Lesson 465 of 1596
Tool Registries and Permissioned Toolsets
Teach students how an agent safely discovers tools, validates calls, and limits what any session may do.
Creators · Agentic AI · ~13 min read
What the local Hermes build teaches
This build lab focuses on the tool registry that turns raw capabilities into permissioned agent actions. The goal is not to copy a private machine setup. The goal is to learn the architecture pattern well enough to build a small, classroom-safe version.
Tools need names, schemas, descriptions, permission levels, validators, and runtime approval rules before a model can call them safely.
Compare the options
| Hermes pattern | Student build | Risk to handle |
|---|---|---|
| Name the boundary | a registry table for five tools with inputs, outputs, risk level, and approval behavior | giving the model direct access to broad filesystem, shell, payment, or messaging actions because the prompt says to be careful |
| Keep the interface small | Start with one happy path and one failure path | Avoid a demo that only works when everything is perfect |
| Make the system observable | Log decisions, status, and errors in plain language | Do not log private data or secrets |
Build the small version
- 1Draw or write a registry table for five tools with inputs, outputs, risk level, and approval behavior.
- 2Mark which parts are user-facing, which parts are internal, and which parts require approval.
- 3Choose one low-risk workflow and implement only that workflow first.
- 4Add one failure case before adding a second feature.
- 5Write a short operator note: what the agent may do, what it must ask about, and what it must never do.
A classroom-safe skeleton inspired by the local Hermes architecture scan.
tools: lesson_search: inputs: {query: string} risk: low approval: never send_email: inputs: {to: email, subject: string, body: string} risk: medium approval: draft_then_confirm run_shell: inputs: {command: string} risk: high approval: explicit_human_onlyKey terms in this lesson
The big idea: allowlist is not decoration. It is part of the product architecture students need before an agent becomes safe enough to use with real people.
End-of-lesson quiz
Check what stuck
8 questions · Score saves to your progress.
Tutor
Curious about “Tool Registries and Permissioned Toolsets”?
Ask anything about this lesson. I’ll answer using just what you’re reading — short, friendly, grounded.
Progress saved locally in this browser. Sign in to sync across devices.
Related lessons
Keep going
Creators · 11 min
Building Your First Agentic Workflow
Move past chatbots and build a workflow where AI takes multi-step actions on your behalf. Here's the safe-by-default beginner pattern.
Creators · 11 min
Validating AI agent output against a Zod or Pydantic schema
Treat the LLM's response as untrusted input and parse it through a schema before it touches your system.
Creators · 11 min
AI and agent tool allowlist design
Design the tool allowlist for a coding agent so it can do the job without scope creep.