Summary
Ship a permission and approval system for LLM/agentic tool use: restrict risky actions, require explicit approval or simulation/dry-run, and roll back if unsafe. Configurable at agent, tool, or workflow level.
Problem to solve
Execution of real-world actions (e.g., changing records, provisioning, sending messages) exposes production risk with agentic LLMs. Today, these behaviors are hard to restrict or preview safely.
Proposed solution
- Tool permission model/spans with allow, warn, require-approval, or block
- Dry-run/simulation mode for potentially risky tool calls/agent actions
- Approval workflow (UI or API)
- Rollback/undo for reversible actions
Alternatives considered
- Block at app-level manually
- Trust all tools equally; no workflow safety
Who benefits?
Priority / impact
- Critical for using agentic workflows in controlled/prod settings
- Enables broader adoption; competitive vs OSS toolkits
Additional context
Prior art: workflow automation approvals (cf. GitHub Actions protected steps); model guard patterns for agent toolchains.
Summary
Ship a permission and approval system for LLM/agentic tool use: restrict risky actions, require explicit approval or simulation/dry-run, and roll back if unsafe. Configurable at agent, tool, or workflow level.
Problem to solve
Execution of real-world actions (e.g., changing records, provisioning, sending messages) exposes production risk with agentic LLMs. Today, these behaviors are hard to restrict or preview safely.
Proposed solution
Alternatives considered
Who benefits?
Priority / impact
Additional context
Prior art: workflow automation approvals (cf. GitHub Actions protected steps); model guard patterns for agent toolchains.