The operator governs every tool and MCP call.
Instead of logging the model call and missing the tool it triggered, the operator runs both under one policy: in-scope calls go through, out-of-scope calls are blocked, and every one chains into a receipt you can verify.
Agents do more than call models. The operator governs all of it.
Instead of gating model calls and waving the tools through, the operator runs tool and MCP calls on the same control plane. It binds each call to the agent that made it, checks it against the policies that apply, and writes a chained receipt — so the non-model actions an agent takes are governed and provable too.
That closes the gap where the model call is logged but the tool it triggered — a database write, an API call, an MCP action — is not. The operator chains the whole sequence together.
- Tools and MCP, governed. The operator gates tool calls with the same policy engine it gates model calls with.
- Identity-bound. The operator stamps each tool call with the agent identity that made it.
- Chained children. The operator chains tool receipts under the parent request, so you can reconstruct the full action.
The operator chains the whole action, not just the model call
Instead of proving the prompt and losing the action, the operator records the model call and the tool it triggers as receipts in one chain — so you can verify what the agent did, not just what it asked.
A real tool-call receipt the operator wrote
The operator records each tool invocation as a chained child receipt linked to its parent dispatch. Recompute the leaf yourself to confirm the tool action was recorded exactly as it ran, in the order it ran — the operator can't act without writing this.
This is the same client-side verification shipped on the Trust portal. SHA-256 runs via Web Crypto. No Agentics call.
- •Recompute leaf
- •Chain integrity
- •Fold Merkle proof
- •Anchor memo == root
SHA-256 runs in your browser via Web Crypto. No Agentics call.
Bind a tool, and the operator governs it
Instead of leaving tools unmanaged, you reference each tool and MCP server by handle; the operator governs them by the same rules it applies to providers.
{
"version": 2,
"strategy": { "mode": "single", "targets": [{ "provider": "anthropic" }] },
"tools": [
{ "kind": "mcp", "ref": "mcp://crm/readonly" },
{ "kind": "http", "ref": "tool://lookup-order" }
]
}
// the operator binds every tool call to an identity and chains it as a child receipt
Watch the operator govern tools and MCP servers
Instead of auditing tool calls after the fact, you supervise them live: the console lists every bound tool, its scopes, and the receipt the operator wrote for each call.
Tool Governance console
Every bound tool and MCP server with its granted scopes, and a chained log of each tool call the operator governed.
Open Tool Governance →