Skip to main content

Tool Execution Governance

Tool execution governance defines what happens after a tool is visible at runtime. A visible tool still follows tenant context, scope, input validation, risk level, review gate, and audit rules before a result or action is accepted.

Use this page when designing the call path for an Agent workflow, reviewing a blocked tool call, or deciding how confirmations and approvals should be recorded.

Execution flow

Execution outcomes

OutcomeWhat it meansUser-facing handling
Allowed resultThe tool can return read-only evidence or reviewed analysis.Show sources, assumptions, and unresolved gaps.
Confirmation requiredThe tool prepares a draft or reversible follow-up that needs user confirmation.Show the draft, evidence, and confirmation choice.
Awaiting approvalThe tool affects an operating task, record, or connected system and needs a named reviewer.Route the request to the reviewer and record pending state.
BlockedScope, input, data, tenant boundary, review policy, or guardrail checks stopped the call.Return the reason, preserve evidence, and avoid partial action.
Recorded no-opThe workflow decides no action is needed after review.Record the decision and the evidence used.

Each outcome should be visible in the run record. A blocked or pending outcome is still useful because it explains what must be fixed before the workflow can continue.

Tool types

Tool typeTypical examplesGovernance expectation
Read-only lookupAsset context, document retrieval, status summary, source record lookup.Return evidence with timestamps and source references.
Analysis or computeHealth score, anomaly explanation, simulation comparison, optimization result.Record assumptions, input boundaries, result summary, and reviewer notes.
Draft generatorWork request draft, inspection note, scenario package, validation note.Keep the draft separate from an accepted record until confirmation or review.
Action-capable toolWork-order dispatch, task assignment, controlled update, external-system handoff.Require the planned confirmation, approval, policy, and audit path.

Use Risk Governance and Safety to align tool type with risk level and review gate.

Before calling a tool

Confirm these items before the workflow calls a tool:

  1. The tool appears in runtime discovery for the current client.
  2. The endpoint and scopes match the workflow boundary.
  3. The user or agent has the intended tenant, site, asset, scene, or record context.
  4. Required input fields and controlled options are present.
  5. Source data, documents, scenes, or operating records are fresh enough for the task.
  6. The workflow states whether the result is evidence, analysis, draft, or action.
  7. The review owner and audit location are known.

Use Runtime Tool Discovery before finalizing prompts or automation.

Confirmation and approval

Confirmation and approval should be designed before action-capable tools are used.

PathUse whenRecord
User confirmationA draft or reversible follow-up is ready for the user to accept.User, draft content, confirmation time, and scope used.
Reviewer approvalThe result affects a work order, inspection task, operating record, or connected system.Reviewer, decision, reason, final record, and timestamp.
Policy-controlled reviewThe action is governed by customer operating policy or change-control rules.Policy owner, rule applied, approval evidence, and audit record.
Blocked pathRequired data, scope, input, tenant boundary, or approval is missing.Blocked reason, missing requirement, and next owner.

Use Workflow Run Record to keep the outcome traceable.

Idempotency and repeated requests

For action-capable workflows, repeated requests should preserve the same operating decision whenever the request represents the same action attempt.

Customer-facing expectations:

  • repeated submit or retry should preserve a single work order or task for the same action attempt;
  • users should see whether the previous result was accepted, pending, blocked, or rejected;
  • retries should preserve the original evidence and approval context where possible;
  • changed inputs should create a new reviewable action attempt;
  • the final run record should explain whether a retry reused a prior decision or produced a new one.

Audit requirements

Every accepted, pending, or blocked tool outcome should leave enough evidence for later review.

Audit fieldWhy it matters
Client and tenant contextShows which environment and access path produced the result.
Visible tool setShows what the client could use at the time.
Tool name and purposeExplains which capability produced the output.
Input summaryCaptures boundary, parameters, source records, and assumptions.
OutcomeRecords allowed, confirmed, pending approval, blocked, rejected, or no action.
Reviewer decisionCaptures who accepted, revised, approved, or rejected the output.
Final record linkConnects the Agent run to work order, inspection, scenario, validation, or feedback records.

Troubleshooting execution

SymptomLikely causeResponse
Tool was visible but call failedScope, input, tenant context, or review gate blocked execution.Check access package, input requirements, and risk gate.
Draft awaits acceptanceConfirmation or reviewer approval is still pending.Record pending state and route to the owner.
Action remains pausedPolicy, approval, guardrail, or missing data stopped the action path.Return blocked reason and preserve evidence.
Duplicate result appears likelyA retry may represent the same action attempt.Check prior run record before creating a new operating record.
Tool output lacks sourcesSource data or evidence requirements are incomplete.Run data readiness review before accepting the answer.

Use MCP Errors and Audit for endpoint, scope, and failure triage.

NeedUse
Confirm visible toolsRuntime Tool Discovery
Plan endpoint and scopeAccess and Scope Planning
Define review gatesRisk Governance and Safety
Capture evidenceWorkflow Run Record
Diagnose tool failuresMCP Errors and Audit