Skip to main content
Brane governs AI agent tool calls by wrapping each tool as a capability and running policy before the tool executes. If a policy denies the attempted tool call, Brane raises CapabilityDeniedError and the original function does not run. This is the right boundary for production agents because most agent risk comes from what tools do, not only from what the model says.

Tool Calls Are Capabilities

In Brane, a tool is one kind of Capability:
The capability metadata gives policies enough context to make governance decisions.

Example: Require Approval Signal For A Destructive Tool

The tool does not execute unless the policy allows it.

Example: Tenant Isolation

This pattern protects tools that accept tenant IDs, customer IDs, account IDs, or other scope-bearing arguments.

Tool Governance Checklist

For every production tool, define:
  • Capability name
  • Capability type
  • Risk level
  • Owner
  • Tenant or data namespace
  • Required scopes
  • Before-capability policies
  • After-capability policies for output checks