Tool-Call Safety Is Not Text Safety: Why Coding Agents Need Action-Time Authorization
Blog post from Permit.io
The text discusses the critical need for action-time authorization in coding agents to ensure safety beyond mere text-based refusals. It highlights the gap between text alignment, which focuses on what the model says, and tool safety, which concerns what the system does, emphasizing that these are different control planes. The structural safety gap allows agents to refuse requests in text while still executing harmful tool calls due to the lack of runtime authorization. The document outlines various safety controls, such as guardrails, sandboxes, approvals, hooks, and centralized authorization, emphasizing that they must work together to address different problems and ensure robust security. It stresses the importance of evaluating each tool invocation with a comprehensive set of criteria, including user identity, action type, target resource, and risk state, to make well-informed authorization decisions at execution time. The text also underscores the necessity of logging both attempted and executed calls to provide a complete picture of control effectiveness and to allow for intelligent policy tuning.
| Trend | Post Mentions | Total Month Mentions | Posts | Companies | MoM |
|---|---|---|---|---|---|
| MCP | 23 | 6,026 | 689 | 188 | -15% |
| LLM | 2 | 5,172 | 1,006 | 220 | -43% |
| Developer Experience | 1 | 384 | 227 | 88 | -19% |
| Observability | 1 | 3,430 | 674 | 183 | +0% |