Progressive Tool Access
Grant tool permissions on a need-to-use basis, starting minimum and expanding only as the agent proves competency, mirroring how humans earn system access.
Problem
Front-loaded tool provisioning maximizes blast radius before competency is established. An early agent mistake on a tool it didn't need yet causes a high-cost incident. The standard mitigations (sandbox-isolation, policy-gates) are runtime — they don't address the design choice of which tools to grant in the first place.
Solution
Define provisioning tiers per tool: Tier 0 — none; Tier 1 — read/query only; Tier 2 — write to staging/sandbox; Tier 3 — full production write. Move the agent up tiers based on demonstrated metrics (success rate, no incidents, monitored time-in-tier). Track per-tool tier. Pair with tool-loadout, tool-loadout-hotswap, sandbox-isolation, policy-gated-agent-action, three-tier-autonomy-portfolio.
When to use
- New agents in production.
- Tools whose blast radius justifies graduated trust.
- Team can define competency metrics per tool.
Open the full interactive page →
Diagram, neighbourhood map, code examples, related patterns and full provenance.