Agent Network Best Practices
tool-must-define-allowed
general > tool-must-define-allowed
Guidance
This rule validates that every MCP tool configured in a broker specification includes a nonempty property that lists which tool functions are allowed to be used. The allowed list is a critical security control that implements the principle of least privilege. It limits brokers to the specific tool capabilities they need for their orchestration responsibilities. Without allowed lists, brokers can access all functions provided by an MCP server. This can lead to unauthorized actions, excessive permissions, and security risks where brokers invoke sensitive operations beyond their intended scope. This validation requires a deliberate, security-conscious tool configuration where each broker's permissions are declared and limited to necessary functions. The rule applies to broker tool configurations in Agent Network specifications. It maintains access control and security boundaries in agent orchestration workflows.
Message
Each broker tool must define a non-empty 'allowed' property specifying which tool functions are permitted. This ensures proper access control and prevents unauthorized tool usage.
Examples
valid
schemaVersion: 1.0.0
brokers:
customer-service-broker:
card:
protocolVersion: "0.3.0"
name: "Customer Service Broker"
description: "Coordinates customer service operations"
url: "https://customer-service-broker.example.com"
provider:
organization: "Example Corp"
url: "https://example.com"
defaultInputModes:
- "application/json"
defaultOutputModes:
- "application/json"
skills:
- id: "customer-service"
name: "Customer Service"
description: "Handles customer service operations"
tags: ["customer-service", "support"]
capabilities:
streaming: false
pushNotifications: false
stateTransitionHistory: false
extensions: []
version: "1.0.0"
spec:
llm:
ref:
name: my-openai
configuration:
model: "gpt-4"
instructions:
- "You are a helpful assistant that coordinates customer service operations"
maxNumberOfLoops: 25
maxConsecutiveErrors: 3
tools:
- mcp:
ref:
name: customer-service-mcp
allowed:
- CustomerServiceMcp.create_ticket
- CustomerServiceMcp.update_status
- CustomerServiceMcp.get_customer_info
links:
- agent:
ref:
name: external-agent
llmProviders:
my-openai:
metadata:
platform: OpenAI
models:
- "gpt-4"
invalid
schemaVersion: 1.0.0
brokers:
customer-service-broker:
card:
protocolVersion: "0.3.0"
name: "Customer Service Broker"
description: "Coordinates customer service operations"
url: "https://customer-service-broker.example.com"
provider:
organization: "Example Corp"
url: "https://example.com"
defaultInputModes:
- "application/json"
defaultOutputModes:
- "application/json"
skills:
- id: "customer-service"
name: "Customer Service"
description: "Handles customer service operations"
tags: ["customer-service", "support"]
capabilities:
streaming: false
pushNotifications: false
stateTransitionHistory: false
extensions: []
version: "1.0.0"
spec:
llm:
ref:
name: my-openai
configuration:
model: "gpt-4"
instructions:
- "You are a helpful assistant that coordinates customer service operations"
maxNumberOfLoops: 25
maxConsecutiveErrors: 3
tools:
- mcp:
ref:
name: customer-service-mcp
allowed: [] # Empty allowed array - this should fail validation
links:
- agent:
ref:
name: external-agent
llmProviders:
my-openai:
metadata:
platform: OpenAI
models:
- "gpt-4"
Applies to tools