Tool Call Access Control With Role Based Policies

via “tool-approval-and-security-model”

SRE Agent - CNCF Sandbox Project

Unique: Implements a fine-grained tool approval model that supports multiple approval modes (auto-approve, require-approval, deny) and integrates with Kubernetes RBAC for policy enforcement. Supports dry-run mode for previewing tool effects and maintains audit logs for compliance, enabling secure agent deployment in enterprise environments.

vs others: Provides tighter security integration than generic agent frameworks by embedding RBAC-aware tool approval and audit logging directly into the tool execution pipeline, enabling enterprise-grade security without external policy engines.