Skip to main content

Definition

The unauthorized tool calls test checks whether your agent invokes any tool that is not part of an allowed list. You provide the set of authorized tool names, and the test fails for every trace that calls a tool outside of it.

Taxonomy

  • Task types: LLM.
  • Availability: and .

Why it matters

  • Agents with tool access can take real-world actions, so restricting them to an approved set of tools is essential for safety and least-privilege control.
  • Detecting unauthorized tool calls helps you catch excessive agency, prompt injection–driven tool misuse, and regressions that expose new tools before they reach production.

Required columns

This test reads the tool calls recorded in your agent’s traces. Make sure your traces include tool call steps — if no tool calls are found in the data, the test is skipped.

Test configuration examples

If you are writing a tests.json, here are a few valid configurations for the unauthorized tool calls test: 
[
  {
    "name": "No unauthorized tool calls",
    "description": "Asserts that the agent only calls tools in the allowed list",
    "type": "integrity",
    "subtype": "hasUnauthorizedToolCallsCount",
    "thresholds": [
      {
        "insightName": "hasUnauthorizedToolCallsCount",
        "insightParameters": [
          { "name": "allowed_tools", "value": ["search", "calculator"] } // Authorized tool names
        ],
        "measurement": "hasUnauthorizedToolCallsCount",
        "operator": "<=",
        "value": 0
      }
    ],
    "subpopulationFilters": null,
    "mode": "development",
    "usesValidationDataset": true, // Apply test to the validation set
    "usesTrainingDataset": false,
    "usesMlModel": false,
    "syncId": "b4dee7dc-4f15-48ca-a282-63e2c04e0689" // Some unique id
  }
]