# Tool authority risk review brief

## Tool action under review

Describe the tool, action, data access, side effect, credential scope, user roles, and business reason for AI access.

## Control assessment

Verify least privilege, dry-run behavior, idempotency, approval policy, audit event, rate limit, error handling, and rollback path. Identify which control is missing or untested.

## Decision

Approve, limit, escalate, or block the action. High-impact writes require owner approval, monitoring, rollback evidence, and post-launch review.