Summary
A tool use policy defines the boundaries within which a model can invoke tools. It tells the model which tools are available, when they should be used, when they must not be used, and how to handle failures gracefully.
How it works
- Categorize tools -- group tools by sensitivity and purpose (e.g., read-only, write, admin).
- Set policies per category -- define rules for each group: always allowed, requires confirmation, blocked.
- Define error behaviors -- specify what the model should do on timeout, auth failure, rate limit, or not-found.
- Evaluate and enforce -- at runtime, check each tool call against the policy before executing.
Policy categories
- Always-allowed: Read-only queries, information retrieval, non-destructive operations.
- Approval-required: Actions that modify state, send messages, or incur cost.
- Context-dependent: Tools that should be used only when specific conditions are met.
- Blocked: Tools that are never available to the model regardless of the situation.
Failure handling
- Timeout: "The tool did not respond in time. Try a simpler approach or ask the user."
- Auth error: "You do not have permission to use this tool. Suggest an alternative."
- Rate limit: "This tool is rate-limited. Wait and retry, or use a different approach."
- Not found: "The requested resource was not found. Verify the parameters or query."