyping the idea - would be curious whether it makes sense as complementary to your existing approach.