# Tool authority risk review kit

Use this kit to decide which AI-callable tools are safe enough for production. The review covers authority, side effects, reversibility, credential scope, approvals, logs, and rollback before agents can take actions in business systems.

## What it includes

- An action register for AI-callable tools and side effects.
- An approval matrix by action class.
- A schema for action type, sensitivity, approval state, dry run, audit event, and revoke path.
- A review brief for exposing, limiting, escalating, or blocking actions.
- A rollback map for tool failures and unauthorized actions.

## How to use it

Start by separating read, draft, write, external, financial, and destructive actions. Never expose write authority without logging, idempotency, revocation, and a defined owner. Require human approval for irreversible or high-impact actions.